Ok, this is starting to piss me off. I have turned off anonymous FTP from WHM and have disabled it using CPanel for all my domains, yet it still continues to allow anonymous FTP users to log in. Not only that, but it's not placing them in the public_ftp folder, but is giving them access to other areas (although they can't alter anything and can't really see much). How to I stop anonymous FTP access completely?!?!?! Any ideas? Thanks.

same problem here...

Nobody knows how to completely stop anonymous FTP access?

You can add "anonymous" to /etc/ftpusers and they won't be able to ftp in. The ftpd should be configured to disallow it though.

There is no /etc/ftpusers

Is this proftpd?

Have you modified any configuration files with SSH or outside of cPanel?

If so, it's possible that something was changed so that cPanel can no longer control FTP access properly.

The control panel expects configuration files to be in a certain state, if they're changed outside of the control panel.. it may not know what to do and therefore stop working properly.

Yes, it is proftpd. I did modify the proftp.conf file, but only just a few minutes ago. Following the instructions from the proftpd website I removed all the <Anonymous> sections from the configuration file and restarted the ftp service. That had no effect. Anonymous users can still log in.

The next thing I tried is adding a blank "anonymous" file to the "proftpd" directory where there are files for each FTP username, but still no luck. In each username file there is a reference to anonymous logins that says "Anonymous NFS User:/var/lib/nfs:/sbin/nologin". No idea if that has anything to do with the problem.

cPanel doesn't allow you to delete the anonymous FTP user entry in the FTP manager. It's part of the "Main Account".

So what should I try next?

Here are some pretty detailed instructions on how to disable anonymous FTP access:

https://www.getsomesupport.com/manuals/cpanel/5.html#Removing%20Anonymous%20FTP%20access

If you have followed all of the instructions to disable anonymous FTP access and it is still allowing anonymous logins, then cPanel is definitely misbehaving. You can check if cPanel is modifying the /etc/proftpd.conf by looking for the following lines:

<Anonymous ~ftp>
<Limit LOGIN>
DenyAll
</Limit>
...

The <Limit> section is what disables the anonymous login. cPanel never removes the <Anonymous> section, it just adds those 3 lines. If these lines are missing, then you should probably have someone from support look at your server to see what is going on :)

The proftpd.conf file is getting modified correctly by cPanel, but it looks like proftpd is ignoring it. I went to a few other forums and it seems to be a semi-common problem, but I haven't found any solutions anywhere.

Anybody else have any suggestions?