According to a recent April 2026 report by security researcher Himaja Motheram at Censys, just under 6 million internet-facing hosts are still running the File Transfer Protocol (FTP).<\/a><\/p>\n While this marks a significant 40% decline from the 10.1 million servers observed in 2024, the presence of this decades-old protocol continues to pose an exposure risk due to widespread insecure default configurations.<\/p>\n The Censys report highlights that the dominant story of FTP exposure in 2026 is not purpose-built file transfer infrastructure, but rather an accumulation of platform defaults on shared hosting networks and broadband providers.<\/p>\n When it comes to securing these servers, the data reveals a mixed landscape. Censys found that roughly 58.9% of observed FTP hosts completed a Transport Layer Security (TLS) handshake<\/a>, meaning they support encrypted connections.<\/p>\n However, this leaves approximately 2.45 million hosts without observed evidence of encryption, potentially allowing them to transmit files and credentials in cleartext.<\/p>\n The lack of encryption adoption varies significantly by region. According to Censys data, mainland China and South Korea have the lowest TLS adoption rates among the top 10 hosting countries, at 17.9% and 14.5%, respectively.<\/p>\n Meanwhile, Japan accounts for 71% of all FTP servers globally that still rely on outdated, deprecated legacy encryption protocols<\/a> such as TLS 1.0 and 1.1.<\/p>\n The security posture of these 6 million servers is heavily influenced by the default settings of the software daemons running them.<\/p>\n Key technical observations from the Censys report include:<\/strong><\/p>\n While IIS defaults to a policy that appears to require encryption, it does not bind a security certificate upon a fresh installation. <\/p>\n Consequently, the server accepts cleartext credentials<\/a>, even though the configuration appears to enforce TLS.\n<\/li>\n Tens of thousands of FTP services run on alternate ports, such as 10397 or 2121, often tied to specific telecom operations or network-attached storage devices.<\/li>\n<\/ul>\n For enterprise defenders and infrastructure administrators, Censys strongly recommends evaluating<\/a> whether FTP is truly necessary before attempting to harden it.<\/p>\n Organizations should consider the following mitigation strategies:<\/strong><\/p>\n Ultimately, while the internet\u2019s reliance on FTP is slowly shrinking, millions of instances continue to run quietly in the background.<\/p>\n As Censys warns, the primary risk is not advanced zero-day attacks<\/a>, but the simple failure to update default configurations that leave systems unnecessarily exposed.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Nearly 6 Million Internet-Facing FTP Servers Still Exposed in 2026, Censys Warns<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nThe State of Encryption and Regional Risks<\/strong><\/h2>\n
![\"FileZilla](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhWc-bX8wtbk5jYfQ6cHUVgciSH4cHrtGVqK_BKuXTt2ioxECZ9sun64nr6JUsCYJ1106UQjEKLX460wfUXAYt9lgYvSTZBdASavVbcvypLenfXFwWM-BBDZG808wIvaZPBRj_L8ZYjVVZg31IywwcgPAPy0ybSq42TsX5HBTLGdGpROZnNgemqo273nZs\/s1600\/Screenshot%25202026-04-17%2520130236%2520%25281%2529.webp?ssl=1\")
\n
Mitigation and Hardening Strategies<\/strong><\/h2>\n
![\"2.35](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjsr3i2hlehPh3kVg8ltuT0bqF9Iq8kviM-3PcIlaycBjnO6gSRkdyPna1Oqu5AUG16DVkY80p5048Ruu-O59bkY9M268RCpGBKkTACaYnwI2CDU1L8-x36X93_nh-37Vv-sh6W1DB94fBiB3lNwMOcVi5a0SoMKtB1Xuv8jA37aMXt0vYPwmZD_SUowYA\/s1600\/Screenshot%25202026-04-17%2520130214%2520%25281%2529.webp?ssl=1\")
\n