Able to see other's folder in FTP

Hi all,

I'm a web designer, and I just found something disturbing thing while using FTP on a shared server for one of my clients. I was uploading an update, and accidentally hit the "up directory" too many times. I stumbled into the entire user list directory. From
there I was able to get into as many directories as I clicked on, and downloaded a few jpg's just to see if I could. I did not do anything else, nor enter folders that looked private. I thought it might be a fluke, so I disconnected, and followed the same steps. I could repeat the process above..I didn't try to upload, just because of the ethics involved. I have screen shots of each step, including the download process of another user's stuff (just jpgs).

Before I go ranting off to the hoster-- (who as far as I know does not frequent this message board, and it's not my hoster), who has, or at least *had* 5 years ago when I set my client up with them, a very good reputation--is this a somewhat normal practice???

I have never seen a shared server that lets you into root allowing access to other users folders? What's up with this???

I'm thinking of getting with another user on the the server to see if I could upload or edit an html file. I will *not* do this without permission, but I'd love to know if this is possible, and how far the security can be breached here.

Thanks for any input.

 

 

 

 

Top