Ok peoples, heres the deal, I hear alot of junk about ftp and the like, so this is my perspective. If your gonna use ftp, ALWAYS, ALWAYS, put the users in a chroot jail! It is just STUPID not to. Chroot makes a nice level of security around your users. I personally like pure-ftp, it seems to be the best thing out there! Its really cool cause you can add a virtual user(which I prefer), chroot him, and update the database all in one command. You can also set up so people can only _login_ at a certain time period. It's also secure out of the box. I've never used any other FTP servers though, but this one is just the one I like best, and it was also in the ports collection on my FreeBSD box, so thats pretty cool.

chroot jail will only stop a real attacker for moments. there are many ways to break out of them.

You just have to make sure that you only give access to those you trust, do ip based acl's for those logins.

Worst case scenario, the attack would have to know the ip ranges allowed for the login that they've 'cracked'. I suppose this would only be an added 'fix' to the problem, but makes the path to travel a little longer.

What exactly are acls? Most of the people who bother attacking are stupid script kiddies, they probably don't know much about chroot jails, but yes, they are breakable, and yes, easily breakable. But most of the stupid script kiddies are idiots who just wanna install sub7 and steal your credit card number. Others are a bit more advanced, and know what linux is(lol).

pardon my ignorance but what is a CHroot Jail?