GEN:SID 1:1662
Message WEB-MISC /~ftp access
Summary This event is generated when an attempt is made to access the home directory of the ftp user via http.
Impact Medium - Possible unauthorized file access due a configuration error
Detailed Information The FTP server might block access on ftp homedir to (anonymous) users,
but the folder can be read using the webserver.

Apache UserDir module allows sharing home directory (sub-)folders, a
misconfiguration of the webserver or ftp user account may allow
unauthorized access to the ftp user directory.
Affected Systems  
Attack Scenarios A FTP server blocks access to the ftp users homedir. A misconfiguration might allow an attacker to access the ftp users home directory.

This home folder might contain critical files.
Ease of Attack Simple.
Corrective Action Visit http://httpd.apache.org/docs for UserDir configuration options or
remove UserDir module if not needed.

Configure the ftp user to use a non-interactive nologin shell that does
not require a home directory.
Additional References