FTP Exposure Across the EU: A Snapshot from Shodan Data
February 28, 2026
FTP is one of the oldest protocols still running on today’s internet. Designed in a very different era, it was never built with encryption as a default feature. And yet, decades later, it remains widely deployed.
We pulled Shodan data for all 27 European Union member states to see how much FTP exposure still exists — and how much of it allows anonymous login.
This isn’t a vulnerability scan. It’s a visibility snapshot of what’s responding on port 21.
Methodology
EU-27 country filter used:
AT, BE, BG, HR, CY, CZ, DK, EE, FI, FR, DE, GR, HU, IE, IT, LV, LT, LU, MT, NL, PL, PT, RO, SK, SI, ES, SE
Two queries were used:
- Total FTP exposure (port 21 responding)
- FTP allowing anonymous login (“230 Login successful”)
The results below are based solely on Shodan’s indexed data at the time of collection.
Total FTP Exposure in the EU
Total exposed FTP services: 1,302,357
| Rank | Country | FTP Servers |
|---|---|---|
| 1 | Germany (DE) | 441,694 |
| 2 | France (FR) | 200,834 |
| 3 | Netherlands (NL) | 130,900 |
| 4 | Poland (PL) | 95,735 |
| 5 | Italy (IT) | 90,262 |
| 6 | Spain (ES) | 71,813 |
| 7 | Romania (RO) | 36,170 |
| 8 | Czechia (CZ) | 34,927 |
| 9 | Finland (FI) | 29,112 |
| 10 | Hungary (HU) | 21,410 |
Germany alone accounts for roughly one-third of all EU FTP exposure.
That doesn’t automatically mean weaker security. Larger economies and countries with strong hosting sectors naturally show higher numbers. The Netherlands ranking third likely reflects infrastructure density rather than configuration quality.
Anonymous FTP Exposure
Out of 1.3 million exposed FTP services, 10,505 allow anonymous login (~0.8% rate).
| Country | Anonymous FTP | Ratio |
|---|---|---|
| Germany | 2,183 | ~0.49% |
| France | 1,797 | ~0.89% |
| Poland | 1,578 | ~1.64% |
| Italy | 1,559 | ~1.73% |
| Netherlands | 814 | ~0.62% |
| Spain | 493 | ~0.68% |
| Czechia | 274 | ~0.78% |
| Romania | 267 | ~0.73% |
| Finland | 195 | ~0.67% |
| Sweden | 183 | ~0.85% |
While FTP exposure is widespread, anonymous access represents a relatively small fraction. Most exposed services require authentication.
What Software Is Running?
The product breakdown shows that FTP exposure isn’t limited to traditional servers.
| Product | Identified Instances |
|---|---|
| ProFTPD | 66,810 |
| Microsoft ftpd | 39,837 |
| MikroTik router ftpd | 29,041 |
| D-Link firmware FTP | 4,771 |
| Synology DiskStation NAS ftpd | 3,601 |
| FileZilla ftpd | 1,455 |
| vsftpd | 1,165 |
What stands out is the diversity.
FTP exposure includes: hosting servers, small business routers, NAS appliances, CCTV systems, printers, and consumer networking hardware. FTP remains embedded not just in data centers, but inside everyday infrastructure.
Next in the Series
Don't miss our deep dive into Telnet exposure across the EU:
Telnet Exposure Across the EU: A Legacy Protocol That Refuses to DieFinal Thoughts
1.3 million exposed FTP services across the EU sounds dramatic at first glance. But a closer look tells a more structured story:
- Anonymous FTP represents less than 1% of total exposure.
- Exposure strongly correlates with infrastructure size.
- Embedded and networking devices contribute significantly.
- Legacy protocols remain deeply rooted in modern systems.
FTP isn’t gone. It’s still quietly running across a wide range of infrastructure.