The default copy of CrushFTP ships very secure. There are no default usernames, or passwords, etc. The default ciphers are relatively secure, but not as secure as they could be just for compatibility for people starting out using a potentially older browser for example. We also have some default ports that you may not need or want for file transfer that allow for insecure connections (FTP / HTTP).
So to secure the server, follow these steps:
1.) Login to the WebInterface, Admin, Preferences.
2.) Remove the FTP port on port 21, or click on advanced and enable require encryption.
3.) Remove the HTTP port on 8080 and 9090, or change the IP from "lookup" to be 127.0.0.1 making them inaccessible.
4.) Go to Encryption, SSL. Click the link to disable insecure ciphers.
5.) On the IP / Servers tab, right click on the HTTPS port, and restart it for the prior change to take effect.
6._