Our web site has recently been hacked due to vulnerabilities in our anonymous FTP policies.
We would like to grant all of our paying members anonymous FTP access without maintaining equivalent shell accounts. That is, we would like to have userX log into FTP with his password (as stored in our database), and access a directory that would be created and chroot'd for him (if it didn't exist) under ~/ftp/pub/userx
Is this possible? What software do I need, and how do I go about setting this up?