Who the heck actually still runs an FTP server as part of their website, in this day and age?
More than I care to admit or remember... I've seen a lot of advertising firms using FTP for transferring material to/from clients all over the place. They figure user/pass and origin IP are secure enough. Well, maybe their data isn't important enough to transfer with any level of encryption.
So when the headline says these protections are "easily" bypassed, all it's really saying is that if someone using a defensive system makes mistakes
Very true, but many smaller websites may not have the luxury of moving their IPs about.