#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2008
    Posts
    28
    Rep Power
    0

    How to interpret ftp access logs?


    Gidday

    Several of my sites have been hacked, with bot code inserted into a lot of my php files. I've also started to receive bounced emails from people I don't know.

    I've checked out the ftp access files, and am after a little help interpreting what the data means. Here's an example line relating to the file infection:

    Fri Apr 06 04:46:14 2012 1 46.32.XXX.224 19821 /home/myaccount/public_html/index.php a _ o r myaccount ftp 1 * c

    I've hidden part of the ip address in case they aren't the hacker, but have traced it to an ISP company manager.

    Anyway, what does the column containing 19821 represent, and also the column with 1 * c ?

    Thanks for your time and help.
  2. #2
  3. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2012
    Location
    spaceBAR Central
    Posts
    229
    Rep Power
    42
    Check out this explanation at this page:
    gnode.net/reading-ftp-logs-in-xferlog-format/
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2008
    Posts
    28
    Rep Power
    0
    Thanks Spacebar - EXACTLY what I was after.

IMN logo majestic logo threadwatch logo seochat tools logo