How to interpret ftp access logs?
Several of my sites have been hacked, with bot code inserted into a lot of my php files. I've also started to receive bounced emails from people I don't know.
I've checked out the ftp access files, and am after a little help interpreting what the data means. Here's an example line relating to the file infection:
Fri Apr 06 04:46:14 2012 1 46.32.XXX.224 19821 /home/myaccount/public_html/index.php a _ o r myaccount ftp 1 * c
I've hidden part of the ip address in case they aren't the hacker, but have traced it to an ISP company manager.
Anyway, what does the column containing 19821 represent, and also the column with 1 * c ?
Thanks for your time and help.
Check out this explanation at this page:
Thanks Spacebar - EXACTLY what I was after.