All posts tagged linux

Occasionally the need will arise where you have to review the FTP logs for a particular domain. These are located in /var/www/vhosts/$domain/statistics/logs/xferlog_regular

Each log entry will contain what you would expect, the IP accessing, the file being modified, as well as one of the following: a _ i, a _ o, a _ d, b _ i, b _ o, b _ d

But what do those cryptic letters mean? They tell you what type of transfer, a for ascii or b for binary, and whether a file was uploaded (i), downloaded (o), or deleted (d)

Ascii format:

  • a _ i (uploaded)
  • a _ o (downloaded)
  • a _ d (deleted)

  • Binary format:

  • b _ i (uploaded)
  • b _ o (downloaded)
  • b _ d (deleted)
  • lsof -Pni

    Occasionally I’ll run across boxes that have been root-kitted and the netstat binary has been replaced. This new binary gives you the same info every time, and is designed to hide many active connections to the box, even your own SSH session! Luckily, it seems that many rootkits neglect to replace lsof so you can use the above snippet to review all Listening and Established connections to the box.

    Downside: Need to have root access to run the code