proftpd

Force ProFTPD to listen on only one IP

Submitted by sandip on Sun, 02/24/2008 - 00:10. | Tags:

proftpd

It's not quite as clean as the socket binding under Apache but the principle works something like this.

In Standalone mode, to listen on the primary IP of a host use the SocketBindTight directive.
In "/etc/proftpd.conf":
```
SocketBindTight                 on
```
To listen on a interfaces which are not the primary host interface, use the SocketBindTight directive, place your server configuration in a block and use "Port 0" for the main host configuration and and "Port 21" inside the VirtualHost block.

Port 0 SocketBindTight on <VirtualHost xxx.xxx.xxx.xxx> Port 21 DefaultRoot ~ AllowOverwrite on Umask 002 </VirtualHost>

Analyzing proftpd xferlog file

Submitted by wizap on Tue, 01/29/2008 - 10:59. | Tags:

Recently I've had to research on some missing files of a website.

When looking through the proftpd xferlog files, it was clear that the files were deleted by a user having ftp access.

The xferlog file is usually located at "/var/log/xferlog". However, since this was a plesk server, it was located at:
"/var/www/vhosts/{DOMAIN}/statistics/logs/xferlog_regular*"

A quick grep produced the files that were deleted out and could easily be recovered from a previous backup. Also, discovered the time and offending IP address of the person that did the deletes.

Full listing:

$ grep "_ d" /path/to/xferlog

Listing of just the deleted files:

$ awk '/_ d/ {print $9}' /path/to/xferlog

Below are some additional notes on xferlog anlysis:

proftpd

Force ProFTPD to listen on only one IP

Analyzing proftpd xferlog file

User login

Recent blog posts

Who's online