cPanel & WHM Version 94 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Built-in filemanager "transfer log"

Csurgi shared this idea 5 years ago
Open Discussion

It's would be very useful if the built-in filemanagers generate a transfer-log like pureftpd about the file creation/delete/etc. events.

Comments (4)

photo
1

Yes, this would help track down which IP uploaded what malware file to the server (or what size it was at the time to help determine if it was already infected or not), or how did xyz file get removed off the account. We get that type of question all the time and when the file manager doesn't log file operations, it makes it more difficult to track down.

photo
1

This feature could definitely help with that, but I wanted to also mention that it should be possible to do these things as the server administrator by looking at the cPanel and system logs on the command line.

photo
1

The access logs in cPanel shows some of the activity for the file manager, but it can be obscure over what actions are taking place. Such as below where I can see files are being uploaded, but its not clear which ones:


  1. 00.11.22.33 - user [04/15/2016:12:54:08 -0000] "POST /cpsess9267138266/json-api/cpanel HTTP/1.1" 200 0 "htt\ps://cpanel1.example.com:2083/cpsess9267138266/frontend/x3/filemanager/upload-ajax.html?file=&fileop=&dir=%2Fhome%2Fuser%2Fpublic_html%2Falbum%2Fphotos%2FRam+Nabami+2016&dirop=&charset=&file_charset=&baseurl=&basedir="; "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.5 Safari/537.36" "s" "-" 2083

    00.11.22.33 - user [04/15/2016:12:55:41 -0000] "POST /cpsess9267138266/json-api/cpanel HTTP/1.1" 200 0 "htt\ps://cpanel1.example.com:2083/cpsess9267138266/frontend/x3/filemanager/upload-ajax.html?file=&fileop=&dir=%2Fhome%2Fuser%2Fpublic_html%2Falbum%2Fphotos%2FRam+Nabami+2016&dirop=&charset=&file_charset=&baseurl=&basedir="; "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.5 Safari/537.36" "s" "-" 2083

    Or such in this case, I know the file, but it doesn't show the size:

    00.11.22.33 - user [04/05/2016:11:29:06 -0000] "POST /cpsess2886009166/json-api/cpanel HTTP/1.1" 200 0 "htt\ps://cpanel1.example.com:2083/cpsess2886009166/frontend/rvneo/filemanager/

    upload-ajax.html?file=wp-config.php&fileop=&dir=%2Fhome%2Fuser%2Fpublic_html%2Fwp-content%2Fuploads&dirop=&charset=&file_charset=utf-8&baseurl=&basedir="

    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/47.0.2526.73 Chrome/47.0.2526.73 Safari/537.36" "s" "-" 2083

So I can't tell if they're uploading a clean file or one that is already infected. Unless this information is also being logged in another location...

Hal

photo
photo
1

Will be good if the tracking log includes more than ip, it must be include geoip, info about the pc the user used to delete, upload or edit the files and maybe a couple more of details, to help us to track better the users activity.

photo
1

First of all - we desperately need exact filename of files whicha are upliading via FileMnager and renaming log as well!

photo
2

Built-in filemanager "transfer log" "rename log" "create log" "delete log" is must needed.

Leave a Comment
 
Attach a file