Last week someone accessed the primary account of my design business on my server via FTP, downloaded files and defaced the website. I suspect it was a former business partner as the IP address traces to my city and it's really the only logical explanation for the actions in question. I believe this falls outside of the user's AUP with their service provider (violation of privacy), however the user's service provider is asking for specific information from the firewall logs that I don't see in /var/logs/messages. Specifically, they want log entries that are stamped with time zone, the IP of my server, and the local port. How should I pursue this further? I don't necessarily want to be punitive, but I want to determine if the attacker in question is in fact this former business partner as his actions would be in violation of a separation agreement.