[Linux-Discussion] Re: How do you tell who is using ssh other than me?
- From: Nils Vogels <nivo+linux-discussion@xxxxxxxxxxx>
- To: linux-discussion@xxxxxxxxxxxxx
- Date: Sun, 30 Dec 2001 02:38:10 +0100
On Sat, Dec 29, 2001 at 08:33:46PM -0500, David Bruce Jr wrote:
> Earlier today I saw that there were 2 pids running ssh on my server.
>
> as far as I know I'm the only one who has ssh permissions...
>
> I did a who but my that didn't tell me anything about who was running ssh
>
> how do I tell from the pid?
You can use 'ps aux' or if you want to me more sure, use 'lsof'
Moth have a zillion commandline options, read the manpages on those tools for
more :)
> Christmas day at 4am I had some script kiddies probe my box with an
> attempt to see if I had about 15 different cgi scripts.
>
> I have bignosebirds custom error msg script installed, it's set to email me
> anytime someone gets a 404, 401, 500 msg
That's troublesome .. have you detected anything else odd ?
--
Nils Vogels PGP:0xC26BD15F Available on keyservers.
S@H:2649WU/3.957yr --> setiathome.ssl.berkeley.edu. Will you find aliens?
Every OS sucks! http://www.yuckfou.org/every_os_sucks.mp3
Why did it happen ? BOFH Excuse:
Borg implants are failing
Other related posts:
