On Sat, Dec 29, 2001 at 08:33:46PM -0500, David Bruce Jr wrote: > Earlier today I saw that there were 2 pids running ssh on my server. > > as far as I know I'm the only one who has ssh permissions... > > I did a who but my that didn't tell me anything about who was running ssh > > how do I tell from the pid? You can use 'ps aux' or if you want to me more sure, use 'lsof' Moth have a zillion commandline options, read the manpages on those tools for more :) > Christmas day at 4am I had some script kiddies probe my box with an > attempt to see if I had about 15 different cgi scripts. > > I have bignosebirds custom error msg script installed, it's set to email me > anytime someone gets a 404, 401, 500 msg That's troublesome .. have you detected anything else odd ? -- Nils Vogels PGP:0xC26BD15F Available on keyservers. S@H:2649WU/3.957yr --> setiathome.ssl.berkeley.edu. Will you find aliens? Every OS sucks! http://www.yuckfou.org/every_os_sucks.mp3 Why did it happen ? BOFH Excuse: Borg implants are failing