Thanks for the ps aux command >Christmas day at 4am I had some script kiddies probe my box with an > attempt to see if I had about 15 different cgi scripts. > > I have bignosebirds custom error msg script installed, it's set to email me > anytime someone gets a 404, 401, 500 msg That's troublesome .. have you detected anything else odd ? not that I could tell...now I'm really glad I set my msql password after discovering that it was wide open! David ----- Original Message ----- From: "Nils Vogels" <nivo+linux-discussion@xxxxxxxxxxx> To: <linux-discussion@xxxxxxxxxxxxx> Sent: Saturday, December 29, 2001 8:38 PM Subject: [Linux-Discussion] Re: How do you tell who is using ssh other than me? > > On Sat, Dec 29, 2001 at 08:33:46PM -0500, David Bruce Jr wrote: > > Earlier today I saw that there were 2 pids running ssh on my server. > > > > as far as I know I'm the only one who has ssh permissions... > > > > I did a who but my that didn't tell me anything about who was running ssh > > > > how do I tell from the pid? > > You can use 'ps aux' or if you want to me more sure, use 'lsof' > > Moth have a zillion commandline options, read the manpages on those tools for > more :) > > > Christmas day at 4am I had some script kiddies probe my box with an > > attempt to see if I had about 15 different cgi scripts. > > > > I have bignosebirds custom error msg script installed, it's set to email me > > anytime someone gets a 404, 401, 500 msg > > That's troublesome .. have you detected anything else odd ? > > -- > Nils Vogels PGP:0xC26BD15F Available on keyservers. > S@H:2649WU/3.957yr --> setiathome.ssl.berkeley.edu. Will you find aliens? > Every OS sucks! http://www.yuckfou.org/every_os_sucks.mp3 > > Why did it happen ? BOFH Excuse: > Borg implants are failing > >