[Linux-Discussion] Re: How do you tell who is using ssh other than me?

  • From: "David Bruce Jr" <dbartbruce@xxxxxxxx>
  • To: <linux-discussion@xxxxxxxxxxxxx>
  • Date: Sat, 29 Dec 2001 21:14:23 -0500

Thanks for the ps aux  command

>Christmas day at 4am I had some script kiddies probe my box with an
> attempt to see if I had about 15 different cgi scripts.
>
> I have bignosebirds custom error msg script installed, it's set to email
me
> anytime someone gets a 404, 401, 500 msg

That's troublesome .. have you detected anything else odd ?

not that I could tell...now I'm really glad I set my msql password after
discovering that it was wide open!

David

----- Original Message -----
From: "Nils Vogels" <nivo+linux-discussion@xxxxxxxxxxx>
To: <linux-discussion@xxxxxxxxxxxxx>
Sent: Saturday, December 29, 2001 8:38 PM
Subject: [Linux-Discussion] Re: How do you tell who is using ssh other than
me?


>
> On Sat, Dec 29, 2001 at 08:33:46PM -0500, David Bruce Jr wrote:
> > Earlier today I saw that there were 2 pids running ssh on my server.
> >
> > as far as I know I'm the only one who has ssh permissions...
> >
> > I did a who but my that didn't tell me anything about who was running
ssh
> >
> > how do I tell from the pid?
>
> You can use 'ps aux' or if you want to me more sure, use 'lsof'
>
> Moth have a zillion commandline options, read the manpages on those tools
for
> more :)
>
> > Christmas day at 4am I had some script kiddies probe my box with an
> > attempt to see if I had about 15 different cgi scripts.
> >
> > I have bignosebirds custom error msg script installed, it's set to email
me
> > anytime someone gets a 404, 401, 500 msg
>
> That's troublesome .. have you detected anything else odd ?
>
> --
> Nils Vogels PGP:0xC26BD15F Available on keyservers.
> S@H:2649WU/3.957yr --> setiathome.ssl.berkeley.edu. Will you find aliens?
> Every OS sucks! http://www.yuckfou.org/every_os_sucks.mp3
>
> Why did it happen ? BOFH Excuse:
>                        Borg implants are failing
>
>


Other related posts: