var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
weird server activity
i am facing this weird weird problem.
i had recently asked a programmer to work on my server.
i had given him root access.
whenever i login to my server it shows 2 users as loged in.
pts/0 and pts/7
pts/0 is me
but pts/7 is the other person logged in.
both the ips of pts0 and pts 7 are mine.
isnt that weird.
i tried killing pts/7 but it doesnt work.
also once when i was checking the activity of pts/7 it showed something like /var/qmail ns.server.com ....
i suspect that pts/7 is some bot masked as my ip, and its secretly using qmail to scan my emails.
what do you guys think?
anyway to check and secure my server.
There is a possiblity that at some point you logged in and got timed out, i'm saying it bcz you are saying that the ip for other user is also your ip.
It sometimes happens if your time out values are high, it will continue to show you as logged in for days.
So I don't think there is anything to worry about.
cant someone spoof my ip and remain logged on my server to do some hacking stuff?
By spoofing they can send packets to your box (usually used during DOS/DDOS), but they cannot stay logged in with a spoofed ip.
Though if your box is hacked, they can spoof the dns, but it is very rare.
I've given people root access to my server as well to do some work as well, and have seen the same thing when typing "finger". It's usually when the other user didn't bother logging out (typing "logout"), so you see two users simultanously logged in, even though the other user probably already closed the ssh session. Looks normal to me, not a hacking.
Reboot and see if it comes back.