Results 1 to 6 of 6
  1. #1

    weird server activity

    i am facing this weird weird problem.
    i had recently asked a programmer to work on my server.
    i had given him root access.

    whenever i login to my server it shows 2 users as loged in.

    pts/0 and pts/7

    pts/0 is me
    but pts/7 is the other person logged in.

    both the ips of pts0 and pts 7 are mine.
    isnt that weird.
    i tried killing pts/7 but it doesnt work.

    also once when i was checking the activity of pts/7 it showed something like /var/qmail ....

    i suspect that pts/7 is some bot masked as my ip, and its secretly using qmail to scan my emails.

    what do you guys think?

    anyway to check and secure my server.

  2. #2
    Join Date
    Nov 2003
    There is a possiblity that at some point you logged in and got timed out, i'm saying it bcz you are saying that the ip for other user is also your ip.

    It sometimes happens if your time out values are high, it will continue to show you as logged in for days.

    So I don't think there is anything to worry about.


  3. #3
    cant someone spoof my ip and remain logged on my server to do some hacking stuff?

  4. #4
    Join Date
    Nov 2003
    By spoofing they can send packets to your box (usually used during DOS/DDOS), but they cannot stay logged in with a spoofed ip.

    Though if your box is hacked, they can spoof the dns, but it is very rare.


  5. #5
    I've given people root access to my server as well to do some work as well, and have seen the same thing when typing "finger". It's usually when the other user didn't bother logging out (typing "logout"), so you see two users simultanously logged in, even though the other user probably already closed the ssh session. Looks normal to me, not a hacking.

  6. #6
    Join Date
    Apr 2004
    San Jose
    Reboot and see if it comes back.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts