CSF

Joined
Oct 24, 2008
Messages
4,099
Points
0
No pts/3 is your third pseudo terminal presumably over ssh


ps aux|grep pts/6

will show what processes that login is running.

It is an host within cox cable running a microsoft mail server, and probably not a good thing.
 
Joined
Oct 22, 2010
Messages
254
Points
0
ps aux|grep pts6
root 12898 0.0 0.1 3920 548 pts/3 D+ 11:44 0:00 grep pts6

I am at one of my remote offices. I have put the IP as an Allow in CSF. There is a mail server from a tenant running on the same network, but how have they gained access to the box. when I run a who I get this:

root tty1 2011-03-16 14:52
root pts/1 2011-03-18 11:14 (xxx.xxx.xxx.xxx)
root pts/2 2011-03-18 09:28 (192.168.1.2)
root pts/3 2011-03-18 11:24 (mailserv.xxxxxxxxx)
root pts/4 2011-03-18 11:26 (xxx.xxx.xxx.xxx)
root pts/5 2011-03-18 11:30 (xxx.xxx.xxx.xxx)

the .xxx is Jorge from PS. Working on a case with him now.
 
Joined
Oct 22, 2010
Messages
254
Points
0
That mail serv has to be me. I am 10.10.10.108 the 192.168.1.2 is from my home office. The router is not named tranquil. Why is his host name showing up like this on my login?

Thanks.
 
Joined
Oct 24, 2008
Messages
4,099
Points
0
that was pts/6 not pts6

10.10.10.108 is a "reserved" IP address maybe from your provider presumably COX and the real address is 98.191.n.n (whoops!)
anyway please edit your post(s) to sanitize them
 
Joined
Oct 22, 2010
Messages
254
Points
0
My PC is .108. I'll get to the bottom of tranquil. Shouldn't have put the PS address up there. Can you remove the .131? Thanks.
 

Members online

No members online now.

Forum statistics

Threads
30,988
Messages
131,101
Members
17,716
Latest member
Orbit114
Top