Welcome to WebmasterWorld Guest from 22.214.171.124
Forum Moderators: bakedjake
"finger" to see if anyone's on the the server, use "w" ("top" is even better) to check all their processes. Also use "ps xu" to see all existing processes on the server. So basically this is all you need.
Keep in mind, too, that most rootkits (if one is installed) will mess with the
output, along with removing info from
and cleaning out traces from the normal log files, like
If your system has been compromised and taken over completely, you won't be able to do anything but reboot, if that. If it's being used to mount attacks without having been completely taken over, you can probably see the activity by using
, but you may be too late to stop it without reinstalling the OS ... you simply cannot tell which system files have been replaced with bogus ones unless you already had in place some mechanism for doing so. If they're compromised now, you won't be able to tell. File timestamps, permissions, all of that can be forged or appropriated.
We really need more details about your server before we can offer any specific advice, like what operating system and version it's running.