Hi, there. please check this image. I had a suspicious IP address and I ran the last command. Anyone please tell what that lsof is? Did somebody run the lsof command on my server? but I've never run that command
Asked
Active
Viewed 37 times
1 Answers
0
The last command shows the users that have last logged in into your system. Your image means that something has logged into your system using user account lsof.
If you don't recognise the IP address, then someone has most likely logged into your system.
You need to reinstall your server from backups you know that are clean.
Also, you need to set up a normal user account and use it to log in to the system instead of root account.
Tero Kilkanen
- 34,499
- 3
- 38
- 58