Notty Notty! re:”All my Server CPU is used by root@notty!! Have I been hacked?”
First – Breathe. “notty” stands for “no teletypewriter”. Programs that connect to the server but don’t want the output displayed any where use a “No TTY” connection. So if you see “ssh: *@notty” on a task list somewhere, it just means there’s an ssh login on your server does not have a visual interface assigned to it.
This can appear during many different relatively common server activities. So it is not the tag of some hacker as you might have feared. One of the most common examples is the use of the scp command. scp remotely copies files from one computer to another. When it connects to the remote computer, it isn’t displaying that communication to a screen, so the connection is a notty connection.
Below is a partial screen scrape of a “top -c” command when scp is running:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 32706 root 15 0 14284 7116 2336 S 68.1 0.3 6:15.37 sshd: root@notty 32709 root 18 0 6788 1468 1124 R 4.0 0.1 0:20.84 scp -r -f /home2
As you can see the cpu usage was pretty high and that’s what gets people worried. They are probably looking at “top” see how much longer it will take to finish copying files. Then they see that scp is taking up nothing while a task named “notty” is taking up huge amounts of CPU and they think someone is being “naughty”. Now you know what is really happening.
So relax! It’s all good.
I co-host WordPress Podcast – Episode 43: Out of date blogs hacked, All-In-One SEO, Crazyhorse, HyperDB
Angry letter to Flickr/Yahoo
header location: $_SERVER["PHP_SELF"] security vulnerability
About Author
Don’t worry, no teletypewriter is not an activity by any hacker and you can work with a relaxed mind while handling the server activities. It is a very usual activity in your system. Thanks for the tips and make us comfortable.
Wow! Thank you! I permanently wanted to write on my
website something like that. Can I take a fragment of your post to my
website?