Web Hosting Talk






PDA

View Full Version : Do you know what /usr/bin/chx is?

tymonhall
12-31-2001, 03:51 PM
Hi, I have two servers that don't let me telnet/ssh into them any more. When I telnet it just gives me the first two lines but not the login prompt, when I ssh it gives me an invalid password responce. What I did on one of the servers was had the hosting company reset the password and it seems to allow me in via ssh.

When I got in I notice there was a program running multiple times call chx causing the load on the server to reach in the 8.0 range. I stop all of the processes and it seems to be running ok now, but still can't telnet.

My question is do anyone know what the chx program is? I found it in /usr/bin/chx.

Thanks
shortfork
01-01-2002, 04:45 AM
I really hate to say this but it sounds like you've been hacked my friend..

Good luck!
Shortdogged
2Grumpy
01-01-2002, 05:02 AM
Originally posted by tymonhall
Hi, I have two servers that don't let me telnet/ssh into them any more. When I telnet it just gives me the first two lines but not the login prompt, when I ssh it gives me an invalid password responce. What I did on one of the servers was had the hosting company reset the password and it seems to allow me in via ssh.

When I got in I notice there was a program running multiple times call chx causing the load on the server to reach in the 8.0 range. I stop all of the processes and it seems to be running ok now, but still can't telnet.

My question is do anyone know what the chx program is? I found it in /usr/bin/chx.

Thanks

http://www.securityfocus.com/tools/2086

Did you at some point try installing a firewall? The only things I can find for chx point to this little firewall available here:

http://www.idrci.net/default.htm?tryit=en

Just a thought.
shortfork
01-01-2002, 11:42 AM
Originally posted by Dixiesys


http://www.securityfocus.com/tools/2086

Did you at some point try installing a firewall? The only things I can find for chx point to this little firewall available here:

http://www.idrci.net/default.htm?tryit=en

Just a thought.

The only problem with this theory is that the chx engine is for Windoze boxes. I'd still lean towards thinking he's been "owned" or at least it sure sounds like it. Maybe the cracker has enough knowledge to be able to use the chx engine on a linux box??

Again.. Good Luck!!
Shortness
tymonhall
01-02-2002, 06:20 AM
I did a search myself and didn't find anything but about firewalling too. I am afraid that the server may have been hacked. I wish I can find out more about this so I can know what it is and how to fix it if possible.

Since this is one of my first servers I don't know what I had installed. I went with portsentry as some security on the servers but I know I did try and setup some other ones.