DPChallenge: A Digital Photography Contest You are not logged in. (log in or register
 

DPChallenge Forums >> General Discussion >> Somebody Remote Logged into my Mac!
Pages:  
Showing posts 1 - 11 of 11, (reverse)
AuthorThread
 05/03/2009 11:50:36 AM · #1
This morning I came to my computer and someone had remote logged into my Mac and was nosing around...

I have VNC enabled so I can use the Mac from the PC on the LAN without switching the keyboard/monitor switch. But I didn't have any ports open for remote access or the DMZ enabled from my Dlink router, so how could they get in?

And I have checked before, but I just used the GRC shields up and it shows all my ports are stealth. (https://www.grc.com)

Message edited by author 2009-05-03 11:53:03.
 05/03/2009 12:00:10 PM · #2
I'd expect that they would have had to get in through VNC. The question is, does that mean they were able to bypass logging in to your network? Is your network wired or wireless?
 05/03/2009 12:11:32 PM · #3
I have no idea how they got in. Perhaps the had some inside knowledge? I do recall Steve Gibson in his podcast saying that due to changes in technology, shields up is no longer a good indicator of your total security, though it is still a useful tool.
 05/03/2009 12:16:52 PM · #4
I do have wireless, but it's protected with a passcode.

The log shows they logged in a few times overnight. I caught them using Safari, and they were at that point going to a getmyip site to find out my IP...so they must have found it through some automated means? How could they not already know my IP? The safari history only shows two sites...an insurance site, and the getmyip...so either they cleared history for last night, or they actually had just really started when I saw them. Firefox history showed nothing.

The log shows that the login IP address changed about 4 times for the four logins, so they were using a proxy, I'd imagine.

I tested port 5900 and 5800 specifically on ShieldsUp, and they are stealth.

Shouldn't my firewall router stop them from getting to my machines anyway? I don't see any settings that would allow them in!
05/03/2009 12:18:30 PM · #5
Can I email someone my IP and see if they can get in via VNC?
 05/03/2009 12:22:55 PM · #6
I suspect that they may have connected to the Mac directly (peer-to-peer) via VNC. It is possible they brute-force cracked your VNC security. The Wikipedia VNC page has a brief discussion of VNC security that seems to indicate there may be some vulnerability.

ETA: If they connected directly via wireless, then they are physically very near!

Message edited by author 2009-05-03 12:24:12.
 05/03/2009 01:22:45 PM · #7
Sounds like you were duped into installing a trojan.
 05/03/2009 02:08:28 PM · #8
Originally posted by nshapiro:
Can I email someone my IP and see if they can get in via VNC?


I'd be happy to do that for you.
 05/03/2009 02:29:39 PM · #9
OMFGNOFENWAY a Mac with a virus and a vulnerability to be hacked into? Is the world ending?

OK so I only said that because everytime someone has an issue with a PC all the MAC geeks talk about how secure and safe their Mac's are. Back to your normal programming.

BTW Neil that sucks.

Matt
 05/03/2009 02:51:39 PM · #10
Originally posted by scalvert:
Sounds like you were duped into installing a trojan.


Man, that's a nasty little bugger! And pretty sophisticated to boot.
 05/03/2009 03:01:21 PM · #11
Originally posted by scalvert:
Sounds like you were duped into installing a trojan.
\

Well, I've only installed 3 or 4 things since stopping using the Mac as a full time machine in Oct/Nov.

One of those is a new antivirus app for the mac, iAntivirus. That's running in monitor mode and hasn't seen anything. And I just installed the latest ClamAV and that's running now.

Looking at the safari history, one place they opened that looks scary, was:

h t t p s - www.shmktpl.com/click.asp? ... then a very long ID at the end...

The first two pages in the history are oddly, "American Guaranty Mortgage", www.usagmonline.com, which came up with an ad of sorts. That might have been something that came up automatically with Safari for all I know--since I don't use Safari at all.

Then after the shm address, they went to GetIP to get my IP address. I'm still not sure why they wouldn't already have had it since they were logged in!

Message edited by author 2009-05-03 15:05:00.
Pages:  
Current Server Time: 08/29/2025 04:08:06 AM

Please log in or register to post to the forums.


Home - Challenges - Community - League - Photos - Cameras - Lenses - Learn - Help - Terms of Use - Privacy - Top ^
DPChallenge, and website content and design, Copyright © 2001-2025 Challenging Technologies, LLC.
All digital photo copyrights belong to the photographers and may not be used without permission.
Current Server Time: 08/29/2025 04:08:06 AM EDT.