PDA

View Full Version : Hacked using remote VNC/change of ownership rights




adust1980
Aug 16, 2008, 11:22 PM
I hope I'm using the correct forum...if not I apologize.
I've been noticing strange activity through console recently and am now positive someone has been accessing my computer via a tunnel or vnc. I can't say I know much regarding either of these but I have saved the logs themselves. Recently I performed a clean install but I am getting the same type of ownership/wireless issues from a remote computer using vista. Ive monitored the remote install and observation via console and network utility.
Upon clean install it appears to me...although these could be seperate issues...there is a partition on my HD that I can not delete or modify. Therefore this remote user has ownership rights and any future install is vulnerable to the same attack. Could someone point me in the right direction? Or tell me what information is useful or worth taking a look at? So far Ive been trying to log as much as possible just in case.
Thank you so much.



Cromulent
Aug 16, 2008, 11:52 PM
I hope I'm using the correct forum...if not I apologize.
I've been noticing strange activity through console recently and am now positive someone has been accessing my computer via a tunnel or vnc. I can't say I know much regarding either of these but I have saved the logs themselves. Recently I performed a clean install but I am getting the same type of ownership/wireless issues from a remote computer using vista. Ive monitored the remote install and observation via console and network utility.
Upon clean install it appears to me...although these could be seperate issues...there is a partition on my HD that I can not delete or modify. Therefore this remote user has ownership rights and any future install is vulnerable to the same attack. Could someone point me in the right direction? Or tell me what information is useful or worth taking a look at? So far Ive been trying to log as much as possible just in case.
Thank you so much.

Can you provide any examples of what you are seeing in your logs? Replace your IP address with Xs if you want. Basically all you need to do is turn your firewall on in the Security System Preferences pane (select essential services only, and if you want even more security turn stealth mode on as well) and disable screen sharing in the Sharing System Preferences pane.