Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

I got Hacked! What do I do now?

R

roro78

macrumors newbie
Original poster
Feb 6, 2009
3
0
Hi there, not sure if this is the right forum but I searched the site for hacks and didn't find anything. So I hope some one can help or redirect me.

last night at around 10ish, I went on my computer and a browser window i had left open was now saying: "Turkish Hacker by Firtina bozo was here!"
I'm assuming I've been hacked.
I looked more into mac security and discovered I could enable Stealth Mode ( a bit too late i know ) but I did it anyway. Question now is... How do I know he is no longer connected? is it possible to see what files the hacker (cracker) was interested in if any? I was trying to look at the system log but don't really understand how to read it. All I know is I was away from the computer from around 4pm until around 10pm. but I see a lot of log activity between those times...
I don't know
PLEASE HELP...
 
yoyo5280

yoyo5280

macrumors 68000
Feb 24, 2007
1,910
0
Melbourne, Australia & Bay Area
It could be very likely that you weren't actually hacked.

Step one though, turn on firewall and disconnect from the internet. Use a different computer to post here

Please post your computer details (OS and stuff)

I know some free mac antivirus
 
pknz

pknz

macrumors 68020
Mar 22, 2005
2,478
1
NZ
Most likely just a pop up.

Try google

"Turkish Hacker by Firtina bozo was here" you get quite a few hits.
 
vinay427

vinay427

macrumors 6502a
Sep 18, 2008
748
74
yoyo5280 said:
Upon more research, I am assuming that is merely a hack to websites.


Turkish hacker hacks websites to merely put on content about him self and how he loves turkey
Click to expand...

Random question, but does he love the food or the country? I'm guessing the country...
 
Theaser

Theaser

macrumors 6502
Dec 30, 2008
388
0
Man, do hackers have weird names. Who names themselves Firtina Bozo, Theaser would be a cool name :D? I think that its just to make you think its Turkish. I bet you will find it in another country after you traced the IP.
 
M

MacAgent84

macrumors member
Jan 11, 2009
81
0
It is highly unlikely that you were hacked, especially if you are using a Mac. I suspect as many others that your browser was pointed to a bogus webpage or popup. This happens all the time and I wouldn't be very alarmed if I were you.
 
M

m1stake

macrumors 68000
Jan 17, 2008
1,518
3
Philly
MacAgent84 said:
It is highly unlikely that you were hacked, especially if you are using a Mac. I suspect as many others that your browser was pointed to a bogus webpage or popup. This happens all the time and I wouldn't be very alarmed if I were you.
Click to expand...

Defcon proved OSX was less secure than Vista, I think it was last year.
 
HazRutter

HazRutter

macrumors regular
Jan 2, 2009
212
0
England
Grr, were you saying its unlikley that Snow Lepoard will be more secure or that Vista is more secure than OSX?
 
R

rylin

macrumors 6502
Aug 18, 2006
351
0
m1stake said:
Defcon proved OSX was less secure than Vista, I think it was last year.
Click to expand...

Weren't they actually comparing Leopard + third party software with a base vista install? Or was it the default Leopard install vs. a hardened Vista install?

There are way too many ******** comparisons out there :(
I know I've seen the above two, but one would assume it'd be a more competent comparison at Defcon.

Or, are you perhaps thinking of the test where the successful hackers would get to keep the hardware?
I.e., a brand new MBP vs. a Dell or HP vista machine, at a time when Vista was behaving notoriously bad? (in other words, biased results here too)
 
T

Thorbjorn

macrumors regular
Jan 14, 2008
141
0
Wow. I've never looked at my Stealth log before. When I did today (thanks to this post) I see lots of connection attempts. Here's a sample:

Feb 8 12:35:52 Macintosh Firewall[54]: krb5kdc is listening from :::88 uid = 0 proto=6
Feb 8 12:35:52 Macintosh Firewall[54]: krb5kdc is listening from 0.0.0.0:88 uid = 0 proto=6
Feb 8 12:35:55 Macintosh Firewall[54]: krb5kdc is listening from :::88 uid = 0 proto=6
Feb 8 12:35:55 Macintosh Firewall[54]: krb5kdc is listening from 0.0.0.0:88 uid = 0 proto=6
Feb 8 12:36:03 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:56055 from 10.0.1.1:53
Feb 8 12:36:04 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:68 from 10.0.1.1:67
Feb 8 12:36:34: --- last message repeated 2 times ---
Feb 8 12:36:38 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:58537 from 10.0.1.1:53
Feb 8 12:36:39 Macintosh Firewall[54]: Stealth Mode connection attempt to TCP 10.0.1.199:50748 from 205.216.12.25:80
Feb 8 12:37:00: --- last message repeated 2 times ---
Feb 8 12:37:00 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:58802 from 10.0.1.1:53
Feb 8 12:37:15 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:55820 from 10.0.1.1:53
Feb 8 12:37:18 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:54464 from 10.0.1.1:53
Feb 8 12:37:26 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:55839 from 10.0.1.1:53
Feb 8 12:37:49 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:57081 from 10.0.1.1:53
Feb 8 12:38:19: --- last message repeated 1 time ---
Feb 8 12:39:46 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:63957 from 10.0.1.1:53
Feb 8 12:39:48 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:55623 from 10.0.1.1:53
Feb 8 12:40:20 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:68 from 10.0.1.1:67
Feb 8 12:40:40 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:65300 from 10.0.1.1:53
... etc....

What is "krb5kdc is listening"? Is any of this anything to be concerned about? I have some firewall protection up, but maybe not enough. I join the original poster in asking: what kind of set-up should I set up to be safe enough? (I'm not anal. And for the most part I don't have sensitive material on my computer. Still, I'd rather not have my computer attacked for nefarious purposes.)

Thanks.
 
R

rylin

macrumors 6502
Aug 18, 2006
351
0
Thorbjorn said:
Wow. I've never looked at my Stealth log before. When I did today (thanks to this post) I see lots of connection attempts. Here's a sample:
Click to expand...

krb5kdc sounds like it's related to kerberos authentication.
10.0.0.0/8 is a private network -- i.e., not on the Internet (in other words, those connection attempts are from your own network).
 
E

EmperorDarius

macrumors 6502a
Jan 2, 2009
687
0
Em...maybe the website was hacked and nothing actually happened to you? Does the website appear correctly on other computers? Or do you get this on more websites?

I'm sorta confused :S
 
R

roro78

macrumors newbie
Original poster
Feb 6, 2009
3
0
Love said:
First off - that's hilarious.

Second - What kind of internet connection are you on? If it's wireless, do you have password security on the network?
Click to expand...

i am on a wireless network and there is a password security.
The browser window that was open was actually my web site.
I guess I should contact my host...?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom