Please Help! Just Had Something Very Odd/Scary Happen!

hellodon · 04:26 AM

I just had the weirdest thing going on with google.com showing up with a bunch of code in safari (XML errors in Firefox). Neither would load google.com, I thought that google had been hacked or something - but it seems that it was only happening on my mac...because I posted a message on twitter/facebook asking if others were seeing it and no one was. I also loaded it up fine on my iPhone connected to the same router....

Attached a screen shot of what the error looked like

So I went to restart to see if that fixed it and I got a warning I have NEVER seen before:

"Are you sure you want to restart? There is 1 user connected to your computer using filesharing"

Now, I'm not sure if it meant "connected using filesharing" or "connected and USING filesharing (like, transferring files)"

I did not see anyone in finder even connected to my network. There's one MacBookPro here that is currently closed. My network/router is WEP protected. I havent gone to any shady websites, downloaded anything unusual or clicked anything out of the ordinary (though things like that are usually PC probs anyway).

As soon as I restarted, I went into my system preferences and turned off screen sharing and file sharing. Checked google as well and that's now loading up fine as opposed to the page I saw before restarting

The only thing I could think of is that I definitely was using the macbookpro within the past few days, using screen sharing to this imac, transferring a few files, and the imac is always left on so it hasnt been restarted or turned off since I last did that - but i closed that out on the MBP - could that have had anything to do with that message - maybe it never disconnected properly? As I said, no one was showing up in my finder as being on my network or connected to me

Has anyone ever ran into anything like this? Am I at risk? Was someone stealing my files or was it just the previous connection to the MBP?

Any idea why google looked like that? I was just assuming the 2 things may be tied together, like maybe someone was on my machine and it was causing some sort of google.com error but it could just be a fluke google error, and that MBP connection from this week...I dont really have much on my computer that would be valuable to anyone else file-wise (i don't think) but I do enter passwords on websites...some are saved, most arent .

Is there any log of files transferred using filesharing? Any way for me to look into this? I mean, besides the obvious precaution of going through and changing all my passwords (i dont really want to do that) does anyone know if this is something to worry about?

Sorry for the lengthy post - just wanted to make sure I give all details. Any help would be GREATLY appreciated.

Thanks in advance.

mac2x · Nov 7, 2009, 02:21 AM

I don't know about the strange stuff appearing on your browser. BUT:

1: WEP is ridiculously easy to compromise. If your router isn't capable of using WPA 2 Personal, get one that is and use a strong password. If your router can do it, set it up ASAP.

2: Make sure Sharing is off in System Preferences, if it is not desired.

3: Ditch the torrents. No telling what sort of **** you get into from those.

[edit] Also set the firewall under Security Preferences to allow only essential services whenever you are using a notebook (is this a notebook or a desktop?) in public places, away from the protection of your router.

angelwatt · Nov 7, 2009, 07:16 AM

There's a potential that someone nearby (within range of your router) was sniffing packets from your machine and cracked the WEP on your router. As mentioned above, that's easy to do, and there's tools to automate the cracking of this security. You should use WPA or WPA2 if your router supports it as they are much harder to crack and be sure to use a strong password.

If someone did sniff your packets (doesn't that sound uncomfortable) then they could have also poisoned them and caused the Google issue you saw. If you entered any passwords during this time they may now be compromised so I would change them as soon as possible. Also, follow the other security advice above about turning off unneeded sharing options and make sure your firewall is on and maybe turn on stealth mode as well. The router is your first line of defense though. It's hard to say if they may have transferred any files off your machine, the system logs may hold some info, but it would be hard to look through them as there are thousands of lines in those logs.

Nov 7, 2009, 02:03 AM	#1
hellodon macrumors 6502 Join Date: Jan 2006	Please Help! Just Had Something Very Odd/Scary Happen! I just had the weirdest thing going on with google.com showing up with a bunch of code in safari (XML errors in Firefox). Neither would load google.com, I thought that google had been hacked or something - but it seems that it was only happening on my mac...because I posted a message on twitter/facebook asking if others were seeing it and no one was. I also loaded it up fine on my iPhone connected to the same router.... Attached a screen shot of what the error looked like So I went to restart to see if that fixed it and I got a warning I have NEVER seen before: "Are you sure you want to restart? There is 1 user connected to your computer using filesharing" Now, I'm not sure if it meant "connected using filesharing" or "connected and USING filesharing (like, transferring files)" I did not see anyone in finder even connected to my network. There's one MacBookPro here that is currently closed. My network/router is WEP protected. I havent gone to any shady websites, downloaded anything unusual or clicked anything out of the ordinary (though things like that are usually PC probs anyway). As soon as I restarted, I went into my system preferences and turned off screen sharing and file sharing. Checked google as well and that's now loading up fine as opposed to the page I saw before restarting The only thing I could think of is that I definitely was using the macbookpro within the past few days, using screen sharing to this imac, transferring a few files, and the imac is always left on so it hasnt been restarted or turned off since I last did that - but i closed that out on the MBP - could that have had anything to do with that message - maybe it never disconnected properly? As I said, no one was showing up in my finder as being on my network or connected to me Has anyone ever ran into anything like this? Am I at risk? Was someone stealing my files or was it just the previous connection to the MBP? Any idea why google looked like that? I was just assuming the 2 things may be tied together, like maybe someone was on my machine and it was causing some sort of google.com error but it could just be a fluke google error, and that MBP connection from this week...I dont really have much on my computer that would be valuable to anyone else file-wise (i don't think) but I do enter passwords on websites...some are saved, most arent . Is there any log of files transferred using filesharing? Any way for me to look into this? I mean, besides the obvious precaution of going through and changing all my passwords (i dont really want to do that) does anyone know if this is something to worry about? Sorry for the lengthy post - just wanted to make sure I give all details. Any help would be GREATLY appreciated. Thanks in advance. __________________ 2.8Ghz 24" intel iMac \| 2.0GB Ram \| 500GB HD \| SuperDrive 1.0Ghz 12" Powerbook G4 \| 1.25GB Ram \| 40GB HD \| SuperDrive Last edited by hellodon : Nov 7, 2009 at 04:26 AM.

Nov 7, 2009, 02:21 AM	#2
mac2x macrumors 6502a Join Date: Sep 2009	I don't know about the strange stuff appearing on your browser. BUT: 1: WEP is ridiculously easy to compromise. If your router isn't capable of using WPA 2 Personal, get one that is and use a strong password. If your router can do it, set it up ASAP. 2: Make sure Sharing is off in System Preferences, if it is not desired. 3: Ditch the torrents. No telling what sort of **** you get into from those. [edit] Also set the firewall under Security Preferences to allow only essential services whenever you are using a notebook (is this a notebook or a desktop?) in public places, away from the protection of your router. __________________ Unibody MacBook Pro, 2.4 GHz Core 2 Duo, 2 GB RAM 250 GB HD, running OS 10.5.8 Apple 24" LED Cinema Display 32 GB iPod touch

Nov 7, 2009, 07:16 AM	#3
angelwatt macrumors 601 Join Date: Aug 2005 Location: Ohio	There's a potential that someone nearby (within range of your router) was sniffing packets from your machine and cracked the WEP on your router. As mentioned above, that's easy to do, and there's tools to automate the cracking of this security. You should use WPA or WPA2 if your router supports it as they are much harder to crack and be sure to use a strong password. If someone did sniff your packets (doesn't that sound uncomfortable) then they could have also poisoned them and caused the Google issue you saw. If you entered any passwords during this time they may now be compromised so I would change them as soon as possible. Also, follow the other security advice above about turning off unneeded sharing options and make sure your firewall is on and maybe turn on stealth mode as well. The router is your first line of defense though. It's hard to say if they may have transferred any files off your machine, the system logs may hold some info, but it would be hard to look through them as there are thousands of lines in those logs. __________________ MRoogle can find your answers! Words on the Wall

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode