Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Hardware > Desktops > iMac

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 6, 2009, 05:05 PM   #1
roro78
macrumors newbie
 
Join Date: Feb 2009
Question I got Hacked! What do I do now?

Hi there, not sure if this is the right forum but I searched the site for hacks and didn't find anything. So I hope some one can help or redirect me.

last night at around 10ish, I went on my computer and a browser window i had left open was now saying: "Turkish Hacker by Firtina bozo was here!"
I'm assuming I've been hacked.
I looked more into mac security and discovered I could enable Stealth Mode ( a bit too late i know ) but I did it anyway. Question now is... How do I know he is no longer connected? is it possible to see what files the hacker (cracker) was interested in if any? I was trying to look at the system log but don't really understand how to read it. All I know is I was away from the computer from around 4pm until around 10pm. but I see a lot of log activity between those times...
I don't know
PLEASE HELP...
roro78 is offline   0 Reply With Quote
Old Feb 6, 2009, 05:10 PM   #2
yoyo5280
macrumors 68000
 
yoyo5280's Avatar
 
Join Date: Feb 2007
Location: Melbourne, Australia & Bay Area
It could be very likely that you weren't actually hacked.

Step one though, turn on firewall and disconnect from the internet. Use a different computer to post here

Please post your computer details (OS and stuff)

I know some free mac antivirus
__________________
tweet!
join #macrumors on irc.krono.net and look for Omi
yoyo5280 is offline   0 Reply With Quote
Old Feb 6, 2009, 05:11 PM   #3
pknz
macrumors 68020
 
pknz's Avatar
 
Join Date: Mar 2005
Location: NZ
Most likely just a pop up.

Try google

"Turkish Hacker by Firtina bozo was here" you get quite a few hits.
pknz is offline   0 Reply With Quote
Old Feb 6, 2009, 05:21 PM   #4
yoyo5280
macrumors 68000
 
yoyo5280's Avatar
 
Join Date: Feb 2007
Location: Melbourne, Australia & Bay Area
Upon more research, I am assuming that is merely a hack to websites.


Turkish hacker hacks websites to merely put on content about him self and how he loves turkey
__________________
tweet!
join #macrumors on irc.krono.net and look for Omi
yoyo5280 is offline   0 Reply With Quote
Old Feb 6, 2009, 05:25 PM   #5
vinay427
macrumors 6502a
 
vinay427's Avatar
 
Join Date: Sep 2008
Quote:
Originally Posted by yoyo5280 View Post
Upon more research, I am assuming that is merely a hack to websites.


Turkish hacker hacks websites to merely put on content about him self and how he loves turkey
Random question, but does he love the food or the country? I'm guessing the country...
__________________
Sorry, but my signature out right now. He'll be back soon.
***PM me to get $25 for free when you switch to AT&T. *** Only 1 left!
vinay427 is offline   0 Reply With Quote
Old Feb 6, 2009, 05:27 PM   #6
yoyo5280
macrumors 68000
 
yoyo5280's Avatar
 
Join Date: Feb 2007
Location: Melbourne, Australia & Bay Area
Quote:
Originally Posted by vinay427 View Post
Random question, but does he love the food or the country? I'm guessing the country...
Haha the country. Looks like the ones on google show stuff like

F888 USA
GO TURKEY

and stuff
__________________
tweet!
join #macrumors on irc.krono.net and look for Omi
yoyo5280 is offline   0 Reply With Quote
Old Feb 6, 2009, 05:31 PM   #7
vinay427
macrumors 6502a
 
vinay427's Avatar
 
Join Date: Sep 2008
Quote:
Originally Posted by yoyo5280 View Post
Haha the country. Looks like the ones on google show stuff like

F888 USA
GO TURKEY

and stuff
What does F888 mean?

EDIT: Well I sure am slow. ******* might work better.
__________________
Sorry, but my signature out right now. He'll be back soon.
***PM me to get $25 for free when you switch to AT&T. *** Only 1 left!

Last edited by vinay427; Apr 12, 2009 at 11:58 AM.
vinay427 is offline   0 Reply With Quote
Old Feb 6, 2009, 05:32 PM   #8
yoyo5280
macrumors 68000
 
yoyo5280's Avatar
 
Join Date: Feb 2007
Location: Melbourne, Australia & Bay Area
Quote:
Originally Posted by vinay427 View Post
What does F888 mean?
in place of a word that will get me banned
__________________
tweet!
join #macrumors on irc.krono.net and look for Omi
yoyo5280 is offline   0 Reply With Quote
Old Feb 6, 2009, 05:58 PM   #9
gamer2502
macrumors regular
 
Join Date: Dec 2008
Location: near Pittsburgh,pa
http://tinyurl.com/alhogs
__________________
13'' aluminum macbook 2.4ghz 2gb ram 250gb
1 quad core intel pc running ubuntu and vista ultimate and 1 amd pc running windows7 ultimate beta
gamer2502 is offline   0 Reply With Quote
Old Feb 6, 2009, 10:29 PM   #10
yoyo5280
macrumors 68000
 
yoyo5280's Avatar
 
Join Date: Feb 2007
Location: Melbourne, Australia & Bay Area
Quote:
Originally Posted by gamer2502 View Post
thats all good an all but look carefully. the google results are NOT helpful
__________________
tweet!
join #macrumors on irc.krono.net and look for Omi
yoyo5280 is offline   0 Reply With Quote
Old Feb 6, 2009, 11:19 PM   #11
Theaser
macrumors 6502
 
Join Date: Dec 2008
Man, do hackers have weird names. Who names themselves Firtina Bozo, Theaser would be a cool name ? I think that its just to make you think its Turkish. I bet you will find it in another country after you traced the IP.
__________________
8 GB - iPod Nano 3G (Black)
iPhone 3G 8 GB
Theaser is offline   0 Reply With Quote
Old Feb 7, 2009, 08:31 PM   #12
MacAgent84
macrumors member
 
Join Date: Jan 2009
It is highly unlikely that you were hacked, especially if you are using a Mac. I suspect as many others that your browser was pointed to a bogus webpage or popup. This happens all the time and I wouldn't be very alarmed if I were you.
__________________
OS X Mac Tips & Tricks
MacAgent84 is offline   0 Reply With Quote
Old Feb 7, 2009, 08:33 PM   #13
m1stake
macrumors 68000
 
Join Date: Jan 2008
Location: Philly
Quote:
Originally Posted by MacAgent84 View Post
It is highly unlikely that you were hacked, especially if you are using a Mac. I suspect as many others that your browser was pointed to a bogus webpage or popup. This happens all the time and I wouldn't be very alarmed if I were you.
Defcon proved OSX was less secure than Vista, I think it was last year.
__________________
UMBP/2.4/9600GT/4GB/160GB X25-M
iPhone 4/16GB/Black
m1stake is offline   0 Reply With Quote
Old Feb 7, 2009, 11:09 PM   #14
yoyo5280
macrumors 68000
 
yoyo5280's Avatar
 
Join Date: Feb 2007
Location: Melbourne, Australia & Bay Area
Quote:
Originally Posted by m1stake View Post
Defcon proved OSX was less secure than Vista, I think it was last year.
Wouldn't be surprised. I think apple gets lazy because of the lack of viruses.
__________________
tweet!
join #macrumors on irc.krono.net and look for Omi
yoyo5280 is offline   0 Reply With Quote
Old Feb 8, 2009, 03:50 AM   #15
HazRutter
macrumors regular
 
Join Date: Jan 2009
Location: England
Damn, vista is more secure than OSX? Hopefully that will be fixed in Snow Lepoard
__________________
iPod Classic 120gb Early 2009 2.66ghz iMac Mid 2009 2.26ghz Unibody Macbook Pro

Flickr
HazRutter is offline   0 Reply With Quote
Old Feb 8, 2009, 09:49 AM   #16
Passive101
macrumors regular
 
Join Date: Dec 2008
Quote:
Originally Posted by HazRutter View Post
Damn, vista is more secure than OSX? Hopefully that will be fixed in Snow Lepoard
Unlikely, but it is possible. People like to make fun of windows, but it is a quite secure platform.
Passive101 is offline   0 Reply With Quote
Old Feb 8, 2009, 11:03 AM   #17
HazRutter
macrumors regular
 
Join Date: Jan 2009
Location: England
Grr, were you saying its unlikley that Snow Lepoard will be more secure or that Vista is more secure than OSX?
__________________
iPod Classic 120gb Early 2009 2.66ghz iMac Mid 2009 2.26ghz Unibody Macbook Pro

Flickr
HazRutter is offline   0 Reply With Quote
Old Feb 8, 2009, 11:16 AM   #18
Love
macrumors 68000
 
Love's Avatar
 
Join Date: Jan 2007
Location: Just southeast of Northwestshire
First off - that's hilarious.

Second - What kind of internet connection are you on? If it's wireless, do you have password security on the network?
Love is offline   0 Reply With Quote
Old Feb 8, 2009, 11:44 AM   #19
rylin
macrumors 6502
 
Join Date: Aug 2006
Quote:
Originally Posted by m1stake View Post
Defcon proved OSX was less secure than Vista, I think it was last year.
Weren't they actually comparing Leopard + third party software with a base vista install? Or was it the default Leopard install vs. a hardened Vista install?

There are way too many ******** comparisons out there
I know I've seen the above two, but one would assume it'd be a more competent comparison at Defcon.

Or, are you perhaps thinking of the test where the successful hackers would get to keep the hardware?
I.e., a brand new MBP vs. a Dell or HP vista machine, at a time when Vista was behaving notoriously bad? (in other words, biased results here too)
rylin is offline   0 Reply With Quote
Old Feb 8, 2009, 12:06 PM   #20
Thorbjorn
macrumors regular
 
Join Date: Jan 2008
Wow. I've never looked at my Stealth log before. When I did today (thanks to this post) I see lots of connection attempts. Here's a sample:

Feb 8 12:35:52 Macintosh Firewall[54]: krb5kdc is listening from :::88 uid = 0 proto=6
Feb 8 12:35:52 Macintosh Firewall[54]: krb5kdc is listening from 0.0.0.0:88 uid = 0 proto=6
Feb 8 12:35:55 Macintosh Firewall[54]: krb5kdc is listening from :::88 uid = 0 proto=6
Feb 8 12:35:55 Macintosh Firewall[54]: krb5kdc is listening from 0.0.0.0:88 uid = 0 proto=6
Feb 8 12:36:03 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:56055 from 10.0.1.1:53
Feb 8 12:36:04 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:68 from 10.0.1.1:67
Feb 8 12:36:34: --- last message repeated 2 times ---
Feb 8 12:36:38 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:58537 from 10.0.1.1:53
Feb 8 12:36:39 Macintosh Firewall[54]: Stealth Mode connection attempt to TCP 10.0.1.199:50748 from 205.216.12.25:80
Feb 8 12:37:00: --- last message repeated 2 times ---
Feb 8 12:37:00 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:58802 from 10.0.1.1:53
Feb 8 12:37:15 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:55820 from 10.0.1.1:53
Feb 8 12:37:18 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:54464 from 10.0.1.1:53
Feb 8 12:37:26 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:55839 from 10.0.1.1:53
Feb 8 12:37:49 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:57081 from 10.0.1.1:53
Feb 8 12:38:19: --- last message repeated 1 time ---
Feb 8 12:39:46 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:63957 from 10.0.1.1:53
Feb 8 12:39:48 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:55623 from 10.0.1.1:53
Feb 8 12:40:20 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:68 from 10.0.1.1:67
Feb 8 12:40:40 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:65300 from 10.0.1.1:53
... etc....

What is "krb5kdc is listening"? Is any of this anything to be concerned about? I have some firewall protection up, but maybe not enough. I join the original poster in asking: what kind of set-up should I set up to be safe enough? (I'm not anal. And for the most part I don't have sensitive material on my computer. Still, I'd rather not have my computer attacked for nefarious purposes.)

Thanks.
Thorbjorn is offline   0 Reply With Quote
Old Feb 8, 2009, 12:32 PM   #21
mattniles007
macrumors 6502
 
Join Date: Dec 2005
Location: Michigan
Send a message via AIM to mattniles007
Quote:
Originally Posted by yoyo5280 View Post
Wouldn't be surprised. I think apple gets lazy because of the lack of viruses.
I agree, they probably got lulled to sleep.
__________________
27" Aluminum iMac. 15" MacBook Pro Unibody 2.4Ghz; iPhone 4 32GB; iPad 64GB;15" MacBook Pro SR 200GB; 20"iMac White.
mattniles007 is offline   0 Reply With Quote
Old Feb 8, 2009, 01:28 PM   #22
rylin
macrumors 6502
 
Join Date: Aug 2006
Quote:
Originally Posted by Thorbjorn View Post
Wow. I've never looked at my Stealth log before. When I did today (thanks to this post) I see lots of connection attempts. Here's a sample:
krb5kdc sounds like it's related to kerberos authentication.
10.0.0.0/8 is a private network -- i.e., not on the Internet (in other words, those connection attempts are from your own network).
rylin is offline   0 Reply With Quote
Old Feb 8, 2009, 01:57 PM   #23
EmperorDarius
macrumors 6502a
 
Join Date: Jan 2009
Em...maybe the website was hacked and nothing actually happened to you? Does the website appear correctly on other computers? Or do you get this on more websites?

I'm sorta confused :S
EmperorDarius is offline   0 Reply With Quote
Old Feb 9, 2009, 09:12 AM   #24
roro78
Thread Starter
macrumors newbie
 
Join Date: Feb 2009
Quote:
Originally Posted by Love View Post
First off - that's hilarious.

Second - What kind of internet connection are you on? If it's wireless, do you have password security on the network?
i am on a wireless network and there is a password security.
The browser window that was open was actually my web site.
I guess I should contact my host...?
roro78 is offline   0 Reply With Quote
Old Feb 9, 2009, 09:31 AM   #25
SpinThis!
macrumors 6502
 
Join Date: Jan 2007
Location: Inside the Machine (Green Bay, WI)
Reload your website. (What's the url btw?) Is the message still there? Is supposed to auto refresh after a time? Sounds like your website got hacked.
SpinThis! is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Hardware > Desktops > iMac

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
May have been hacked? jiker OS X 5 Oct 21, 2013 11:00 PM
Have I been hacked? appleseedeater OS X 5 Jun 12, 2013 03:19 PM
Hacked Need Help CapeFearless MacBook 0 Jan 9, 2013 03:40 PM
Have I been hacked??? cjr611 Mac Basics and Help 7 Sep 27, 2012 02:55 PM
Hacked? nwebb Mac OS X 10.7 Lion 3 Jul 14, 2012 12:52 PM

Forum Jump

All times are GMT -5. The time now is 01:38 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC