I got Hacked! What do I do now?

Discussion in 'iMac' started by roro78, Feb 6, 2009.

  1. macrumors newbie

    Joined:
    Feb 6, 2009
    #1
    Hi there, not sure if this is the right forum but I searched the site for hacks and didn't find anything. So I hope some one can help or redirect me.

    last night at around 10ish, I went on my computer and a browser window i had left open was now saying: "Turkish Hacker by Firtina bozo was here!"
    I'm assuming I've been hacked.
    I looked more into mac security and discovered I could enable Stealth Mode ( a bit too late i know ) but I did it anyway. Question now is... How do I know he is no longer connected? is it possible to see what files the hacker (cracker) was interested in if any? I was trying to look at the system log but don't really understand how to read it. All I know is I was away from the computer from around 4pm until around 10pm. but I see a lot of log activity between those times...
    I don't know
    PLEASE HELP...
     
  2. macrumors 68000

    yoyo5280

    Joined:
    Feb 24, 2007
    Location:
    Melbourne, Australia & Bay Area
    #2
    It could be very likely that you weren't actually hacked.

    Step one though, turn on firewall and disconnect from the internet. Use a different computer to post here

    Please post your computer details (OS and stuff)

    I know some free mac antivirus
     
  3. macrumors 68020

    pknz

    Joined:
    Mar 22, 2005
    Location:
    NZ
    #3
    Most likely just a pop up.

    Try google

    "Turkish Hacker by Firtina bozo was here" you get quite a few hits.
     
  4. macrumors 68000

    yoyo5280

    Joined:
    Feb 24, 2007
    Location:
    Melbourne, Australia & Bay Area
    #4
    Upon more research, I am assuming that is merely a hack to websites.


    Turkish hacker hacks websites to merely put on content about him self and how he loves turkey
     
  5. macrumors 6502a

    vinay427

    Joined:
    Sep 18, 2008
    #5
    Random question, but does he love the food or the country? I'm guessing the country...
     
  6. macrumors 68000

    yoyo5280

    Joined:
    Feb 24, 2007
    Location:
    Melbourne, Australia & Bay Area
    #6
    Haha the country. Looks like the ones on google show stuff like

    F888 USA
    GO TURKEY

    and stuff
     
  7. macrumors 6502a

    vinay427

    Joined:
    Sep 18, 2008
    #7
    What does F888 mean? :confused:

    EDIT: Well I sure am slow. F*** might work better. :p
     
  8. macrumors 68000

    yoyo5280

    Joined:
    Feb 24, 2007
    Location:
    Melbourne, Australia & Bay Area
    #8
    in place of a word that will get me banned ;)
     
  9. macrumors regular

    Joined:
    Dec 7, 2008
    Location:
    near Pittsburgh,pa
  10. macrumors 68000

    yoyo5280

    Joined:
    Feb 24, 2007
    Location:
    Melbourne, Australia & Bay Area
    #10
    thats all good an all but look carefully. the google results are NOT helpful
     
  11. macrumors 6502

    Theaser

    Joined:
    Dec 30, 2008
    #11
    Man, do hackers have weird names. Who names themselves Firtina Bozo, Theaser would be a cool name :D? I think that its just to make you think its Turkish. I bet you will find it in another country after you traced the IP.
     
  12. macrumors member

    Joined:
    Jan 11, 2009
    #12
    It is highly unlikely that you were hacked, especially if you are using a Mac. I suspect as many others that your browser was pointed to a bogus webpage or popup. This happens all the time and I wouldn't be very alarmed if I were you.
     
  13. macrumors 68000

    Joined:
    Jan 17, 2008
    Location:
    Philly
    #13
    Defcon proved OSX was less secure than Vista, I think it was last year.
     
  14. macrumors 68000

    yoyo5280

    Joined:
    Feb 24, 2007
    Location:
    Melbourne, Australia & Bay Area
    #14
    Wouldn't be surprised. I think apple gets lazy because of the lack of viruses.
     
  15. macrumors regular

    HazRutter

    Joined:
    Jan 2, 2009
    Location:
    England
    #15
    Damn, vista is more secure than OSX? Hopefully that will be fixed in Snow Lepoard :)
     
  16. macrumors regular

    Joined:
    Dec 5, 2008
    #16
    Unlikely, but it is possible. People like to make fun of windows, but it is a quite secure platform.
     
  17. macrumors regular

    HazRutter

    Joined:
    Jan 2, 2009
    Location:
    England
    #17
    Grr, were you saying its unlikley that Snow Lepoard will be more secure or that Vista is more secure than OSX?
     
  18. macrumors 68000

    Love

    Joined:
    Jan 20, 2007
    Location:
    Just southeast of Northwestshire
    #18
    First off - that's hilarious.

    Second - What kind of internet connection are you on? If it's wireless, do you have password security on the network?
     
  19. macrumors 6502

    Joined:
    Aug 18, 2006
    #19
    Weren't they actually comparing Leopard + third party software with a base vista install? Or was it the default Leopard install vs. a hardened Vista install?

    There are way too many ******** comparisons out there :(
    I know I've seen the above two, but one would assume it'd be a more competent comparison at Defcon.

    Or, are you perhaps thinking of the test where the successful hackers would get to keep the hardware?
    I.e., a brand new MBP vs. a Dell or HP vista machine, at a time when Vista was behaving notoriously bad? (in other words, biased results here too)
     
  20. macrumors regular

    Joined:
    Jan 14, 2008
    #20
    Wow. I've never looked at my Stealth log before. When I did today (thanks to this post) I see lots of connection attempts. Here's a sample:

    Feb 8 12:35:52 Macintosh Firewall[54]: krb5kdc is listening from :::88 uid = 0 proto=6
    Feb 8 12:35:52 Macintosh Firewall[54]: krb5kdc is listening from 0.0.0.0:88 uid = 0 proto=6
    Feb 8 12:35:55 Macintosh Firewall[54]: krb5kdc is listening from :::88 uid = 0 proto=6
    Feb 8 12:35:55 Macintosh Firewall[54]: krb5kdc is listening from 0.0.0.0:88 uid = 0 proto=6
    Feb 8 12:36:03 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:56055 from 10.0.1.1:53
    Feb 8 12:36:04 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:68 from 10.0.1.1:67
    Feb 8 12:36:34: --- last message repeated 2 times ---
    Feb 8 12:36:38 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:58537 from 10.0.1.1:53
    Feb 8 12:36:39 Macintosh Firewall[54]: Stealth Mode connection attempt to TCP 10.0.1.199:50748 from 205.216.12.25:80
    Feb 8 12:37:00: --- last message repeated 2 times ---
    Feb 8 12:37:00 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:58802 from 10.0.1.1:53
    Feb 8 12:37:15 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:55820 from 10.0.1.1:53
    Feb 8 12:37:18 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:54464 from 10.0.1.1:53
    Feb 8 12:37:26 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:55839 from 10.0.1.1:53
    Feb 8 12:37:49 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:57081 from 10.0.1.1:53
    Feb 8 12:38:19: --- last message repeated 1 time ---
    Feb 8 12:39:46 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:63957 from 10.0.1.1:53
    Feb 8 12:39:48 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:55623 from 10.0.1.1:53
    Feb 8 12:40:20 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:68 from 10.0.1.1:67
    Feb 8 12:40:40 Macintosh Firewall[54]: Stealth Mode connection attempt to UDP 10.0.1.199:65300 from 10.0.1.1:53
    ... etc....

    What is "krb5kdc is listening"? Is any of this anything to be concerned about? I have some firewall protection up, but maybe not enough. I join the original poster in asking: what kind of set-up should I set up to be safe enough? (I'm not anal. And for the most part I don't have sensitive material on my computer. Still, I'd rather not have my computer attacked for nefarious purposes.)

    Thanks.
     
  21. macrumors 6502

    mattniles007

    Joined:
    Dec 4, 2005
    Location:
    Michigan
    #21
    I agree, they probably got lulled to sleep.
     
  22. macrumors 6502

    Joined:
    Aug 18, 2006
    #22
    krb5kdc sounds like it's related to kerberos authentication.
    10.0.0.0/8 is a private network -- i.e., not on the Internet (in other words, those connection attempts are from your own network).
     
  23. macrumors 6502a

    Joined:
    Jan 2, 2009
    #23
    Em...maybe the website was hacked and nothing actually happened to you? Does the website appear correctly on other computers? Or do you get this on more websites?

    I'm sorta confused :S
     
  24. thread starter macrumors newbie

    Joined:
    Feb 6, 2009
    #24
    i am on a wireless network and there is a password security.
    The browser window that was open was actually my web site.
    I guess I should contact my host...?
     
  25. macrumors 6502

    Joined:
    Jan 30, 2007
    Location:
    Inside the Machine (Green Bay, WI)
    #25
    Reload your website. (What's the url btw?) Is the message still there? Is supposed to auto refresh after a time? Sounds like your website got hacked.
     

Share This Page