Help, I’ve been hacked! (or maybe I haven't!) Please help me improve my security.

ToTo Man

macrumors regular
Original poster
Oct 22, 2008
145
1
Not sure if I've posted this in the right forum so mods please feel free to move if necessary.

I should say here at the start that my knowledge of networks and network security is very basic, so please bear with me.

Last night as I attempted to shut down my Mac Pro I received a warning message informing me that there were still “8 users connected to this computer”. :eek: WTF???!!! This is the first time I’ve encountered this (sometimes it might say “there are still 1 or 2 users connected” but this only happens when I forget to shut down my other computers first, hence I assume this message referred to my other computers being connected, but I definitely do not have 8 other computers!).

My home network consists of an AirPort Extreme, to which I have my Mac Pro connected by ethernet cable, plus 3 other machines by wifi via WPA2 password (a Mac Mini, MacBook Air and iPhone).

In my mind the Mac Pro would have been the least vulnerable and unlikely to be hacked, given that it is NOT connected by wifi, and I don’t use it surf the web or download any apps or other files. I do however have enabled File Sharing and Screen Sharing on the MP, plus Allow Incoming Connections for iTunes, so that I can control the MP and access its content using the other computers on my network (using the MP’s log-in name and password).

As I said above, last night was the first night that set alarm bells off in my mind, but maybe I’ve been hacked before and I just didn’t notice it. Having limited knowledge of networks and network security, my knee-jerk reaction was to disable Screen Sharing and File Sharing, but this isn’t really a practical long-term solution as it means I can no longer access or control the MP through my other machines on my network.

I would be extremely grateful for any explanations you could give me on how my MP could have been hacked, and any advice on how to improve my security to reduce the risk of this happening in the future?
 
Last edited:

eawmp1

macrumors 601
Feb 19, 2008
4,135
5
FL
Have you opened Airport Utility to see what is connected to your wifi network?
 

ToTo Man

macrumors regular
Original poster
Oct 22, 2008
145
1
Have you opened Airport Utility to see what is connected to your wifi network?
Yes, and according to AirPort utility there aren't any wireless clients connected to my wifi network other than my own computers.
 

benwiggy

macrumors 68020
Jun 15, 2012
2,186
15
It's unlikely that you were hacked. To be hacked, the intruder would have had to:
connect to your WiFi network (possible, but rare);
Then login to your shared folders using a valid username and password.
Then get a few mates to do the same thing.

It's more likely that this is a bug in which the same computer/device is re-logging on without logging off. Most likely a laptop that goes to sleep and wakes up, re-acquiring the share. Or possibly the iPhone.

This is purely a guess based on the description of the problem.

However, if you think you're being hacked, then change all your passwords for starters.
 

dan1eln1el5en

macrumors 6502
Jan 3, 2012
380
22
Copenhagen, Denmark
usually get those from iTunes sharing (iPhone, iPad etc.)

if you were a hacker and you "hacked" in a way that the system would report it to the user, then you are a useless hacker ;)

if you want to check go to "Console" in Utilities folder under Applications, and check the security logs.
 

ToTo Man

macrumors regular
Original poster
Oct 22, 2008
145
1
The more I read on this subject the more it appears it is a glitch as you say rather than actual unauthorised access from outsiders, so thank you for helping to further put my mind at ease. I was genuinely panicked last night!

I'm still not 100% convinced though, because last night by Mac Pro was definitely the last computer to be shut down, so I'd have expected the duplicate log-ons / log-offs to have cleared when the other computers were shut down, no?

Have Apple ever attempted to fix this problem, or is it yet another that has been put on the 'back burner'?