Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Is there a way to tell if someone has gotten into my Mac remotely?
- Thread starter Naimfan
- Start date
- Sort by reaction score
You could use an app like Little Snitch to catch unwanted network activity. Of course, you could only catch them in the act this way. It wouldn't be able to check if you have been hacked.
What makes you think you've been hacked? Are you running with a password enabled?
What makes you think you've been hacked? Are you running with a password enabled?
Mad Jew--
Thanks for the tip on Little Snitch--now installed and running.
I don't know that I have been hacked--I just noticed that recently my Yahoo messenger started flaking out, and that some sites on Safari took a lot longer to load then they had previously. That's the "what made me think of it part."
The why part--short form--my ex-fiance just accused me of using a computer program to find out her passwords, and her ex-husband fancies himself as something of a computer type. So the thought crossed my mind that he may have tried to access my Mac over the web. I don't have any kind of file sharing turned on, so I don't know if someone could get into it. But I thought I'd ask!
Bob
Thanks for the tip on Little Snitch--now installed and running.
I don't know that I have been hacked--I just noticed that recently my Yahoo messenger started flaking out, and that some sites on Safari took a lot longer to load then they had previously. That's the "what made me think of it part."
The why part--short form--my ex-fiance just accused me of using a computer program to find out her passwords, and her ex-husband fancies himself as something of a computer type. So the thought crossed my mind that he may have tried to access my Mac over the web. I don't have any kind of file sharing turned on, so I don't know if someone could get into it. But I thought I'd ask!
Bob
Ahh, okay. Well, make sure your accounts have passwords on them (these can be turned on or changed in System Preferences) and ensure your firewall is also turned on. Although still possible, your Mac is pretty secure if you take those two steps.
I'm sorry to hear about the hate.
I'm sorry to hear about the hate.
Mad Jew--
UPDATE--I just looked in the trash, and discovered a whole host of Word work files. Most disturbingly, there appears, under "ownership and permissions" details, a group called "wheel" appears as having "read only" access. I have never set up any group--I'd have to go to Help to even find out how to do it.
Also, "smbclient" wanted to talk to IP address 167.254.27.255. So I now fear the worst has happened.
Thanks again--I have always done both of those, and use a user account for most everything. Both accounts are password protected, and firewall is always on.
I've changed my passwords again on the off chance there is some sort of remote keystroke recorder program running.
Bob
UPDATE--I just looked in the trash, and discovered a whole host of Word work files. Most disturbingly, there appears, under "ownership and permissions" details, a group called "wheel" appears as having "read only" access. I have never set up any group--I'd have to go to Help to even find out how to do it.
Also, "smbclient" wanted to talk to IP address 167.254.27.255. So I now fear the worst has happened.
Thanks again--I have always done both of those, and use a user account for most everything. Both accounts are password protected, and firewall is always on.
I've changed my passwords again on the off chance there is some sort of remote keystroke recorder program running.
Bob
Naimfan said:
Potentially worrying, however...
Naimfan said:
...the chances of a keystroke app running in the background are very slim. Changing the password should be enough to keep you out of trouble. These Word documents in the Trash are disturbing though. If it keeps happening, I'd think about telling the police.
Good luck with it all.
Naimfan said:
I know the "wheel" group is supposed to exist, so this may be normal. From what I know, any user with root access is supposed to be a member of "wheel."
Naimfan said:
smbclient is the application that allows you to access Windows shares.
I ran whois on that address, which revealed that it's part of a block of addresses belonging to Fujitsu:
Code:
OrgName: Fujitsu Network Transmission Systems, Inc.
OrgID: FNTS-1
Address: 2801 Telecom Parkway
City: Richardson
StateProv: TX
PostalCode: 75082
Country: US
NetRange: 167.254.0.0 - 167.254.255.255Is there anyone who works for Fujitsu in this web of intrigue?
Naimfan-
I don't think you have anything to worry about based on the symptoms you've given. The Word work files you've discovered are a common occurence if you use Word regularly; it tends to sock settings and backup copies of your work in those files, then throw them away when you quit. As for the wheel group, this is the group on your computer that contains all administrators, and is created by default when the operating system is installed. You are most likely running as an administrator and are thus a member of this group.
As for smbclient, I'm not absolutely sure when this program is used, but it's entirely possible that it's being called by some other, more innocent program. In any case, a whois lookup on the address it's talking to gives the following:
OrgName: Fujitsu Network Transmission Systems, Inc.
OrgID: FNTS-1
Address: 2801 Telecom Parkway
City: Richardson
StateProv: TX
PostalCode: 75082
Country: US
If that looks familiar, then you may have a problem. If not, or if neither you nor your ex-fiance's ex-husband live in texas, then that is almost certainly unrelated to any problems you've been having.
Further, breaking into a mac is very difficult if filesharing is off and the firewall is up. So don't fret too much about the weirdness of your mac's internal workings, most of the time you'll be safe.
Good luck.
I don't think you have anything to worry about based on the symptoms you've given. The Word work files you've discovered are a common occurence if you use Word regularly; it tends to sock settings and backup copies of your work in those files, then throw them away when you quit. As for the wheel group, this is the group on your computer that contains all administrators, and is created by default when the operating system is installed. You are most likely running as an administrator and are thus a member of this group.
As for smbclient, I'm not absolutely sure when this program is used, but it's entirely possible that it's being called by some other, more innocent program. In any case, a whois lookup on the address it's talking to gives the following:
OrgName: Fujitsu Network Transmission Systems, Inc.
OrgID: FNTS-1
Address: 2801 Telecom Parkway
City: Richardson
StateProv: TX
PostalCode: 75082
Country: US
If that looks familiar, then you may have a problem. If not, or if neither you nor your ex-fiance's ex-husband live in texas, then that is almost certainly unrelated to any problems you've been having.
Further, breaking into a mac is very difficult if filesharing is off and the firewall is up. So don't fret too much about the weirdness of your mac's internal workings, most of the time you'll be safe.
Good luck.
lsyx said:Looks like blackstone and I were thinking the same thing at the same time.
Haha, I guess great minds think alike...
Thanks all!
I really really appreciate your help and input!
I have indeed talked to the police--not about this, but about the underlying incident (BAD breakup!).
I feel much better--I also did a whois and a network trace, and didn't see a single reference to the IP address I was concerned about. And no, no one involved works for Fujitsu, at least not that I know of.
Not to be repetitive, but thanks all!
Bob
I really really appreciate your help and input!
I have indeed talked to the police--not about this, but about the underlying incident (BAD breakup!).
I feel much better--I also did a whois and a network trace, and didn't see a single reference to the IP address I was concerned about. And no, no one involved works for Fujitsu, at least not that I know of.
Not to be repetitive, but thanks all!
Bob