Mac's been Seriously hacked. And I need help determing the extent of damage.

Discussion in 'macOS' started by cloudlife, Oct 3, 2008.

  1. cloudlife macrumors newbie

    Jun 18, 2007
    Well, it all started when i woke up one morning, look at websites, etc when i tried to download a small pdf file. I was told i was out of hd space, impossible because 1. it's a pdf 2. i remember having at least several gbs.

    I check my hd space. It shows 0, I tried deleting files and to my dismay my hard drive space slowly filled itself without any running applications. Immediately i began locking down my computer, locking down security preferences, and the one thing that tipped me off was when i tried to restart.

    Window popped up saying "One apple user is connected to your computer. Are you sure you want to disconnect?"

    I immediately went to my sharing preferences and basically blocked out everything. In the end it was Personal file sharing under the firewall tab that allowed him to connect. (<- Don't leave that on at all.)

    Now i've changed my router admin password, wifi password, user password, run clamx (detected nothing....), running little snitch, and i turn off wifi before i go to sleep. But still paranoid, going to ask a friend who has leopard family pack to install that on my computer.

    There's only one thing i'm really worried about. How easy is it for a hacker to run a keyboard logger in the background and send the information without me knowing it?

    As far as i can tell, he was able to fill my hard drive and maybe mess around with my monitor. It had a weird problem where the monitor was only useable for a few seconds before the screen image began to dissolve....

    Any help would be appreciated.
  2. nebmot macrumors newbie

    Sep 5, 2008
    San Diego, CA
    back up your data, and erase using security settings, the 7 passes meets the DOD requirement. After that reinstall what ever OS (tiger or leopard) and go back to using your mac as before.
  3. mshepherd macrumors regular

    Feb 29, 2004
    Where was he putting files? If you have guest access turned on he could have just been dropping files in your drop box in your shared directory and giving you a simple denial of service attack by filling your disk space :).
  4. Sun Baked macrumors G5

    Sun Baked

    May 19, 2002
    Or his access was causing the error logs to expand enough to fill the drive space.

    A DOS attack through error log.

    Look at the log sizes and delete if needed, though a lot of the people I've seen usually did this to themselves with some sort of Samba error.

Share This Page