May have been hacked?

Discussion in 'macOS' started by jiker, Oct 21, 2013.

  1. jiker macrumors member

    Joined:
    Apr 12, 2002
    #1
    I'm nervous, and I'm looking for some advice/help. Last week I spent some time getting a domain pointing to my Synology NAS via ddns. I mainly did this for access to my files/music/etc from outside my network. I also thought hosting my own blog/photos would be cool.

    I figured Synology had all (most?) of the security holes plugged in said services or otherwise they wouldn't tout it as a feature. I followed all their recommendations for securing their system. I set up the ddns service, forwarded the proper ports through my firewall to my NAS, and after a few hours of playing with it, got everything working as I would expect.

    Ever since, I've been hyper-sensitive about any activity, checking the system logs on the NAS for unauthorized connections etc. because I'm paranoid - this is where I store all my backups, all my media etc. Perhaps I should have a dedicated machine for backups vs. the media server, but I digress. Long story short, I haven't seen anything out of the ordinary happening.

    I went away this past weekend for a wedding, and when I came back, my computer was not behaving well (running snow leopard server). I only had firefox up on the machine, which had a gmail tab, and a tab for Synology DSM (and macrumors of course). Firefox was locked up, I had mouse control but I couldn't open Activity Monitor or the force quit window, but the part that scared me was that the generic Apple app icon was in the dock (icon with sheet of paper in the background and a pencil and paintbrush making an A), which was also not responsive. I don't know what would have caused the crash or to make that app run, but I'm nervous. I had to hard reboot the machine to bring it back.

    So that's the backdrop. He's the question:

    I've looked through the console logs to see if anything would show up there, but didn't see anything out of the ordinary from the past couple days. Is there anywhere I can see what processes or apps have run in the past few days? I guess I could try to set up a log capturing network traffic to see if anything malicious was phoning home, but that's all I can think of. I'm worried there might be a keylogger or something else bad that got installed. or perhaps I'm just scaring myself?
     
  2. nebo1ss macrumors 68030

    Joined:
    Jun 2, 2010
    #2
    Just as a matter of interest are you using Port translation on the NAS so that the ports you access from the internet are some non-descript non standard ones and those are the only ones allowed.
     
  3. jiker thread starter macrumors member

    Joined:
    Apr 12, 2002
    #3
    For the file serving/media serving, I am using non standard ports. But for the blog/photo packages I was using 80/443. I have since disabled those ports out of fear.
     
  4. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #4
    The only way you could have a keylogger is if you installed it yourself, or gave someone access to install it on your computer. You can check Activity Monitor and Console to see what apps or processes are running or have run recently. There are many possible explanations for your symptoms, with malware being the least likely.

    The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). 3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link.
    Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.

    In over five years of reading posts by people who claimed their Mac was hacked, not a single one ever was. The likelihood that an average Mac user will have their computer hacked is ridiculously remote.
     
  5. jiker thread starter macrumors member

    Joined:
    Apr 12, 2002
    #5
    Alright.. thanks for confirming my paranoia. I definitely follow the guidelines listed, so the app thing and the lock up must have been something else (not sure what). I didn't see anything obvious in activity monitor or console. Is there anywhere else that might have logs about incoming connections?

    Should I be concerned about hosting from my NAS? I could always just get web/photo hosting from somewhere that has an army of people and equipment supporting my website - perhaps that would put my mind at ease.
     
  6. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #6
    That may be your best approach for your peace of mind.
     

Share This Page