Please Help! Just Had Something Very Odd/Scary Happen!

Discussion in 'Mac Basics and Help' started by hellodon, Nov 6, 2009.

  1. hellodon macrumors 6502

    Joined:
    Jan 19, 2006
    #1
    I just had the weirdest thing going on with google.com showing up with a bunch of code in safari (XML errors in Firefox). Neither would load google.com, I thought that google had been hacked or something - but it seems that it was only happening on my mac...because I posted a message on twitter/facebook asking if others were seeing it and no one was. I also loaded it up fine on my iPhone connected to the same router....

    Attached a screen shot of what the error looked like

    So I went to restart to see if that fixed it and I got a warning I have NEVER seen before:

    "Are you sure you want to restart? There is 1 user connected to your computer using filesharing"

    Now, I'm not sure if it meant "connected using filesharing" or "connected and USING filesharing (like, transferring files)"

    I did not see anyone in finder even connected to my network. There's one MacBookPro here that is currently closed. My network/router is WEP protected. I havent gone to any shady websites, downloaded anything unusual or clicked anything out of the ordinary (though things like that are usually PC probs anyway).

    As soon as I restarted, I went into my system preferences and turned off screen sharing and file sharing. Checked google as well and that's now loading up fine as opposed to the page I saw before restarting

    The only thing I could think of is that I definitely was using the macbookpro within the past few days, using screen sharing to this imac, transferring a few files, and the imac is always left on so it hasnt been restarted or turned off since I last did that - but i closed that out on the MBP - could that have had anything to do with that message - maybe it never disconnected properly? As I said, no one was showing up in my finder as being on my network or connected to me

    Has anyone ever ran into anything like this? Am I at risk? Was someone stealing my files or was it just the previous connection to the MBP?

    Any idea why google looked like that? I was just assuming the 2 things may be tied together, like maybe someone was on my machine and it was causing some sort of google.com error but it could just be a fluke google error, and that MBP connection from this week...I dont really have much on my computer that would be valuable to anyone else file-wise (i don't think) but I do enter passwords on websites...some are saved, most arent .

    Is there any log of files transferred using filesharing? Any way for me to look into this? I mean, besides the obvious precaution of going through and changing all my passwords (i dont really want to do that) does anyone know if this is something to worry about?


    Sorry for the lengthy post - just wanted to make sure I give all details. Any help would be GREATLY appreciated.

    Thanks in advance.
     
  2. mac2x macrumors 65816

    Joined:
    Sep 19, 2009
    #2
    I don't know about the strange stuff appearing on your browser. BUT:

    1: WEP is ridiculously easy to compromise. If your router isn't capable of using WPA 2 Personal, get one that is and use a strong password. If your router can do it, set it up ASAP.

    2: Make sure Sharing is off in System Preferences, if it is not desired.

    3: Ditch the torrents. No telling what sort of **** you get into from those.

    [edit] Also set the firewall under Security Preferences to allow only essential services whenever you are using a notebook (is this a notebook or a desktop?) in public places, away from the protection of your router.
     
  3. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #3
    There's a potential that someone nearby (within range of your router) was sniffing packets from your machine and cracked the WEP on your router. As mentioned above, that's easy to do, and there's tools to automate the cracking of this security. You should use WPA or WPA2 if your router supports it as they are much harder to crack and be sure to use a strong password.

    If someone did sniff your packets (doesn't that sound uncomfortable) then they could have also poisoned them and caused the Google issue you saw. If you entered any passwords during this time they may now be compromised so I would change them as soon as possible. Also, follow the other security advice above about turning off unneeded sharing options and make sure your firewall is on and maybe turn on stealth mode as well. The router is your first line of defense though. It's hard to say if they may have transferred any files off your machine, the system logs may hold some info, but it would be hard to look through them as there are thousands of lines in those logs.
     

Share This Page