Random shutdown...security problem?

Discussion in 'OS X Mountain Lion (10.8)' started by modest serving, Aug 27, 2012.

  1. modest serving macrumors member

    Joined:
    Feb 16, 2010
    #1
    I usually leave my 27" iMac plugged in and on 24/7. It goes to sleep after 30 minutes of inactivity, but I rarely shut it down since I often connect to it remotely for VNC and torrents.

    Lately I have noticed a few random times that when I have gotten home from work the iMac will be completely turned off and it will have to boot up. At first I thought maybe my power was going out during the day, so I ticked the box for restarting automatically after a power failure.

    It happened again today. So, I checked the system.log in the console.
    Here are the last entries before shutdown:
    The first thing I noticed was the failed VNC login. Turns out there have been LOTS of these all from shady ip addresses going back as far as I have logs. Luckily they all say failed. The only successful logins have been my own, so far as I can tell.

    Does anyone see anything else from that log that would explain the shutdown behavior? Will repeated VNC login failures cause a shut down?

    I changed my outward port for VNC from 5900 to something else, I've changed my screen sharing password and my login password, as well as my 1password mast password. I also changed the password to the web-GUI for my router. Running ClamXav now. Anything else I should do?
     
  2. ratfink macrumors member

    Joined:
    Feb 11, 2012
    #2
    There have been several vulnerabilities in VNC services that allow attackers to bypass authentication completely. I'd check to make sure you're running the most recent version. There are automated scanners out there that just search the Internet for vulnerable VNC servers. Now, it's most likely not what's causing your problem, but you should make sure.
     
  3. modest serving thread starter macrumors member

    Joined:
    Feb 16, 2010
    #3
    I'm just using the built screen sharing VNC server. I'm running Mountain Lion 10.8.1.

    After some more googling I'm realizing that my random shutdown issue is probably unrelated to the attempted VNC breakins. I guess I should try setting the SMC?
     
  4. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #4
    A SMC reset might help. And one rule that every person should abide by is never forward the default port to the outside. That is never make your external VNC port 5900 or your external SSH port 22. Always make them something higher than 5000. Otherwise you risk someone trying to brute force their way into your system.
     
  5. ilgreatluigi macrumors member

    Joined:
    Jan 8, 2012
    #5
    This technique is kind of outdated now. While scrambling the port number could slow the attacker briefly, many automated scanners can detect what the port number is still. This method is only good against worms and very lazy attackers.
     
  6. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #6
    It still defeats the worms, basic scripts, lazy hackers, and automated scanners looking for default ports. All of which comprise about 80% of all port scanning.
     
  7. Mr. Retrofire macrumors 601

    Mr. Retrofire

    Joined:
    Mar 2, 2010
    Location:
    www.emiliana.cl/en
    #7
    Source?
     
  8. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #8
    My own logs and the ones from where I work.
     
  9. modest serving thread starter macrumors member

    Joined:
    Feb 16, 2010
    #9
    I just wanted to follow up by saying that I did what you suggested. I changed the incoming port for VNC, and since then I have not seen any unauthorized attempts to login in the system logs. Thanks for your help. Newb mistake :eek:
     

Share This Page