I got hacked, NEED ADVICE

Gigamux

Registered
While I was typing an message in mail, someone took over and within a few seconds had typed into the body of my message some unix commands and the phrase "you have been owned or you are owned" When I saw what was going on, I immediately did a save draft with the subject line reading the phase they had typed. I then went back to my message finished it and sent it.

When I went to find the draft copy of the hack, it was not in my "drafts" folder on Mail and I really got nervous.

I am at your mercy to give me some advice on how to proceed.

I have check my router Linksys WRT54GS and cut all port forward I had on off to my System. I had these ports open for various purposes:
8000,8001,22,3283,5900,and 80.

I made sure that remote management of router was not turned on.

I then cut off the UPnP feature as it was on to allow me to see my screen remotely.

I then looked at my Systems Firewall and turned off allow incoming connections and selected only essential services.

I am on an Model Name: Mac Pro
Model Identifier: MacPro4,1
Processor Name: Quad-Core Intel Xeon
Processor Speed: 2.66 GHz
Using 10.5.8

I have mobile me and use it for my email server.

I do have one more email account on Gmail.

My ISP is Clear as I just dropped ATT DSL last month.

I can't think of what else would be vital to tell you right now but please give me some advice.

Is there a log the system keeps that would allow me to look to see where he got into my system and if he is still connected some how?

I also changed the default password for my Router, just in case he was able to hack in there some how.

Since he was typing on my screen, he must have gotten into my LAN.

I have many computers on this LAN, three of which are being used by a family that are totally clueless to security. They have three elementary age kids who use the network also.

I feel like I been hit by a thief!
 
If he got control of your computer, then probably one of two things happened:

1) You picked an extremely poor password for your user account and/or the root account. Passwords should be at least 8 characters in length and contain upper- and lower-case letters, numbers and valid symbols. If your password contains your birthday, dog's name, mother's maiden name, the phrase "password", etc., then you have picked an extremely poor password. Change it to something stronger. A good rule of thumb is that if you create a password and you can recall from memory which password you picked 30 minutes later, you failed at picking a good password -- go back and pick again. You should not be able to recall your password from memory until you have typed it over 50 times.

You should also never use the same password for more than one thing. If you used the same password for your online banking that you did for your Mac OS X user account, I would suggest immediately checking the funds in your account to make sure they're all there -- and then immediately changing the password.

2) You have VNC and/or screen sharing (or "remote access") enabled, and you have again picked an extremely poor password.

Piss-poor password examples: p4ssw0rd, fluffy123, johnnybgoode, letmein, 123abc, john1988, etc.

Good password examples: GG6y7Ii&, t6^-0y0Y, wA11$$.g, etc.

If someone has gained access to your router, that does NOT mean that they have gained access to your computer, nor does it make it any easier for them to hack into your computer.

My money is on a very poor password choice.

I feel like I been hit by a thief!
Well, you have! ;) Now the question is... did you leave your door wide open for him?

I can't stress enough -- strong passwords raised to the infinity power. Poor passwords can be "hacked" by a 5 year old. It matters not the ages of the computer users nor their technical expertise -- they should ALL have strong passwords associated with their accounts.

You mention that you use MobileMe -- it is completely possible that someone guessed the password to your MobileMe account and is using the "Back To My Mac" function to remotely log into your desktop -- if this is the case, visit the MobileMe web page and secure the account with a strong password.

Let us know!
 
Last edited:
Back
Top