Security: I'm sort of scared...

cutman1000

Registered
I have a 500 SP G4 with 256 Megs of Ram, and I hose my own webpage using Apache on OSX. I also have a cable modem. My computer has always been noisy (it always seems to be working on something), and now that I have OS X, I haven't shut it down in over a month. The other night, I noticed that my computer seemed to be making more noise than usual. All of a sudden, I thought that since I had web sharing on and a cable modem, maybe a hacker or something was connected to my computer. I quickly disconnected my modem, and I haven't heard much noise since. My question is: was my webpage causing the noise, or should I be worried about an unwanted visitor? I can provide more details if I have to, but I don't know what else to say about the situation. Thanks.
 
Maybe someone can help us out with some good logging information, but you should consider turning on the kernel-level firewall using a configuration tool like BrickHouse or FirewalkX, both available on www.versiontracker.com.

You can also learn how to use the 'ipfw' command manually, but the GUI tools are much easier.

You should probably block all incoming traffic on your en0 ethernet network interface by default and make exceptions for tcp traffic on port 80 (web) and probably ports 67 and 68 for DHCP negotiating.

-Rob
 
They may be a bit confusing at first, but you can use the Console program to view your log files. For instance, if you want to know who details about FTP connections made or attempted, open your /private/var/log/ftp.log file. I didn't realize right away that consol program could open log files other than console.log, but it can and is very handy. To view access to your webpage, copy the /private/var/log/httpd/access_log to access.log so that console will open it.


A firewall would definatly help you out too.

Would someone like to give us a brief list of the important log file names and what they contain? I don't know where you check telnet or ssh connections.

Hope this helps.
 
Occasionally, some cron scripts and routine maintenance can grind the hard drive somewhat, so don't assume that it's network traffic unless the log files show it.
 
Back
Top