|
Ex-boyfriend accessing my computer remotely...
I recently learned that my ex-boyfriend has been logging onto my laptop via his desktop via Unix. He has been reading my files and apparently gaining my passwords for a few months. He had full access to my computer several months ago. I have searched all over and I am hoping that once and for all, I can get some questions answered from someone who really knows Unix.
1) He said that without my IP address he cannot access my computer. Is this true? Because he has been gaining my files for months now. 2) When I log onto the Terminal, who is the 'console' if I am pp1, etc? How would I know if he has been there and/or is there anyway for him to operated in 'stealth' mode? Am I the root or is he? 3) As far as gaining all of my passwords, can he do this simply using Unix or did he have to install some sort of keylogger onto my computer. 4) Will simple turning on the firewall keep him out from now on? I know this is a lot to ask... but he is the Unix/mac whiz and I am at his mercy. Ha! I trusted him when I let him reprogram my computer months ago! Thanks! |
I don't believe this shiite for a minute...
|
disable ssh !
|
Thank you. How?
|
What's ssh?
|
Dealing with your questions in order:
Quote:
Quote:
Quote:
Quote:
Unless someone in the local Mafia owes you a favour I would do the following immediately: Turn your computer off. No hacker has ever defeated the power switch :D Go to an internet cafe and change every single password you have. Use good ones that are completely unlike the present ones. Do that today. Also call your bank, credit card company, telephone and mobile provider etc. even if you've never accessed them through your machine. Call everyone. Get out the install discs and do an Archive and Install. Do NOT, repeat NOT, import your old settings. Yes, that means you have to do a lot more work but importing the old settings also imports the old hacks. On the other hand, what he's doing could be a felony offence in your area. You could set up a nice little honeypot if you wanted. At the minimum I would file a complaint just in case he's been downloading "questionable" material through your computer. Filing a police complaint also gives you a way out if the FBI/Record company/Vice Squad come knocking 6 months from now. Afterthought: do a thorough search for jpg, gif, tif, mov, avi, wmv, asf, zip, tar, tgz, bz*, dmg and mp* files. If I wanted to thoroughly shaft someone I would leave some rather illegal videos on their drive. Maybe you should backup your home folder, erase your drive, secure-wipe it (takes a couple of days) then reinstall and copy things back one file at a time. Enjoy!! |
Generally anyone that uses UNIX tend to be fairly advanced users so....
Firstly disable ssh and apple remote desktop in sharing>services preference pane. Change your passwords on your user account and delete any accounts that are not in use. Check all system logs for "authentication". There maybe a audit trail for any remote access or ssh login attempts. If you have a router then login to this and disable any firewall rules that are mapped to your machine. Make sure your local machines firewall is turned on. Also change the password on router and make sure Remote administration is off. It is possible for him to have sneekly little cron jobs running to enable services etc. You can download Cronnix to check if there are any malicious cron jobs running in background. Definitely change passwords of your online accounts bank etc etc etc . Do this from a different machine just in case or use the telephone to get things reset. Use NEW passwords that are secure.....not your cats name ! Last resort is to wipe machine and start again. If he can still get in then i am the Queen of Sheeba ! |
Uhh...consider reporting this to the police. This is most definitely illegal activity.
Joe VanZandt |
If you don't want to go through the hassle of reinstalling unless you need to, you could install Little Snitch and turn on your Firewall. If you have a router, (and if you don't, they're about $50) you'll want to check its admin pages to be sure that your system isn't on a DMZ (DeMilitarized Zone) or that the router isn't port forwarding to your system.
Using Little Snitch to catch outgoing traffic and a router to block incoming should be enough to show you if he's been accessing your system remotely and block his access. |
Wow...
I very much appreciate all your responses and real answers.
Is there not a way to find documentation/log of his IP address or something showing that he accessed in the past? (For proof to report him) The commands that I have tried do not go back to March 15th... last date I know for sure he logged in. 'netstat'? He is pretty darn savvy and very well could have put questionable material on my computer. How is it that one can use UNIX to gain passwords?? THANK YOU ALL! |
Quote:
Quote:
-- Quote:
-HI- |
What makes you think he is accessing your computer?
In any case, for peace of mind, I would just reinstall the OS. It should be quite easy, but make sure you only keep your files, not the settings, preferences etc. Then, I would turn on the Mac's firewall. |
If he if advanced in UNIX, he probably knows what he's doing. It is possible that he could have tracked your computer's recent websites and be reading this very thread. It is best to erase and install everything.
You could open the Console app to check the logs. in /Applications/Utilities. Unplug and disconnect your computer from the internet first. If he is smart enough, it is possible he could have edited the logs as well. That's why it's best to reinstall everything. |
Quote:
We lived together, then went our separate ways as 'friends'. Ha! He had full access to my computer until a few months ago, at which time he began logging in remotely. He admitted all of this, as well as told me how to keep him out from now on... and as far as those instructions, I don't believe what he says for a second! And NO, I do not want to be a hacker too! Obviously I am far from it. Just trying to understand how HE aquired all of my passwords. |
If someone who you don't trust has had "full access" to your computer, then the only way to get back to a state where you can be sure that person will no longer have access is to erase the disk and reinstall OS X from the original OS X Install CD/DVD.
|
Quote:
He removed Tiger from my system (said too many bugs were causing my problems) and I now have 10.3.9 which was his. So do I reinstall Tiger? (I am sorry if I sound like an idiot!) |
As I mentioned in post #6 above, connections can run in both directions and firewalls usually don't stop outbound connections. This is rather complex to do, but it's certainly possible.
Reinstalling Tiger is pretty easy - delete the contents of Home -> Library -> Startup Items and clear login items from System Prefs -> Users, then back up your home folder. Insert the Tiger install disc, click restart, and when it asks choose "Custom Install" and select "Erase and Install". This will completely wipe out your drive and any nastiness therein. If there's an option for "zero data" check it. As I said above, DON'T import your old settings, and of course use new usernames/passwords. |
Quote:
As I said before, if your system has been compromised, the only way forward towards a system that you can trust is to erase the disk and reinstall. Quote:
|
Quote:
|
Ex accessing computer... part 2
I have gone through the wtmp log...and trying to read it! I have only learned of UNIX and starting logging in mid-March. Whereas the log shows me logging in dating back to July. Is it safe to assume that the one logging in under my username (remotely) would be the ex?
I mean, the wtmp log only records log-ins into the Terminal correct? This is not a log of when I turn on the computer and run the system right?:confused: |
| All times are GMT -5. The time now is 07:35 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.