How do I know if I had gotten hacked?

I got home and discovered that my OS X 10.2.8 servers (webserver and fileserver) powered OFF. I had left them on when I left the house.
These servers are behind multiple firewalls: a Netgear router that lets inbound only on ports 22 and 80 and forwards them to the webserver. The fileserver is behind another Windows XP firewall.
I analyzed the logs on the webserver and found multiple entries of attempted root logins, none successful:
May 27 15:20:04 sweetpea sshd[8670]: Did not receive identification string from 61.235.150.102
May 27 15:23:10 sweetpea sshd[8671]: Could not reverse map address 61.235.150.102.
May 27 15:23:11 sweetpea sshd[8671]: Failed password for root from 61.235.150.102 port 1540 ssh2
However, the log abruptly ends at about 15:25, which is when I assume the machine went down. The log ends with no error messages or any sort, until I restarted it the next day when I got back:
May 27 15:25:36 sweetpea sshd[8737]: Could not reverse map address 61.235.150.10$
May 27 15:25:36 sweetpea sshd[8737]: Failed password for root from 61.235.150.10$
May 28 11:40:02 sweetpea syslogd: restart
May 28 11:40:02 sweetpea mach_kernel: standard timeslicing quantum is 10000 us
May 28 11:40:02 sweetpea mach_kernel: vmpagebootstrap: 124828 free pages
The fileserver logs show no such access; they show normal operation and then the log abruptly ends.
Questions:
1. Does anyone know if it is possible for an attacker to shut down OS X 10.2.8 boxes remotely without gaining root access? (It appears that they did not gain root access.)
2. Do people think the attackers actually gained root access, and erased their tracks (and if they did, why did they leave the attempted logins in the file? Seems rather odd.)
3. Are there other places where I can check to see if the computers were compromised and try to piece together what happened?
Thanks for any help!
PPC7410

My Mini which was plugged into the same outlet did not go down. The webserver was shut down earlier than the fileserver (according to the logs), so I thought hacker activity was more likely. It has me very puzzled, however. The fileserver went down at 5:26 PM.
May 27 17:26:14 localhost named[23968]: Cleaned cache of 17 RRsets
May 27 17:26:14 localhost named[23968]: USAGE 1148765174 1144992369 CPU=100.03u$
May 27 17:26:14 localhost named[23968]: NSTATS 1148765174 1144992369 A=21338 PT$
May 27 17:26:14 localhost named[23968]: XSTATS 1148765174 1144992369 RR=102977 $
=2715 RTCP=655 SFwdR=4228 SFail=0 SFErr=0 SNaAns=155651 SNXD=145602 RUQ=0 RURQ=$
May 28 11:33:26 filesvr syslogd: restart
May 28 11:33:26 filesvr mach_kernel: standard timeslicing quantum is 10000 us
May 28 11:33:26 filesvr mach_kernel: vmpagebootstrap: 253940 free pages
I suppose a possibility is that the hacking ceased at 3:25PM, and there was no log item between then and 5:26PM on the webserver, and they both went down in the same power surge.

Similar Messages

  • How can i know if i had my find my phone setting on?

    mi ipod was stolen, i had an ipod touch 5 with thte latest update. i cant rememeber if i had the find my phone setting on... is there something i can do? how can i erase evreything form my ipod..

    - If you previously turned on FIndMyiPod on the iPod in Settings>iCloud and wifi is on and connected go to iCloud: Find My iPhone, sign in and go to FIndMyiPhone. If the iPod has been restored it will never show up.
    - You can also wipe/erase the iPod and have to iPod play a sound via iCloud.
    - Change the passwords for all accounts used on the iPod and report to police
    - There is no way to prevent someone from restoring the iPod (it erases it) using it.
    - Apple will do nothing
    Reporting a lost or stolen Apple product                               
    - iOS: How to find the serial number, IMEI, MEID, CDN, and ICCID number

  • How do i know if i had a successfull reinstallation of Mac OS?

    The installation and set up maual for Tiger version mentioned that my system will restart after installation for setup. But it didn't restart after reinstallation. It shown the message- successfully installed, then click the close button, then dvd was removed automatically, and without restarting it directly goes to setup menu. I don't knwo why it had happened. Shall i reinstall the whole systems software again? And, can i chose the option erase and install for reinstallation?
    One more fact, the first DVD is been checked by the installer, but the second one is not checked by the installer- never and always skipped by the installer. The second DVD is alwaysing showing error message during installing the garrage-band- instruments. I can't install garrage-band an anymore.
    What to do? Any insights would appreciate. Thanks for reading.

    Thanks.
    Would you please check the following link. I post another question about a problem. Chekc this link please.
    http://discussions.apple.com/thread.jspa?threadID=2229581
    Thanks once again.

  • How do I know is my iPhone4 been hacked

    I recently received 5 text messages in one night within 15mins, same text over and over again, and it is in Chinese and the phone unmber is from another country because it got the + sign follow by numbers, just like any other phone number appears .... anyway, the text message just keeps on coming and I reply 'Do I know you ?' but there is no other reply ... only the same text again, it is more like it just keeps on reperting itself, so I switch off my phone and turn it on in the next morning and I only received 1 message from that number and this incident did not happened again. But my question is .... can people hacked into other people's phone by just a simple text ?

    No.

  • How can I know my Mac is not "hacked" by malware

    Opening a Safari window recently I got a message from an unknown source that somebodu wanted to become my sexbuddy. I was supposed to OK it which of course I didn't . Meanwhile all my functions in Safari were frozen. The only thing that worked was a force quit from the Apple menu. The following days the same happened every time I opened Safari. I even reinstalled Maverick hoping to get rid of the thing but that didn't seem to help. Finally it disappeared, I guess when I succeeded in stopping Safari to open with the most recent window.
    However I am not absolutely certain my Mac is clean and not hacked by somme vilain through some malware. How can I be sure?
    Tha,ks for the help!

    Anything coming via Safari is not malware but phishing attempts.
    Helpful Links Regarding Malware Protection
    An excellent link to read is Tom Reed's Mac Malware Guide.
    Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
    See these Apple articles:
              Mac OS X Snow Leopard and malware detection
              OS X Lion- Protect your Mac from malware
              OS X Mountain Lion- Protect your Mac from malware
              About file quarantine in OS X
    If you require anti-virus protection I recommend using VirusBarrier Express 1.1.6 or Dr.Web Light both from the App Store. They're both free, and since they're from the App Store, they won't destabilize the system. (Thank you to Thomas Reed for these recommendations.)

  • Lost my phone today, is there a locator on it? If yes or no, how would i know?, Lost my phone today, is there a locator on it? If yes or no, how would i know?

    How would I know if i had a tracker or locator on my phone if i had one? Do all iphones have one?

    If you enabled "Find My iPhone" on the device prior to it being lost, you may be able to track it.  This assumes the device is powered on, has a network connection (Wi-Fi or Cellular data), and has not been restored as new by whomever found it.
    If you did not enable the feature, the only way to locate the device is to physically start looking for it.

  • How can i hnow the applet had load complet by javascript?

    hi,how can i hnow the applet had load complet by javascript?
    my applet load by <object> tag,
    i add a "onload" event listener to the html page's <body> tag,but the event listener is call by the page load,
    but ,the applet sometime has not loaded complet,so how can i know the applet had loaded complet!
    the <OBJECT>has some method to check the applet load status??
    3KS!

    You can have your applet call some javascript to inform that it is loaded. Make the call from your
    applet's start method
    Suppose you have a javascript function called "appletReady()"
    which sets a ready variable to true or whatever.
    Now in your start method of your applet you can do the following:
           JSObject win = null;
            try
                win = (JSObject)JSObject.getWindow((Applet)this);
                if (win == null)
                    System.err.println("JSObject window was null");
                else
                        win.call("appletReady",null);
            catch (Exception jse)
                System.err.println("Exception: " + jse);
            }Make sure you import netscape.javascript.
    And when you compile use the appropriate jaws.jar in your classpath
    It should be found under jre/lib of your JDK installation.
    I hope this helps.

  • HT204053 how do i know if i have my pics and contacts on my icloud?

    my phone is messed up and i have to get a new iphone but they guy from the at&t store said if i didnt have my pics and contacts saved to my icloud i would be losing everything ok my question is how do i know if i had my icloud on? i dont remember can anyone help me

    Contacts are saved in the contacts database on icloud.  If you use a computer's browser and log into icloud.com, look at the contacts page.  They should be there.  On the new iphone, in Settings>iCloud, if you sign into your account and turn on contacts, they should be synce to the device.
    pics are not kept on icloud, they should always be synced to a computer for storage and safekeeping.  You sync them either by using USB cable or using photo stream.  If you have backup turned on for icloud, then photos in the camera roll "should" be included (if you turned that on for backups), but many users have found that upon performing a restore, the pictures were not synced back. 

  • Built-in iSight - how do you know for sure it is off?

    I have a new iMac with built-in iSight. I have been checking into security software for my iMac and came across the program called Undercover by Orbicule. One of the functions of that program is that is utilizes the built-in iSight camera to take pictures of the room/person who potentially stole your computer. So that caused me to wonder how do I know for sure my built-in iSight camera is turned off and not accessible by some program outside of my control? I know the green light comes on if I use it in iMovie or something like that, but how do I know it isn't being hacked and used without my knowledge?

    Black electrical tape.

  • Being new to working with Mac, I was wondering if anyone can tell me how to set my Mac Book Pro wirelessly to the Canon Pixma Pro9000 Mark ll? My husband had gotten this printer and the sales person said that it can be set up wirelessly to my Mac Book Pro

    Being new to working with a Mac, I was wondering if anyone can tell me step, by step on how to set up my Mac Book Pro(Mid 2012) wirelessly to a Canon Pixma Pro9000 Mark ll that my husband had gotten me? Sales person told him that it's compatiable to my Mac Book Pro, Mtn Lion, but I do not see it and I don't see how to do it wirelessly. Any help would be appreciated. Thanks ;o)

    Hello:
    There is nothing wrong with asking questions.  There  are no dumb questions....answers, yes, but not questions. 
    If you set up your wi-fi router to establish a network, then both your printer and MacBook Pro will connect wirelessly.  *** I do not know what kind of router you possess, I don't want to suggest things that might not be relevant.
    Barry
    P.S. No need to apologize!  Most of the people here (none of us are Apple employees) enjoy trying to help others. 

  • HT204053 I did not know my kids had set up an Itunes account for me with one user name and password.  then i got an i phone and set it up with a different email address and new password.  how can i get my accounts to merge so i can have all of my music on

    I did not know my kids had set up an Itunes account for me with one user name and password.  then i got an i phone and set it up with a different email address and new password.  how can i get my accounts to merge so i can have all of my music on my iphone

    Quote: "You cannot merge two or more Apple IDs into a single one. You can, however, use one Apple ID for iCloud services and another Apple ID for store purchases (including iTunes in the Cloud and iTunes Match). See “Using one Apple ID for iCloud and a different Apple ID for Store Purchases” above for details." See also Apple ID & iCloud FAQ: http://support.apple.com/kb/HT4895?viewlocale=en_US&locale=en_US
    You can set up your iCloud account on your iOS device under: "Settings > iCloud" and a other account for store purchases under "Settings > iTunes & App Stores". Unfortunately merging accounts is not possible but you could transfer all of your music manually via iTunes from your Mac or PC.

  • A relative synced my iphone with his laptop without me knowing. It had a passcode on the phone but the sync still worked. I have since found out he is quite IT knowledgeable and has been known to track other peoples phones.  How is this data useful to him

    A relative synced my iphone with his laptop without me knowing. It had a passcode on the phone but the sync still worked. I have since found out he is quite IT knowledgeable and has been known to track other peoples phones that he wants to know information about.  How is my data useful to him and can he restore this data on another iPhone and run it parallel to mine? I have had people send me messages which I have not received. These have been screen shot to me later including time and I have just not got them. I had 4 weeks worth of messages go missing from my phone..I know that he synced my phone because his work laptops I'd came up in my settings. Also if the above can be done can he change the settings on my actual phone and access my location without placing tracking software on my phone.  Can someone please help here as I can't restore a backup to my phone for obvious reasons and refuse to change my number because of this loser.

    Connect the device to the computer.
    In iTunes, select the content desired to sync.
    Sync.
    This is all described in the User's Guide, reading it may be a good place to start.

  • I opened a website that said that all of my files had been encrypted. A popup appeared and asked if I wanted to leave the page, but when I tried to, it wouldn't let me.  How do I know if this is a real problem or not?

    I was researching information for a class and I clicked on a website that said that all of my files had been encrypted.  A popup appeared and asked if I wanted to leave the page but when I tried to, it would let me.  I had to force quit Safari in order to do so.  How do I know if this is a real problem or not? 

    It's a JavaScript scam that only affects your web browser, and only temporarily.
    1. Some of those scam pages can be dismissed very easily. Press command-W to close the tab or window. A huge box will pop up. Press the return key and both the box and the page will close. If that doesn't happen, continue.
    2. From the Safari menu bar, select
              Safari ▹ Preferences... ▹ Security
    and uncheck the box marked Enable JavaScript. Leave the preferences dialog open.
    Close the malicious window or tab.
    Re-enable JavaScript and close the preferences dialog.
    3. If the Preferences menu item is grayed out, quit Safari. Force quit if necessary. Relaunch it by holding down the shift key and clicking its icon in the Dock. From the menu bar, select
              Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data
    to get rid of any cookies or other data left by the server. Open your Downloads folder and delete anything you don't recognize.

  • Does anyone know how to get an application you had once without using App Store?

    Does anyone know how to get an application you had once without using App Store?
    Because I'm underage and I couldn't get it back.
    I just want it back, I'm not going to use any money in App Store...

    When you say you "had it once", how did you get it then?  The App Store has only been around for a few years, so there are lots of apps out there that you would once get from the developer, but now they're only available on the App store.  Which app(s) are you referring to? 

  • I purchased extra icloud space to store my photos, videos etc in a process to switch my phone, as my current one is broken. How do I know that my photos have gotten to "the cloud"?? Forgive me, I'm new to this process.

    I purchased extra icloud space to store my photos, videos etc in a process to switch my phone, as my current one is broken. How do I know that my photos have gotten to "the cloud"?? Forgive me, I'm new to this process. and did I do this correctly?

    Photos and videos in the camera roll are included in your iCloud backup.  Restoring the backup to your new phone will recover them.

Maybe you are looking for