Jump to content

Weird Activity


Recommended Posts

Hi Everyone.

I run an older model Macbook Pro, a local LAMP stack for development (managed by Homebrew) and always keep things up to date.

I had port 80 open to incoming traffic to enable testing of a webhook setup I am developing which it appears someone has used to compromise skype and firefox (or just able to open tabs on the default browser) on my machine.

I had browser tabs open with a google search of the last line of many of my skype conversations, and some .

I can't see a whole lot in the apache logs from when the attack was executed so Im concerned that malware has somehow been installed.

Where would I start looking to ensure my machine is no longer compromised (other than heavily restricting incoming requests over port 80) ?

Thanks.

Ben

Link to post
Share on other sites

  • Staff

I'm not sure that I entirely understand what you say happened, but whatever it is isn't a malware issue.

However, if you're opening up your Mac on port 80 to the internet in general, that could be dangerous. And it's quite a bit more dangerous if you've got other ports similarly opened up. I can't say whether the behavior you're seeing could possibly be due to some kind of hack by a remote party, but any time you've got ports open and not properly secured, that's an issue.

I'd also point out that you should not, under any circumstances, be developing new software using port 80 - which is used for insecure HTTP communication - in this day and age. All such traffic should be secured with HTTPS on port 443 instead.

Link to post
Share on other sites

I had 32 browser tabs open withing a few seconds and in the browser tabs was either a spam link, or a google search of the last line of many of my skype conversations, how would an attacker do that without either 1) leaving something in the apache request logs or 2) malware?

Thanks

Ben

Link to post
Share on other sites

  • Staff

Ben,

Having tabs open in your web browser would have nothing at all to do with the Apache web server running on your Mac.

As it sounds like this was a one-time occurrence, most likely you had a bad or hacked site open in the browser that opened those tabs via a JavaScript. If you had a page from the Apache web server open in the browser at the time, and if you can reproduce this behavior, then that may mean that the web site being served from your Mac has been hacked and is serving compromised pages.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.