Can someone hack into your icam or mic?

[TRaeGoods]

Up until a few hours ago, I knew absolutely NOTHING about the Console
or what an ipfw.log was but I've been learning very quickly. I was always under the impression that Mac user couldn't have issues with hackers, so I never really worried about anything until I found this tiny little window hidden in the upper left hotspot (set to display all windows). Then, earlier this evening, it literally seemed like someone was making all of my folders, pic, ext..disappear, and then reappear in another area. I understand that their are "bots" constantly trying to login to your computer, but from what I saw in past posts, it shouldn't be this extreme!


Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2308 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2308 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2308 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2309 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2309 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2309 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2310 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2310 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2310 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2311 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2311 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2311 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2312 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2312 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2312 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2313 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2313 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2313 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2314 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2314 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2314 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2315 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2315 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2315 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2316 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2316 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2316 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2317 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2317 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2317 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2318 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2318 239.255.255.250:1900 in via en1
Sep 10 01:55:31 tiffany-goodacres-computer ipfw: 35000 Deny UDP 192.168.1.1:2318 239.255.255.250:1900 in via en1

As I was typing my initial question, something completely took over my space bar and wouldn't let me type, so I just wanted to post it as quickly as possible, but I left out a few important details....

1. About a wk ago I was on Bo Dog Poker site playing the "play money" slots, and a window popped up asking me for access to my camera and microphone. I was very naive and allowed it, thinking that it had something to do with the game, or sight.

2. Within the last week, I've had a few downloads from other gaming sites.

3. I am using a lynksys Wifi Connection.

I would really like to know if someone did hack into my computer, can they still be here, even if I turned on every single fire-ware protection I could find? These weird things keep happening at the really weird times, so I would really appreciate someone's help here so I can take the Sponge-Bob Bandaid off my icam!

I'm just a little freaked out right now...I swear someone is on my computer with me...I posted earlier, but haven't received a response yet, so I don't really know where else to turn...

I continue to get MULTIPLE attempts every second from 192.168.1.1 IP address...it comes back as a local address and this is what the Host name look up says... user-12l3uaq.cable.mindspring.com

So very briefly, I have been having a ton of bazar activity on my computer, example: It's almost as if someone were playing keep away with my files on my desktop, and as I was typing my initial question, suddenly it seemed like my spacebar was being held down, but nothing was touching it.


MORE INFO...
1. About a wk ago I was on Bo Dog Poker site playing the "play money" slots, and a window popped up asking me for access to my camera and microphone. I was very naive and allowed it, thinking that it had something to do with the game, or sight.

2. Within the last week, I've had a few downloads from other gaming sites.

3. I am using a lynksys Wifi Connection.

I would really like to know if someone did hack into my computer, can they still be here, even if I turned on every single fire-ware protection I could find? These weird things keep happening at the really weird times, so I would really appreciate someone's help here so I can take the Sponge-Bob Bandaid off my icam!

 

[spinnerlys]

That IP address is a private one, maybe your router or someone else connected to your local network.

Have you taken a look at System Preferences > Sharing and seen if Screen Sharing or Remote Login or Remote Management is activated?

It looks like something is scanning your ports from inside your network, look at the last four numbers: 3372, 3373, 3374, ....


Have you any chat programs running, according to your other, similar thread, you have "problems" with "239.255.255.250, which is used internally too.

http://www.nthelp.com/upnpscrewup.htm
http://support.microsoft.com/kb/317843/en-us
http://www.iana.org/numbers/

 

[Guiyon]

That doesn't really look all that odd; it just appears to be SSDP traffic. 192.168.1.1 is an internal IP address and unless you changed your router settings, it's most likely just your gateway either looking for or advertising an SSDP service. As for issues with hackers, every system has these, just be sure to turn off any services you aren't using (File sharing, remote login, etc) and use a secure password. If you are connection to the public internet, don't be surprised if your scanned by script kidding every few minutes; a couple of times I logged thousands of access attempts over SSH (Sshguard FTW).

 

[TRaeGoods]

Ok...I might sound like I know what I'm talking about, but I didn't even know what an IP address was 6 hrs. ago, so what does that mean exactly? Could you give me an idea of what could be scanning the ports while I go figure out what a port is please. (and thank you so much for your help by the way!)

 

[spinnerlys]

Ok...I might sound like I know what I'm talking about, but I didn't even know what an IP address was 6 hrs. ago, so what does that mean exactly? Could you give me an idea of what could be scanning the ports while I go figure out what a port is please. (and thank you so much for your help by the way!)

See here: https://forums.macrumors.com/showthread.php?p=11033576#post11033576

 

[miles01110]

192.168.1.1 is probably your router.

 

[TRaeGoods]

So do you have any suggestions as to what the hidden window might be? I've attached a screen shot so you have a better idea of what it looks like, but only when I have my mouse in the hotspot...otherwise it disappears.

In regard to the the ipfw.log, if I'm understanding you correctly, your telling me that there's no need to be alarmed, and I shouldn't have stayed up all night worrying about it then?

Whoops...forgot to attach

 

[Guiyon]

Sorry about the double posting. I wasn't aware of the rules, so I will have to be more observant next time.

Not a problem; the main issue with multiple posts is it gets difficult to keep track of threads and any advice people have offered if there are posts in several spots.

As for the window, that is kind of odd, what programs do you have open at the moment?

Also, try the below steps and attach the resulting file to a post (use the 'Manage Attachments' button when writing a post). The 'top' command below will dump a list of all the processes running on your computer:

1. Open the "Terminal" application from "/Applications/Utilities"
2. Type in "top -l 1 -stats command > processes.txt" (without the quotes) and press enter
3. There should now be a file called "processes.txt" in your home directory, attach it to a post; don't copy & paste the contents of the file as it may be fairly long

1. About a wk ago I was on Bo Dog Poker site playing the "play money" slots, and a window popped up asking me for access to my camera and microphone. I was very naive and allowed it, thinking that it had something to do with the game, or sight.

That sounds like that may be a Flash prompt. Generally, if a flash app wishes to use either the webcam or microphone you will be prompted to deny or allow the action. Closing the window will close down the flash app.

 

[rworne]

A more likely explanation is the Mac is set up as a DMZ in the router or the port forwarding is set up so the router blissfully forwards all external traffic to the iMac.

Also Internet sharing was on? You have Airport active? Someone nearby could be on your wireless.

 

[TRaeGoods]

processes.txt

Fist off, thank you so much for taking the time to help me. I "entered top -l 1 -stats command > processes.txt" without quotes and this is what appeared...

Last login: Fri Sep 10 16:51:29 on console
Welcome to Darwin!
Abadabado:~ tiffanygoodacre$ top -l 1 -stats command > processes.txt
top: Invalid argument: -s tats
top usage: top [-a | -d | -e | -c <mode>]
[-F | -f]
[-h]
[-k]
[-L | -l <samples>]
[-o <key>] [-O <skey>]
[-R | -r]
[-s <delay>]
[-T | -t]
[-U <user>]
[-u]
[-W | -w]
[-X | x]
[[-n] <nprocs>]
Abadabado:~ tiffanygoodacre$



I found the file named "processes.txt" and attempted to attached it, however, it's completely blank.

In regard to the strange "hidden window"...the screenshot that I posted is the only thing that I can do with it. Meaning, I can only get it to appear by going to the hotspot assigned to "show all windows", but I can't close it, minimize it, or even keep keep it visible by clicking on it. I have to keep my mouse on it or in the hot spot in order to see it at all. Also, the close and maximize caption buttons are there, but gray. The minimize caption is the same as always, but nothing happens with I click it.

 

[angelwatt]

Fist off, thank you so much for taking the time to help me. I "entered top -l 1 -stats command > processes.txt" without quotes and this is what appeared...

From the error message, it looks like the command had a space after the 's' in 'stats.' I copied and pasted the command into Terminal and it worked for me. I would try copying and pasting as well or typing carefully. So it's clear in the command, the letter after the first - is a lowercase L.

 

[Guiyon]

Looks like your 'top' has slightly different syntax. What version of Mac OS X are you running?

Edit:
From Apple's man pages it looks like you're running on 10.4.x. Try using the below command instead:

top -l 1 > processes.txt

 

[TRaeGoods]

Processes.txt

Ok, that worked.

 

[mac2x]

The only thing out of the ordinary that I see is that you have a whopping 21 instances of DashboardClient.

 

[tpth]

That weird hidden window used to appear for me sometimes running MS Word under Tiger. Do you have Word open by any chance? Does the window go away when you close it?

 

[TRaeGoods]

tpth - I have Word, but not under Tiger, and it's not been open. I can't close it...I'm not even able to keep it visible unless I hold my mouse in the hotspot, or on it. It's there more then it's not, but it will disappear from time to time.

What is Dashboard Client, and why is that ?

 

[mac2x]

[...]
What is Dashboard Client, and why is that ?

DasnboardClient is the parent process of Dashboard. I sometimes have 3-4 instances of it (that doesn't seem to be unusual) but I've never seen nor heard of having as many as you have.

 

[TRaeGoods]

Screenshot of NetInfo Manager

Is the screenshot I've attached normal? When I've searched user _usbmuxd, I've found information regarding hacking, but I'm pretty confused at this point.

Also...is it normal to have "PowerPC" in my activity log? Please Help! We've been getting mail delivery notifications on our blackberry for mail we haven't sent, and I really need to know if I'm screwing stuff up by digging around all of these area's that I'm unfamiliar with.

I'm not too sure how to go about safely connecting via IM through this forum, but if there is anyone out there that would be willing to IM with me, I have yahoo, aim & blackberry and google on my phone, and would prefer to use the internet on my computer as little as possible right now.

 

[spinnerlys]

The PowerPC stands for the kind of process you are running, most likely that software is not Universal yet.

PowerPC was the architecture Apple used until 2006 in their Macs, since then they use Intel CPUs. Universal means, that a program was written for both architectures, though Activity Monitor shows them as Intel.

I can't see anything wrong with your NetInfo screenshot, usbmuxd is quite normal when an iDevice is connected (iPhone).

I think you make more out of this than it is, you say you're unfamiliar with it anyway.

Btw, you download several .exe files as I can see, thus I think you have some kind of Windows installed on that Mac?

And as you share so much information via this and the other thread, your name for example and the background image of your iMac, maybe take a look at the following guide to only make screenshots of what is important and can be seen by others.
Taking screenshots in Mac OS X.


For chat purposes, if you are still scared, which you shouldn't as there seems to be nothing wrong, the following thread might be able to get you started with chatting, but go to the posts from 2010.
https://forums.macrumors.com/threads/77242/