I think my computer has been hacked
I think my computer has been hacked into. One day last week, I was noticing it was sluggish. So, I attempted to restart it to clear out whatever processes might have been hung up. However, when I did so, the computer threw up a message asking if I really wanted to do that, since someone else was connected to it via Apple File Sharing (hence the sluggishness, I guess). No other computer in my place was even turned on. So, wondering if it was being hacked into, I changed passwords on the computer at that point and shut down any port mappings through the firewall (except for remote access).
This morning, I get a message on my browser from AT&T saying that I had too many simultaneous internet sessions open and they turned me off until I confirmed things were okay. I clicked okay and my main computer is up and running on the Internet. But, the others would not connect to the wireless network.
Since my other computers could not connect, I figured I must have changed the wireless password as well when the first instance occurred, above. So, I go into see what the password was set to and it was some random 65 character string that did not match what I had set for my wireless password (it was much shorter and simpler). In fact, my wireless password on the Airport Extreme was still my old password. But, here's the strange thing, I was able to connect to the internet this whole time from the computer with this funky password. So, again, this is fueling my suspicions that I've been hacked.
My question is this: Is there anyway to tell? I have been browsing log files, but I really don't know what I'm doing there. I did see some attempts to connect via FTP, but nothing that says a connection was made. Can I see who connected and when? Can I see what they were accessing, if someone indeed was hacked in?
Also, it appears from reading other posts that these log files clear out every so often. Is there a way to copy/save them so I can research this in the coming days? I'm afrain any evidence of this will disappear on me shortly.
Any help would really be appreciated.
This morning, I get a message on my browser from AT&T saying that I had too many simultaneous internet sessions open and they turned me off until I confirmed things were okay. I clicked okay and my main computer is up and running on the Internet. But, the others would not connect to the wireless network.
Since my other computers could not connect, I figured I must have changed the wireless password as well when the first instance occurred, above. So, I go into see what the password was set to and it was some random 65 character string that did not match what I had set for my wireless password (it was much shorter and simpler). In fact, my wireless password on the Airport Extreme was still my old password. But, here's the strange thing, I was able to connect to the internet this whole time from the computer with this funky password. So, again, this is fueling my suspicions that I've been hacked.
My question is this: Is there anyway to tell? I have been browsing log files, but I really don't know what I'm doing there. I did see some attempts to connect via FTP, but nothing that says a connection was made. Can I see who connected and when? Can I see what they were accessing, if someone indeed was hacked in?
Also, it appears from reading other posts that these log files clear out every so often. Is there a way to copy/save them so I can research this in the coming days? I'm afrain any evidence of this will disappear on me shortly.
Any help would really be appreciated.
Mac OS X (10.4.10)
