User profile for user: wheelers1432
wheelers1432 Author
User level: Level 1
4 points

How is this possible? - Showing now Console Log and Terminal

Hi,


Please Can someone explain how this is possible? if I am the only person directly using my mac pro but there seems to be something I can't explain?


The screenshots below are from today (console screenshot and shot from terminal, new instance)


Taken from the console - Screenshot Below.

Sep 18 16:27:51 Supah-Pablo-6 Auganizer[30191]: /Library/Audio/Plug-Ins/Components/bx_control V2.component: 1 found


Taken from Terminal


Last login: Sun Sep 18 16:11:36 on ttys001

gud@Supah-Pablo-6 ~ % 


gud is my login and other name


My concern is that Supah-Pablo-6 is a recent entry in both the Console Log and the Terminal, but that user name is someone who uses my internet connection and is not me.


To my knowledge, this person has never used my computer, and we are not particularly close. That's the name of a device that belongs to the user who is now connected to my home network.


He has the authority to use the shared connection, therefore I can't remove it. However, I'm not sure if this means that he has access to my computer in for this to occur.


I hope I'm worrying over nothing, but if somebody could provide me with an answer, I would be extremely grateful.


Thanks, Guy




Mac Pro, macOS 12.6

Posted on Sep 18, 2022 10:27 AM

Reply

Similar questions

4 replies
User profile for user: steve626
steve626
User level: Level 6
13,899 points

Sep 18, 2022 1:10 PM in response to wheelers1432

Go into Terminal and type each of these commands:


sudo scutil --get ComputerName
sudo scutil --get LocalHostName
sudo scutil --get HostName


Compare what you get to what you are seeing in the Terminal prompt, and in the Console.


My concern is that Supah-Pablo-6 is a recent entry in both the Console Log and the Terminal, but that user name is someone who uses my internet connection and is not me.

To my knowledge, this person has never used my computer, and we are not particularly close. That's the name of a device that belongs to the user who is now connected to my home network.

He has the authority to use the shared connection, therefore I can't remove it. However, I'm not sure if this means that he has access to my computer in for this to occur.

I can't tell what you mean by "that user name", "this person", "that's the name of a device" ... "He has the authority to use the shared connection" ... there are multiple names shown in your screenshots and I can't tell which you are referring to in these quoted segments. And what shared connection are you talking about here? Is the person connected to your router? Or something else?


What do you mean by "we are not particularly close"? How does that relate to your concern. What is your concern? Is it that someone else is controlling your computer remotely? If so, what leads you to have that concern?

Reply
User profile for user: Paul_74
Paul_74
User level: Level 1
42 points

Sep 19, 2022 4:21 AM in response to steve626

What happens if you change the Computer Name under Sharing in System Preferences as well as the NETBIOS Name? I would restart your computer afterwards. It will flush the arp cache.


I would also turn off all Sharing services at the same time.


If you haven't restarted your Mac since your phone was stolen it may still be showing up in the arp cache.


I would start by implementing the following if you haven't done so already:

  • Under System Preferences --> Security & Privacy --> General
    • Change Password
    • Require Password after 15 minutes or what you feel comfortable with.
  • Under System Preferences --> Security & Privacy --> File Vault
    • Turn on file vault
  • Under System Preferences --> Security & Privacy --> Firewall
    • Turn on the firewall
    • Under Firewall Options - tick everything unless you need access. Remove the applications under Block all incoming connections unless you need them. Alternatively you can block them.
  • Under System Preferences --> Security & Privacy --> Privacy
    • Review access for each service, especially Full Disk Access
  • Change you Apple ID password
  • Under System Preferences --> Software Update
    • Apply the latest updates
  • Under System Preferences --> Users & Groups
    • Ensure the Guest User is off
    • Ensure at least one user account is admin
    • Change password of both accounts if you haven't done so already.
    • Review Login Items - is anything out of place?
    • Login Options
      • Turn off Automatic Login
  • Consider installing and using (malware is possible on macOS):
    • Little Snitch
    • ClamXAV
  • Speak to your flatmates and change your router's WiFi password to something long and complicated. There are tools which will quickly guess WiFi passwords if they are short and simple.
  • Monitor the output of arp -a to see if devices return or not.


Good luck.

Reply
User profile for user: steve626
steve626
User level: Level 6
13,899 points

Sep 18, 2022 8:01 PM in response to wheelers1432

I am confused by some of the information you provided.


Was your stolen phone using your Apple ID with Find My iPhone enabled? If so, you can erase it completely remotely.


I don't understand your situation with the router. Is this your router? Are you connecting to someone else's router? Do you have an ethernet hard line? If so, suggest you obtain your own router and connect it to that hard line and lock down all access to your router (except for you). Even better, connect your Mac to the hard line instead of WiFi.


Other things you can do:


  • Change your user password for your Mac.
  • Change your Apple ID password.
  • Go to Apple ID in System Preferences and make sure all old devices are removed from your list of devices, including the stolen one(s).
  • Go to System Preferences Sharing. Turn off all access (uncheck all boxes).
  • Go to System Preferences, Security and Privacy, Firewall, make sure Firewall is "on," select Firewall Options ... Consider blocking all incoming connections. Consider turning on Stealth Mode. Look at other options and think about turning them on (or off) to enhance security.
  • Consider using FileVault. Consider a firmware password.


If you are having things stolen and/or physical access to your stuff is not secure, having good passwords and things like FileVault and firmware password might be important. With those enabled, someone accessing your computer is completely locked out, they can't do anything. I can't tell but it sounds to me like you need to move to a new place!


If you have another phone now, make sure you have a long passcode. Maybe purchase a safe to lock your stuff up when you aren't there?


If you change all those passwords, disable all remote access, and then restart your computer, all remote connections are broken and won't be resumable as long as no one else knows your passwords.

Reply
User profile for user: wheelers1432
wheelers1432 Author
User level: Level 1
4 points

Sep 18, 2022 2:46 PM in response to steve626

Hey Steve.


I probably should have explained more, but i just wasn't sure how to word it.


So the reason i felt my computer was accessed was because a few months back, my new IPhone Max was stolen and I had no way of finding out other than cancelling it and getting a new one. Other things have been stolen and I've since upgraded security, so I know I'm living with someone who seems to want to target my stuff. 


I have constantly tried to increase the security of the router, but no joy. The landlord is a tightarse. There just seems to be too many connected devices and when i noticed a device matching my stolen phone i started to review activity around the phone and one device was always present when the phone matched my stolen phone, which I believe was my iPhone 12+, and that device was the Supah-Pablo-6 which


Curremt Host information as requested


Last login: Sun Sep 18 22:10:44 on ttys000


gud@Supah-Pablo-6 ~ % sudo scutil --get ComputerName


sudo scutil --get LocalHostName


sudo scutil --get HostName


Password:


Guy’s Mac Pro


Password:


Guys-Mac-Pro


Password:


HostName: not set


gud@Supah-Pablo-6 ~ % 



I just tried to list all connected devices within my network and this is what i just found:


Last login: Sun Sep 18 21:27:45 on ttys002


gud@Supah-Pablo-6 ~ % arp -a


? (192.168.1.95) at e:49:d4:b2:60:29 on en2 ifscope [ethernet]

esp_20da66 (192.168.1.97) at 2c:3a:e8:20:da:66 on en2 ifscope [ethernet]

rokuremote (192.168.1.101) at dc:3a:5e:33:e7:5d on en2 ifscope [ethernet]

esp_4a6aed (192.168.1.127) at 5c:cf:7f:4a:6a:ed on en2 ifscope [ethernet]

sec30cda73680fa (192.168.1.163) at 30:cd:a7:36:80:fa on en2 ifscope [ethernet]

esp_4a619a (192.168.1.173) at 5c:cf:7f:4a:61:9a on en2 ifscope [ethernet]

? (192.168.1.189) at c6:fd:d2:2f:ab:76 on en2 ifscope [ethernet]

elmehidisiphone (192.168.1.219) at cc:29:f5:76:55:1e on en2 ifscope [ethernet]

eehub.home (192.168.1.254) at 18:82:8c:62:f4:17 on en2 ifscope [ethernet]

? (224.0.0.251) at 1:0:5e:0:0:fb on en2 ifscope permanent [ethernet]

? (226.0.0.1) at 1:0:5e:0:0:1 on en2 ifscope permanent [ethernet]

? (239.255.255.250) at 1:0:5e:7f:ff:fa on en2 ifscope permanent [ethernegud@Supahgud@Sugud@Supah-Pablo-6 gud@Supah-Pagud@Supah-Pablogud@Supah-Pagud@Supah-Pablogud@Supah-Pagud@Supahgud@Supahgud@Supahgud@Supah-Pagud@Sugud@Supahgud@Supahgud@Supah-Pagud@Supah-Pagud@Supah-Pagud@Supah-Pagudgudgudgud@Sugud@Sugud@Supahgud@Supahgud@Supahgud@Supahgud@Supah-Pagud@Supah-Pagud@Supahgud@Supah-Pagud@Supahgud@Supahgud@Supahgud@Supahgud@Supahgud@Supahgud@Supahgud@Sugud@Supahgud@Sugud@Sugud@Supahgud@Sugudgud@Sugudgudgudgudgud@Supahgudgud@Supah-Pagud@Supah-Pagud@Supah-Pablogud@Supah-Pablo-6 ~ %gud@Supah-Pagud@Supah-Pablogud@Supah-Pablogudgudgudgudgud@Supah-Pablo-6 ~ % 



here are two profiles both me. Guy Minimal and Gud - Which was actually a typo for Guy - It looked ok so I kept it. I know!!!


Out of nowhere when I was accessing console to try and understand why my system was slow when i had nothing showing in processes, 64 gig ram with 40 min free.

I was low in disk space but I was clearing out a lot and it made no difference.


I noticed in console that everything started with gud@Supah-Pablo-6

gud - is the current User name which i access when logging in.

Supah-Pablo-6 - is nothing to do with me and was not there prior to about a month ago


Supah-Pablo-6 - is one of the devices connected to my home network. It is also one of the people living in my building who I don't know well enough to know if he would or could have accessed my computer either on purpose or by accident.


I also noticed that the NetBIOS Name shown below - is Supaj-pablo-6 - I tried to change it and it reverted back to supa-pablo-6.


I also noticed that there is a weird string in terminal when I list the devices picked up on the current wifi network.


My question is this anything I should worry about I don't know how or why a flatmates device that is used to connect to my wifi is now showing in my computer log files and BIOS.


Let me know if i should provide anything else?


Guy


Supporting info.


This is what is on the terminal when I open each time-


Last login: Sun Sep 18 16:11:36 on ttys001

gud@Supah-Pablo-6 ~ % 


Other screenshots tp support the notes above. Let me know if I need to send anything else.


My two profiles are currently in use and not at the same time -



Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

How is this possible? - Showing now Console Log and Terminal

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up