[G4] "Echo you got owned"
Richard Klein
richspk at gmail.com
Wed Nov 12 10:11:04 PST 2008
On Wed, Nov 12, 2008 at 12:43 PM, Giorgio Gomelsky <gio1 at rcn.com> wrote:
>
> On the G4 I run the QuickTimeStreamingServer (on its own IP#) for serving
> videos,
> embedded on a website served from a W2K (web) server thru a router (own IP#
> too), using 2 different
> ISPs connections Been working for years with no problems.
>
> Checked Activity Monitor on G4 (without QTSS running) and noticed following
> "servers",
> 1. SystemUIServer (Process ID229)/Parent Process: 'loginwindow ',
> 2 ATSServer (process ID89)/Parent Process: 'launchd ' which the "sample"
> cannot examine "for unknown reasons
> even though it appears to exist".
> 3 OSXvnc-server (ID137) Parent Process "sh(124)"
> 4 QTSS adds the "windowserver" (ID63) Parent Process: "launchd (01)"
I'm only guessing, but I bet OSXvnc-server is how they got in. If you
don't need that running, shut it down and make sure it's not set to
start automatically (like by cron or something). If you do need it,
make sure you have it set to require a password, and if you already
had a password on it, change it.
QTSS is probably harmless. I don't know what ATSServer is, but
OSXvnc-server would definitely give them access to your computer if
it's not requiring a password, or if they guessed your password.
--
Rich
More information about the G4
mailing list