[FatBastard]

I assigned a static IP to one of my macs, to set up as an FTP server.

The other day I tried to log into it (Apple Personal File Share), from another networked mac, as an admin user and the password failed. Fortunately the machine was up and running so I was able to create another admin user, correct the password and re-log in. Today I turned on the machine and I cannot get into it using any of the admin user names and/or passwords. I checked caps lock and all of the other simple mistakes that could go wrong with inputting the passwords and I still cannot get in.

What are my options to rectify the situation? I want my machine back...

[m.brown]

Originally posted by FatBastard:
I assigned a static IP to one of my macs, to set up as an FTP server.

The other day I tried to log into it (Apple Personal File Share), from another networked mac, as an admin user and the password failed. Fortunately the machine was up and running so I was able to create another admin user, correct the password and re-log in. Today I turned on the machine and I cannot get into it using any of the admin user names and/or passwords. I checked caps lock and all of the other simple mistakes that could go wrong with inputting the passwords and I still cannot get in.

What are my options to rectify the situation? I want my machine back...

Boot up from the OS X CD and from the menu you can reset the passwords.

[FatBastard]

It's done and worked like a charm. THANKS SO MUCH.

Did I get hacked?

I noticed and reset the root admin password. I do not remember ever setting this and is there a default pass that was pre-set.

[m.brown]

Originally posted by FatBastard:
It's done and worked like a charm. THANKS SO MUCH.

Did I get hacked?

I noticed and reset the root admin password. I do not remember ever setting this and is there a default pass that was pre-set.

As far as I know the root password on Mac OS X client is not preset - the first time you use netinfo to authenticate as root it asks you to set a non-trival one.

I don't know if you were hacked - but make sure you do set complex passwords - that contain a mixture of upper, lower case letters, numbers and characters such as "+". Never use words, post/zip codes, telephone numbers. Keep you root password different from the user password.

Go and change it now if necessary.

an exmple of a good password would be:

a0gU+4tm(eY3)uE

Sorry if this appears condescending - it's not meant to - just comes from working with students and staff who set insecure passwords.

Check you logs to see who logged in and when.

Best,

Mike

[FatBastard]

No offense taken. Your constructive criticism is much appreciated.

So my four digit phone number password won't the trick huh? LOL

Up until I made this machine live (static IP), I've used simple passwords and I should have better pre-planned this move.

You mentioned logs, I've been trying to find them since I reset the passwords but i haven't a clue where to look.

[Phanguye]

i dont believe in that password stuff... i just always set mine to "god" and no one has ever bothered me

[m.brown]

Originally posted by Phanguye:
i dont believe in that password stuff... i just always set mine to "god" and no one has ever bothered me

I hope that you are joking, or never have an active internet connection and trust those around you implicitly.

[FatBastard]

You mentioned logs, I've been trying to find them since I reset the passwords but i haven't a clue where to look.

[Developer]

I always use "secret" for all my passwords. So whenever someone asks me what it is I can say "My password is secret" and smile because nobody gets that I actually just told him/her.

[m.brown]

Originally posted by FatBastard:
No offense taken. Your constructive criticism is much appreciated.

So my four digit phone number password won't the trick huh? LOL

Up until I made this machine live (static IP), I've used simple passwords and I should have better pre-planned this move.

You mentioned logs, I've been trying to find them since I reset the passwords but i haven't a clue where to look.

OK, this is the more difficult part - because if someone has hacked your system, chances are they spoofed their IP address.

Also, I'm not that familiar with tracking down potential security breeches - so come on guys give me hand - nods to rest of the board...

First you could try opening the terminal and typing "last".

Last will list the sessions of specified users, ttys, and hosts, in reverse time order. Each line of output contains the user name, the tty from which the session was conducted, any hostname, the start and stop times for the session, and the duration of the session.

You should also look in /private/var/log for your other logs - I'm sure people on this board can elaborate how to analyze these logs.

BTW, I would not trust your hacked machine anymore. If you were hacked, then I would backup your data, format your drive - choose the "zero all data" option, and do a complete reinstall of OS X.

[m.brown]

Originally posted by Developer:
I always use "secret" for all my passwords. So whenever someone asks me what it is I can say "My password is secret" and smile because nobody gets that I actually just told him/her.

You *must* be kidding yes?

[pimephalis]

Originally posted by FatBastard:
You mentioned logs, I've been trying to find them since I reset the passwords but i haven't a clue where to look.

All of your system logs are kept in the directory /var/log. You can access them with the finder or with the terminal.

I think you want to check both system.log and whatever log is associated with your ftp server.

HTH

[shiff]

Let's not forget sex also as a password.. Maybe you got hit by the Michaelangelo virus. I thought I was the only one that has seen that movie or would admit to it.

"Hack The Planet" haha

[sushiism]

We're forgetting LOVE
i always set mine to cerealKLLR, HACK THE PLANET WERE ALL COWBOYS WITH TEMPRARRY ALLIES AND COMMERADES AND YOU ARE THE SHEEP AERGH my mpeg card in my VGA slot is triple the speed of a pentium i hope i dont screw like i type.
etc

[gatorparrots]

Originally posted by sushiism:
We're forgetting LOVE
i always set mine to cerealKLLR, HACK THE PLANET WERE ALL COWBOYS WITH TEMPRARRY ALLIES AND COMMERADES AND YOU ARE THE SHEEP AERGH my mpeg card in my VGA slot is triple the speed of a pentium i hope i dont screw like i type.
etc

Too bad OS X (like a lot of Unices) is limited to 8 characters for the maximum password length.

[Cipher13]

Originally posted by gatorparrots:
Too bad OS X (like a lot of Unices) is limited to 8 characters for the maximum password length.

A lot of Unix systems are, but OSX certainly is not... I believe there was a bug with OSX early on whereby only the first 8 characters were checked for correspondence with the password hash (and only the first 8 characters were hashed in the first place), but that was aaaages ago.

Correct me if I'm mistaken.

[hew]

Originally posted by Cipher13:
A lot of Unix systems are, but OSX certainly is not... I believe there was a bug with OSX early on whereby only the first 8 characters were checked for correspondence with the password hash (and only the first 8 characters were hashed in the first place), but that was aaaages ago.

Correct me if I'm mistaken.

I believe you are correct about that. I believe it was pre 10.1 aka Public Beta - 10.0.4, but I may be wrong.

[proton]

Originally posted by Cipher13:
A lot of Unix systems are, but OSX certainly is not... I believe there was a bug with OSX early on whereby only the first 8 characters were checked for correspondence with the password hash (and only the first 8 characters were hashed in the first place), but that was aaaages ago.

Correct me if I'm mistaken.

OS X only supports 8 character passwords still.

Try this on a Jaguar machine:
1. Reset your password (this makes sure your password has been set using Jaguar so you can't blame it on 10.1's password setting routines).
2. Try and login by typing the first 8 characters of your password
3. Notice that you are now logged in

You can also demonstrate this by typing your password and then pounding the keyboard a bit to add some garbage at the end of the password.

- proton