 |
 |
Potential intrusion: should I be worried?
|
|
|
|
|
Grizzled Veteran
Join Date: Apr 2004
Location: Nagoya, Japan • 日本 名古屋市
Status:
Offline
|
|
This has happened to me twice now: I'm sitting down, working at my Mac when I notice it get sluggish, and the hard drive starts churning continuously. I fire up Activity Monitor to see what's going on. None of my own processes are misbehaving. Switching to "all users", I see a whole bunch of processes belonging to "root" and "nobody" called sh (several instances), find, and sort. The find and sort processes take up 30-60% CPU. The second time this happened, there was another process called "make-something" (I don't quite remember) which was also hogging CPU.
I quickly forced all these processes to quit and started up the OS X firewall. My system then returned to normal.
My understanding is that running a shell script in terminal calls "sh", and find and sort are both Unix commands.
I ask the more tech-savvy people here if they've ever seen this, and whether I should be worried or not. It appears suspiciously to be some kind of computer trespassing/intrusion.
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Sep 2000
Status:
Offline
|
|
leave your firewall on.
-r.
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Apr 2004
Location: Nagoya, Japan • 日本 名古屋市
Status:
Offline
|
|
I plan to. 
PS — Out of curiosity, where do you mean by "Japanada"?
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Jan 2002
Location: Laurentia
Status:
Offline
|
|
Well, I suppose it may be a hacker, but this is a very, very, very unlikely conspiracy theory.
If I had to guess I'd say you were running 10.4 and that the processes run by "nobody" are related to spotlight indexing and other system-level functions (perhaps even the daily scripts that run under "nobody" and "root").
I noticed this same thing on my machine once and the symptoms were the same and the processes were the same and the cause was spotlight. I did a web search and found a description of the "nobody" user and what it does. I'd be very suprised if some hacker were hijacking these.
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Feb 2005
Location: 888500128
Status:
Offline
|
|
edit: not Spotlight.
You are not being hacked, however.
(Last edited by analogika; Jan 8, 2006 at 02:23 PM.
)
|
|
|
| |
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Apr 2004
Location: Nagoya, Japan • 日本 名古屋市
Status:
Offline
|
|
Thanks! You've set my mind at ease.
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Nov 2004
Location: Belgium
Status:
Offline
|
|
It were your maintenance scripts kicking in. No need to worry.
|
iMac 20" C2D 2.16 | Acer Aspire One | Flickr
|
| |
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status:
Offline
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Oct 2004
Status:
Offline
|
|
They normally happen when you are supposed to be asleep. My computer runs the scripts around 3:00am. I've only been up long enough to see it happen a few times.
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2004
Status:
Offline
|
|
Have a look at the man page for [FONT="Courier New"]periodic(8)[/FONT].
|
╭1.5GHz G4 15" PB, 2.0GB RAM, 128MB VRAM, 100GB 7200rpm HD, AEBS, BT kbd
╰2.0GHz T2500 20" iMac, 1.5GB RAM, 128MB VRAM, 250GB 7200rpm HD
http://www.DogLikeNature.com/
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Dec 2005
Status:
Offline
|
|
FreeBSD (from which Darwin is derived) does the same thing... at exactly 3am the hd starts churning. It means its time to go to bed! 
Btw, this is a nice doc in case you are concerned about security:
http://www.corsaire.com/white-papers...os-x-tiger.pdf
Around page 10 it starts to get pretty hardcore and overkill for a non-server / home machine.
(Last edited by rem; Jan 9, 2006 at 05:14 AM.
)
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
