Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Community > MacNN Lounge > MacBook Pro Stolen

MacBook Pro Stolen
Thread Tools
driven
Addicted to MacNN
Join Date: May 2001
Location: Atlanta, GA
Status: Offline
Reply With Quote
Aug 31, 2008, 09:44 AM
 
My new MBP was stolen along with my passport and other assorted documents. Grrr ....

Now I'm back working on my company issued Dell. (Talk about adding insult to injury). Fortunately the Migration Assistant program allowed me to migrate my Time Machine backup back to my old PowerMac G5. (Which ironically I was about to sell). Now this is once again my primary Mac for at least a while. (I can't afford to replace the MBP after buying the new house.)

Sucks .... but it is what it is.
- MacBook Air M2 16GB / 512GB
- MacBook Pro 16" i9 2.4Ghz 32GB / 1TB
- MacBook Pro 15" i7 2.9Ghz 16GB / 512GB
- iMac i5 3.2Ghz 1TB
- G4 Cube 500Mhz / Shelf display unit / Museum display
     
ghporter
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status: Offline
Reply With Quote
Aug 31, 2008, 09:56 AM
 
Bad luck, dude! Sorry to hear that. Can I assume this happened in conjunction with an arrival at Hartsfield? At the airport or on the way home from it? Reported to the police? AND the State Department (for your passport)? I'd wager that they could have as easily been after your passport as after your MBP.

Glenn -----OTR/L, MOT, Tx
     
driven  (op)
Addicted to MacNN
Join Date: May 2001
Location: Atlanta, GA
Status: Offline
Reply With Quote
Aug 31, 2008, 10:22 AM
 
No. My MBP was taken outside of a government building just outside of Washington DC where I am on a long-term contract. It was locked in the trunk of my rental car. I was only away from the car for about 45 minutes. My 3 other co-workers equipment was also taken. My passport just happened to be in the bag. It was reported to the police and the passport was reported to the state department. (I now have to reapply for a new one and pay the fee again.) (sigh)
- MacBook Air M2 16GB / 512GB
- MacBook Pro 16" i9 2.4Ghz 32GB / 1TB
- MacBook Pro 15" i7 2.9Ghz 16GB / 512GB
- iMac i5 3.2Ghz 1TB
- G4 Cube 500Mhz / Shelf display unit / Museum display
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Aug 31, 2008, 10:28 AM
 
Wow, they went into your locked trunk. That stinks, sorry to hear it. Have you put the serial number into any stolen computer databases?

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
driven  (op)
Addicted to MacNN
Join Date: May 2001
Location: Atlanta, GA
Status: Offline
Reply With Quote
Aug 31, 2008, 10:35 AM
 
Yeah ... they jimmied into the car and popped the trunk with the little trunk button. Nothing was in plain sight, so we must have been spotted getting out of the car. (4 guys dressed the way we were would be pretty easy to guess that we had laptops in the trunk).

What stolen computer databases? I didn't know they existed.
- MacBook Air M2 16GB / 512GB
- MacBook Pro 16" i9 2.4Ghz 32GB / 1TB
- MacBook Pro 15" i7 2.9Ghz 16GB / 512GB
- iMac i5 3.2Ghz 1TB
- G4 Cube 500Mhz / Shelf display unit / Museum display
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Aug 31, 2008, 10:43 AM
 

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
driven  (op)
Addicted to MacNN
Join Date: May 2001
Location: Atlanta, GA
Status: Offline
Reply With Quote
Aug 31, 2008, 11:03 AM
 
Thanks. I've just entered mine.

For those that might be concerned: My MBP serial number is W880104EYAM. It's a 2.4 Ghz model with 4GB of RAM and a 160GB hard disk. It has a 320 GB Western Digitial external drive with it.
- MacBook Air M2 16GB / 512GB
- MacBook Pro 16" i9 2.4Ghz 32GB / 1TB
- MacBook Pro 15" i7 2.9Ghz 16GB / 512GB
- iMac i5 3.2Ghz 1TB
- G4 Cube 500Mhz / Shelf display unit / Museum display
     
auto_immune
Dedicated MacNNer
Join Date: May 2008
Status: Offline
Reply With Quote
Aug 31, 2008, 11:26 AM
 
Do you own a car, and do you have it insured? Your auto insurance should cover the MBP theft.
     
driven  (op)
Addicted to MacNN
Join Date: May 2001
Location: Atlanta, GA
Status: Offline
Reply With Quote
Aug 31, 2008, 11:35 AM
 
It's a rental car by my company. Contents not covered.
- MacBook Air M2 16GB / 512GB
- MacBook Pro 16" i9 2.4Ghz 32GB / 1TB
- MacBook Pro 15" i7 2.9Ghz 16GB / 512GB
- iMac i5 3.2Ghz 1TB
- G4 Cube 500Mhz / Shelf display unit / Museum display
     
berkIeestudent84
Fresh-Faced Recruit
Join Date: Aug 2008
Location: CA & MA
Status: Offline
Reply With Quote
Aug 31, 2008, 11:46 AM
 
I'm sorry to hear about your goods being stolen.
If you need to send me a private message, please send it to brassplayersrock²
     
driven  (op)
Addicted to MacNN
Join Date: May 2001
Location: Atlanta, GA
Status: Offline
Reply With Quote
Aug 31, 2008, 12:14 PM
 
Originally Posted by berkIeestudent84 View Post
I'm sorry to hear about your goods being stolen.
Thanks. I've called my homeowners insurance to open a claim, but if I think they are going to raise my rates over this, I'll cancel the claim. The last claim I made for some lost jewelry cost me enough in premium increases that it wasn't worth making the claim.
- MacBook Air M2 16GB / 512GB
- MacBook Pro 16" i9 2.4Ghz 32GB / 1TB
- MacBook Pro 15" i7 2.9Ghz 16GB / 512GB
- iMac i5 3.2Ghz 1TB
- G4 Cube 500Mhz / Shelf display unit / Museum display
     
driven  (op)
Addicted to MacNN
Join Date: May 2001
Location: Atlanta, GA
Status: Offline
Reply With Quote
Aug 31, 2008, 12:23 PM
 
One quick question: My original OSX 10.5 install disk was inside the MBP. I don't have a backup. How can I replace this without paying another $129 retail fee?
- MacBook Air M2 16GB / 512GB
- MacBook Pro 16" i9 2.4Ghz 32GB / 1TB
- MacBook Pro 15" i7 2.9Ghz 16GB / 512GB
- iMac i5 3.2Ghz 1TB
- G4 Cube 500Mhz / Shelf display unit / Museum display
     
berkIeestudent84
Fresh-Faced Recruit
Join Date: Aug 2008
Location: CA & MA
Status: Offline
Reply With Quote
Aug 31, 2008, 12:27 PM
 
I'd e-mail Apple, and tell them what happened, also, send them a copy of the police report (PDF, scan in, ect). Worth a try anyways.
If you need to send me a private message, please send it to brassplayersrock²
     
BreadRecipe
Fresh-Faced Recruit
Join Date: Aug 2008
Location: NYC
Status: Offline
Reply With Quote
Aug 31, 2008, 12:50 PM
 
Lo-Jack?
/sudo apt-get upgrade checking account balance <enter>...?

www.Failblog.org
     
lexapro
Baninated
Join Date: Mar 2008
Status: Offline
Reply With Quote
Aug 31, 2008, 12:51 PM
 
     
driven  (op)
Addicted to MacNN
Join Date: May 2001
Location: Atlanta, GA
Status: Offline
Reply With Quote
Aug 31, 2008, 02:32 PM
 
Did'nt have either.
- MacBook Air M2 16GB / 512GB
- MacBook Pro 16" i9 2.4Ghz 32GB / 1TB
- MacBook Pro 15" i7 2.9Ghz 16GB / 512GB
- iMac i5 3.2Ghz 1TB
- G4 Cube 500Mhz / Shelf display unit / Museum display
     
Chuckit
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status: Offline
Reply With Quote
Aug 31, 2008, 03:00 PM
 
Originally Posted by lexapro View Post
This is a good call.

Sorry about your stuff, driven. That sucks.
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
     
Rumor
Moderator
Join Date: Feb 2006
Location: on the verge of insanity
Status: Offline
Reply With Quote
Aug 31, 2008, 04:18 PM
 
Originally Posted by auto_immune View Post
Do you own a car, and do you have it insured? Your auto insurance should cover the MBP theft.
Auto insurance policies do not cover contents in a vehicle that are not a part of the vehicle.

Originally Posted by driven View Post
Thanks. I've called my homeowners insurance to open a claim, but if I think they are going to raise my rates over this, I'll cancel the claim. The last claim I made for some lost jewelry cost me enough in premium increases that it wasn't worth making the claim.
Depending on you company, they may or may not. Also, remember that your deductible is the first thing to come out of the amount.

For future reference, check out a Personal Articles Policy. I have one through State Farm for my MBP. It is insured for $2800 and cost $30 a year. It is all peril and no deductible.
I like my water with hops, malt, hops, yeast, and hops.
     
driven  (op)
Addicted to MacNN
Join Date: May 2001
Location: Atlanta, GA
Status: Offline
Reply With Quote
Aug 31, 2008, 04:29 PM
 
Thanks .... I think I'll use Safeware next time. I don't like to tie anything extra to my homeowners or auto policies. They have a tendency to follow you in the event of a claim.

This sucks.
- MacBook Air M2 16GB / 512GB
- MacBook Pro 16" i9 2.4Ghz 32GB / 1TB
- MacBook Pro 15" i7 2.9Ghz 16GB / 512GB
- iMac i5 3.2Ghz 1TB
- G4 Cube 500Mhz / Shelf display unit / Museum display
     
Rumor
Moderator
Join Date: Feb 2006
Location: on the verge of insanity
Status: Offline
Reply With Quote
Aug 31, 2008, 04:47 PM
 
A PAP (Personal Articles Policy) is a standalone policy that has no bearing on your homeowners or auto insurance. I do not own a home, and do not have my car insured with State Farm.

Safeware is stupid expensive. For the same coverage I currently have, it would be $178. I like paying $30.

Beware of "specialty" insurance. Usually it has a much higher premium just because they can.
I like my water with hops, malt, hops, yeast, and hops.
     
Jawbone54
Posting Junkie
Join Date: Mar 2005
Location: Louisiana
Status: Offline
Reply With Quote
Aug 31, 2008, 04:58 PM
 
I don't have any advice, but I've very, very sorry about losing your MBP. Major downer.
     
Rumor
Moderator
Join Date: Feb 2006
Location: on the verge of insanity
Status: Offline
Reply With Quote
Aug 31, 2008, 05:57 PM
 
If you have any insurance questions, you can PM me. While I only have (had, it expired in January) my California Fire, Casualty, Life, and Health licenses, they are more stringent that most states, so I should be able to give decent advice.
I like my water with hops, malt, hops, yeast, and hops.
     
wallinbl
Professional Poster
Join Date: Dec 2001
Location: somewhere
Status: Offline
Reply With Quote
Aug 31, 2008, 06:12 PM
 
Originally Posted by driven View Post
Thanks. I've called my homeowners insurance to open a claim, but if I think they are going to raise my rates over this, I'll cancel the claim. The last claim I made for some lost jewelry cost me enough in premium increases that it wasn't worth making the claim.
Be glad you're not in Florida. If you file a claim down here, you'll get dropped.
     
imitchellg5
Posting Junkie
Join Date: Jan 2006
Location: Colorado
Status: Offline
Reply With Quote
Aug 31, 2008, 07:19 PM
 
I hope that you and your friends get your laptops back. It really sucks having something stolen. I've had my car stereo stolen before. Big bummer.
     
Brass
Professional Poster
Join Date: Nov 2000
Location: Tasmania, Australia
Status: Offline
Reply With Quote
Sep 1, 2008, 12:33 AM
 
Sorry to hear you've had it stolen, and I know this is shutting the gate after the horse has bolted, but it may be useful in future (or for others)...

My laptop runs a cron job every 15 minutes which uploads the output of 'ifconfig -a' and the first five lines of the output of 'traceroute' to my website. If you have a website you can upload this sort of thing to, then there's a good chance of recovering the laptop if it ever gets connected to the internet for any significant amount of time.
     
JoshuaZ
Professional Poster
Join Date: Jun 2005
Location: Yamanashi, Japan
Status: Offline
Reply With Quote
Sep 1, 2008, 01:20 AM
 
I'm sorry to hear that. I hope you recover it, or at least get a new computer for free out of it.

Theft sucks.
     
Love Calm Quiet
Mac Elite
Join Date: Mar 2001
Location: CO
Status: Offline
Reply With Quote
Sep 1, 2008, 05:38 AM
 
I feel for you, man.

I'm going to stick to my guns about keeping laptop attached to my hip (despite wifey's cry of "paranoia").

:: Planning for laptop and self to die conjointly ::
TOMBSTONE: "He's trashed his last preferences"
     
Railroader
Banned
Join Date: Jun 2005
Location: Indy.
Status: Offline
Reply With Quote
Sep 1, 2008, 09:57 AM
 
Thought you might be interested: I have a MAC-BOOK pro for sale cheap. Comes with a os x windows insta;l disk. I also have some other equipment you sound like you might be interested in. PM ME.




Too soon?
     
imitchellg5
Posting Junkie
Join Date: Jan 2006
Location: Colorado
Status: Offline
Reply With Quote
Sep 1, 2008, 11:55 AM
 
LOL Railroader. Driven, I would maybe keep an eye out on the DC area Craigslists. You never know what might pop up :/
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Sep 1, 2008, 12:52 PM
 
Originally Posted by Brass View Post
Sorry to hear you've had it stolen, and I know this is shutting the gate after the horse has bolted, but it may be useful in future (or for others)...

My laptop runs a cron job every 15 minutes which uploads the output of 'ifconfig -a' and the first five lines of the output of 'traceroute' to my website. If you have a website you can upload this sort of thing to, then there's a good chance of recovering the laptop if it ever gets connected to the internet for any significant amount of time.
The one caveat about this solution is that if the cron job knows the FTP/SFTP password to your site in order to log in and upload the data, then the bad guys can figure out the password from looking at the script, and then they can log into your site themselves and delete all the information you uploaded (and also deface your site in any other way they'd like).

However, this approach can work if you write a CGI script and have the cron job send the data to the CGI script via POST or something - this way you wouldn't have to encode your password anywhere.

Another thing to add is that in this day and age you can also have your cron job snap a picture of the perp using the iSight camera (but I'd upload the IP address data first, just in case the perp notices the camera turning on and manages to disable things in time).

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
seanc
Moderator Emeritus
Join Date: Apr 2005
Location: Cambridge, UK
Status: Offline
Reply With Quote
Sep 1, 2008, 01:48 PM
 
Originally Posted by Brass View Post
Sorry to hear you've had it stolen, and I know this is shutting the gate after the horse has bolted, but it may be useful in future (or for others)...

My laptop runs a cron job every 15 minutes which uploads the output of 'ifconfig -a' and the first five lines of the output of 'traceroute' to my website. If you have a website you can upload this sort of thing to, then there's a good chance of recovering the laptop if it ever gets connected to the internet for any significant amount of time.
Does that cron job run even if you're not logged in?
     
awaspaas
Mac Elite
Join Date: Apr 2001
Location: Minneapolis, MN
Status: Offline
Reply With Quote
Sep 1, 2008, 04:36 PM
 
Did you have Back To My Mac enabled on the machine?
     
Brass
Professional Poster
Join Date: Nov 2000
Location: Tasmania, Australia
Status: Offline
Reply With Quote
Sep 1, 2008, 05:44 PM
 
Originally Posted by seanc View Post
Does that cron job run even if you're not logged in?
Yes, cron does not require anyone to be logged in.

It does not use passwords to access the site, either.
     
Brass
Professional Poster
Join Date: Nov 2000
Location: Tasmania, Australia
Status: Offline
Reply With Quote
Sep 1, 2008, 05:50 PM
 
Originally Posted by CharlesS View Post
The one caveat about this solution is that if the cron job knows the FTP/SFTP password to your site in order to log in and upload the data, then the bad guys can figure out the password from looking at the script, and then they can log into your site themselves and delete all the information you uploaded (and also deface your site in any other way they'd like).

However, this approach can work if you write a CGI script and have the cron job send the data to the CGI script via POST or something - this way you wouldn't have to encode your password anywhere.

Another thing to add is that in this day and age you can also have your cron job snap a picture of the perp using the iSight camera (but I'd upload the IP address data first, just in case the perp notices the camera turning on and manages to disable things in time).
It does not use passwords. It does, however, use SSH certificates with 'scp', which still has the potential for problems. However, in order to access my site this way, the thief would first have to be able to log in as me (and my account always has the screen locked). This is not impossible (ie, could boot of an install CD, and change the admin password, and then reset my password), but is not trivial either.

But it is fairly unlikely that they would do all this, and understand that they could access my site at all.

NB: They'd have to do some considerable fiddling around in the system to even notice that anything was going on at all, anyhow. They'd be very unlikely to notice that the possibility was there (although I do know that security by obscurity is not anything to rely on).

However, you're right, I should look into improving this to use HTTP POST to an site-installed PHP script or some such thing.
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Sep 1, 2008, 06:04 PM
 
Originally Posted by Brass View Post
It does not use passwords. It does, however, use SSH certificates with 'scp', which still has the potential for problems. However, in order to access my site this way, the thief would first have to be able to log in as me (and my account always has the screen locked). This is not impossible (ie, could boot of an install CD, and change the admin password, and then reset my password), but is not trivial either.
I'd disagree - it is trivial to get your SSH private key from your hard drive if you don't have FileVault on or something... you can reset the password (as you mentioned), but really you don't have to do anything that complicated - just boot into Single-User Mode and copy the file to another home folder, or hook it up to another machine with FireWire Target Mode... heck, it's very easy to get that file out of your home folder. And then they can delete all the evidence, as well as deface your site in other ways.

I'd definitely recommend the POST method.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
RAzaRazor
Mac Elite
Join Date: Jan 2001
Location: Salt Lake City
Status: Offline
Reply With Quote
Sep 2, 2008, 02:42 AM
 
LOL, You guys are giving thieves way too much credit.
     
calverson
Mac Elite
Join Date: Jul 2007
Location: Johannesburg, South Africa
Status: Offline
Reply With Quote
Sep 3, 2008, 04:07 AM
 
Originally Posted by CharlesS View Post
I'd disagree - it is trivial to get your SSH private key from your hard drive if you don't have FileVault on or something... you can reset the password (as you mentioned), but really you don't have to do anything that complicated - just boot into Single-User Mode and copy the file to another home folder, or hook it up to another machine with FireWire Target Mode... heck, it's very easy to get that file out of your home folder. And then they can delete all the evidence, as well as deface your site in other ways.
Originally Posted by RAzaRazor View Post
LOL, You guys are giving thieves way too much credit.
Well, either way, if they care to look on the MacNN forums, they definitely have the answers they need now.
     
Trygve
Mac Enthusiast
Join Date: Jul 2000
Location: Dubai, UAE
Status: Offline
Reply With Quote
Sep 3, 2008, 05:05 AM
 
Originally Posted by lexapro View Post
IIRC they do not cover theft from an unattended vehicle.
     
Trygve
Mac Enthusiast
Join Date: Jul 2000
Location: Dubai, UAE
Status: Offline
Reply With Quote
Sep 3, 2008, 05:13 AM
 
Originally Posted by Brass View Post
It does not use passwords. It does, however, use SSH certificates with 'scp', which still has the potential for problems. However, in order to access my site this way, the thief would first have to be able to log in as me (and my account always has the screen locked). This is not impossible (ie, could boot of an install CD, and change the admin password, and then reset my password), but is not trivial either.
Are there some examples floating around (or that you are willing to share from yours)? I'd like to do something like this.
     
ebuddy
Posting Junkie
Join Date: Aug 2003
Location: midwest
Status: Offline
Reply With Quote
Sep 3, 2008, 06:14 AM
 
I love the idea of triggering iSight via cron job on top of traceroute. (which can be done in a matter of seconds right?)

That rocks! One of our wealthy posters should use their laptop as a sting using the above. Just once it'd be nice to catch someone. JUST ONCE!!!
ebuddy
     
nikstar101
Junior Member
Join Date: Jul 2001
Location: London UK
Status: Offline
Reply With Quote
Sep 3, 2008, 06:27 AM
 
This sounds like a good programme to have if you use a laptop regularly.

http://www.orbicule.com/undercover
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Sep 3, 2008, 01:41 PM
 
Originally Posted by calverson View Post
Well, either way, if they care to look on the MacNN forums, they definitely have the answers they need now.
As if there weren't already a ton of "I lost my password - how to reset it?" threads on this forum (and all over the rest of the Internet).

If you do it without storing your password / SSH key, then the thieves are going to be kind of screwed as soon as your data is uploaded, no matter whether they read this thread or not.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
brassplayersrock²
Addicted to MacNN
Join Date: Mar 2006
Location: California
Status: Offline
Reply With Quote
Sep 3, 2008, 05:21 PM
 
Originally Posted by ebuddy View Post
I love the idea of triggering iSight via cron job on top of traceroute. (which can be done in a matter of seconds right?)

That rocks! One of our wealthy posters should use their laptop as a sting using the above. Just once it'd be nice to catch someone. JUST ONCE!!!

http://www.macnn.com/articles/08/05/...aught.via.mac/
     
ebuddy
Posting Junkie
Join Date: Aug 2003
Location: midwest
Status: Offline
Reply With Quote
Sep 3, 2008, 06:47 PM
 
Originally Posted by brassplayersrock² View Post
Yeeeeahhhh! Love it.
ebuddy
     
Brass
Professional Poster
Join Date: Nov 2000
Location: Tasmania, Australia
Status: Offline
Reply With Quote
Sep 3, 2008, 07:01 PM
 
Originally Posted by Trygve View Post
Are there some examples floating around (or that you are willing to share from yours)? I'd like to do something like this.
Here's there script that I run from cron every 15 minutes, all day every day. Note that this happens whether you are logged in or not, and it is very unlikely that a laptop thief would know it is happening (they would have to specifically and deliberately check cron for this kind of thing).

You'd need to substitute the <host.dns.name> for your actual SSH-enabled web server host name and substitute <directory/path> for the actual path to your chosen directory on that host. You'll also need to set up SSH keys to connect without a password.

If intending to use a script like this, you should keep in mind the security implications that have already been raised in this forum (ie, if your laptop is stolen, and the thief is IT/OS savvy, and is really desperate for your information, rather than your hardware, then they could log in to your webserver, as you, from your laptop). One recommended work around to this is to use HTTP/POST instead of SSH/SCP.

Code:
#!/bin/sh if [ -f netme.txt ] ; then /bin/rm netme.txt fi echo "########## Date and Time ##########" >> netme.txt echo >> netme.txt /bin/date >> netme.txt echo >> netme.txt echo >> netme.txt echo "########## Interface Configuration ##########" >> netme.txt echo >> netme.txt /sbin/ifconfig -u >> netme.txt echo >> netme.txt echo >> netme.txt echo "########## Route to <host.dns.name> (first 5 hops) ##########" >> netme.txt echo >> netme.txt /usr/sbin/traceroute -m 5 <host.dns.name> >> netme.txt 2>&1 echo >> netme.txt echo >> netme.txt /bin/date >> netme.txt scp netme.txt <host.dns.name>:<directory/path> /bin/rm netme.txt
     
Brass
Professional Poster
Join Date: Nov 2000
Location: Tasmania, Australia
Status: Offline
Reply With Quote
Sep 4, 2008, 08:47 PM
 
OK, I've updated my script to make it not only more secure, but also a little simpler. This new script uses no passwords or certificates, etc, etc. In fact it doesn't even upload anything to any server anywhere. It merely gets recorded in the log files of the remote server.

So in theory, you don't even need access to the remote server, but would have to at least be able to make sure the police can get access the server logs. Ideally of course, you should have access to it, to make sure it's working as expected, and for more prompt monitoring in case of actual theft.

The lines that get left in the log file is not as easy to read as in my original script (above), but the information is all there.

Here's the script:

Code:
#!/bin/sh HOST="<host.dns.name>" PAGE="heartbeat" DATE=`/bin/date` IFCONFIG=`/sbin/ifconfig -u | grep inet | grep -v "127.0.0.1"` TRACEROUTE=`/usr/sbin/traceroute -m 5 $HOST 2>/dev/null | grep -v \*` urlencode() { echo $1 | sed "s/ /__/g; s/ /___/g; s/\n/____/g" } DATE=`urlencode "$DATE"` IFCONFIG=`urlencode "$IFCONFIG"` TRACEROUTE=`urlencode "$TRACEROUTE"` URL="http://$HOST/$PAGE?DATE=$DATE&IFCONFIG=$IFCONFIG&TRACEROUTE=$TRACEROUTE" curl "$URL" > /dev/null 2>&1
Note that this does not produce correctly encoded URLs, but that doesn't matter as we're not trying to get anything returned from the webserver. In fact we're actually accessing the URL for a page that doesn't even exist (in most cases). Using not quite correct URL encoding makes the results a little easier to read in the log file. Spaces, TABs and newlines are substituted, however.

To get it to work, just copy it to your Mac somewhere (I called mine 'heartbeat'), make it executable (chmod 755 <path>), substitute <host.dns.name> for the name of the webserver you want it to connect to (preferably where you have access to the log files), and then create a cron job to run in regularly (I run mine every 15 minutes).

Note that this will not work from behind a web proxy. You can change this by adding proxy information (including user/pass) the the 'curl' command, but this should only be done for testing purposes, as the proxy information will be invalid if the machine is stolen (unless it is stolen by somebody in your office).

To check that it is working, monitor your servers log file for the word 'heartbeat' (or change it in the script to something else suitable).

Eg: 'tail -f access.log | grep heartbeat'
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
Sep 4, 2008, 09:19 PM
 
That looks good, but I still like my HTTP POST idea as it would allow uploading of a picture from the iSight camera.

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 12:43 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,