Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Was hacked. Am I safe now? Still weird activity maybe?


  • Please log in to reply

#1
Bluexanadu

Bluexanadu

    New Member

  • Member
  • Pip
  • 2 posts
**im on a Mac, I cannot run FRST**

Hello, lately I think Ive been having some issues with my internet security. I was wondering what people here thought. Any help into if there still seems to be an issue or insight as to what could have happened is appreciated.

Recently,

-An email I made for my younger sister to play Elder scrolls online that didnt get any use outside of that and has been stagnant since, I was made aware got hacked and was apparently banned and used to spam. (Says when I logged into it) I wasnt even going to log into it, however, when I went to enter my email on my iPhone, it came up in the auto suggest and I was surprised because its usually my two main that I frequently use and I never have used it since I made it to my acknowledgement. Im not even sure that I ever even saved the password to my phone or even logged in on my phone. The email DOESNT appear on haveibeenpwned. This tipped me off into looking into my security more.

-As I was changing some email things like passwords etc for safety, juggling my iPhone and iMac for ease, I got an email pretending to be apple to an email that doesnt even have an iCloud account attached to it with poor syntax and definitely not apple and no virus-ey link to click, just asking that I go and update my information as there was (I forget exactly) an unknown log in attempt or something. I only cared really because usually it goes right to spam and I dont click but it went to my main inbox. Which makes me think, that someone can see what Im entering to some degree then since they didnt try to direct me anywhere? Or maybe it is literally just purely coincidence. Also the account they said had an Apple ID does not.

-I noticed that my main email had lots of unsuccessful syncs from various IPs around the world.
(At this point I factory reset all of my devices except ones that arent mine)

-Before, there were more unknown devices (Unknown-XX-XX-XX-XX-XX-XX). There is one that keeps coming up even if I delete it.

IP address looks the same as the rest of the recognized devices except for the last number. I dont know what I have thats creating it as everything is accounted for.

-On my router homepage under protected intrusions, I see these

tcp_port_scan 9
tcp_syn_scan 1
tcp_data_on_syn_segment 42
ping_sweep_scan 1
tcp_syn_flood 1
udp_port_scan 2

Previously, despite being told that everything is constantly under attack, and that this is normal everything read 0s and Ive never intentionally reset my statistics. The number is of course only going up by the day.

-On my router homepage, I get many of these notifications

1. IDS proto parser : tcp data on syn segment

2. IDS scan parser : udp port scan: [NOT MY IP] scanned at least 20 ports at [ROUTER IP] . (1 of 1) : [NOT MY IP] [ROUTER IP] XXXX UDP XXXX->XXXXX

3. FIREWALL replay check (1 of 17): Protocol: ICMP Src ip: [MY IP] Dst ip: [NOT MY IP] Type: Destination Unreachable Code: Port Unreacheable

4. FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: [NOT MY IP] Dst ip: [ROUTER IP] Type: Time Exceeded Code: Time to Live exceeded in Transit

And more.

The times that these events happen often will be very close together. (Within about 20 minutes or less and then cut off for a bit)

Most of these IPs say they belong to apple, google, amazon or companies. Is this normal? Is this safe? I ask because is it possible to spoof an IP to make it easier to try and enter a network or something?

-My Wireless mouse and keyboard are not working correctly/ the keyboard even with batteries replaced will often not type correctly. This has only started happening within the last few days.

-Sometimes webpages will not load fully or will just not let me access them to a more frequent than usual degree.
My internet across all devices is extremely slowed down pretty suddenly. 4.32 DL speed, 0.83 upload speed, 15 pings.

-Unsure if related but: I have gotten 2 spam phone calls when really over this entire year Ive maybe gotten 4ish, then now I get two in two days. I realize thats not a lot but its still odd to me considering the time this happening.

Heres what Ive done so far:
-Added authenticators to things that I could
-Changed any passwords I care about
-Deleted my paypal just to be safe
-Changed my internet passwords that care about
-System reset all of my devices and only loaded back on some things from iCloud.
-Cleared out my iCloud almost entirely
-Upgraded my Mac OS (my computer wouldnt let me before without system resetting apparently)

Maybe it was too much, maybe it wasnt? Honestly, Im not sure. I just wanted to be safe. Id just like to know what you all think if given the things that are still happening if its normal and safe? Thanks so much for reading and maybe helping out. Have a great day.

Edited by Bluexanadu, 12 November 2018 - 11:25 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP