I’ve been recently been hacked into. Is there a way to get the IP address of the culpit?
Every connection into OSXvnc is logged in the current output log (although if they gained complete access they could have attempted to modify the logs).
If you are running it as an application then the log should be in
~/Library/Logs/OSXvnc-server.log
If it’s running as a startup item then you should find it at
/var/logs/osxvnc.log
Hi Janathan,
I too had a problem with a hack into my server. I came into my office, and someone had control of my desktop and was uploading files to a remote server. I had my server password protected, so it seems that the password was cracked.
Unfortunately, the log in ~/Library/Logs has been replaced since the VNC server was restarted. On the other hand I have lines of the following form in my /var/log/system.log:
Pixel format for client 6819:1412:a011:90:100::3c00:0:
…
What is the format for numbers for this client, and would I be able to decipher the IP of the client from this? If not, are there any other places I can look to track down the IP of the client that connected?
Thanks,
Carl.
That is an IPv6 style IP address. I see some tools to convert from IPv4 to IPv6 but not the other way around.
Do you have any idea why this is an IPv6 address? Does it mean that the client connected through IPv6 (does OSXVnc support IPv6 connections)?
Thanks,
Carl.
Yes, it does support IPv6 and it does mean that they connected through IPv6.