Earlier today, I noticed that my cursor was moving spontaneously, and that typing was occurring without my input. I immediately disconnected from the network and took a look at my system log files.
I noticed that the Vine VNC server was running with no password protection. I immediately launched the Vine Server application to check its settings, and found that in fact a password had been set. I clicked on the “Stop Server” button, and the user interface indicated that “The server is not running”. However, when I took a look at the active processes using the process status (PS) command, I found that the Vine Server was still running. A port scan against the loopback address confirmed that.
When I killed the Vine VNC process with “kill -9”, it immediately re-spawned a new, active VNC process.
So my questions are:
-
Under what condition would the Vine VNC server launch with no password protection in spite of a password being set in the user interface?
-
Under what condition would the Vine VNC server continue to run and listen for incoming connections after I had clicked on the “Stop Sever” button in the user interface?
-
Why would Vine automatically re-spawn a new VNC server process when the user interface indicated that the process was not running?
Here is the relevant entry from my system log:
Mar 2 13:19:12 173-100-55-23 com.apple.launchd.peruser.501[151] (VineServer[7740]): Exited: Killed
Mar 2 13:19:12 173-100-55-23 OSXvnc-server[9180]: Arguments: -rfbport 5900 -desktop 174-153-167-131.pools.spcsdns.net -rfbnoauth -SystemServer 1 -restartonuserswitch N -UnicodeKeyboard 0 -keyboardLoading Y -pressModsForKeys Y -EventTap 3 -swapButtons -rendezvous Y
Mar 2 13:19:12 173-100-55-23 OSXvnc-server[9180]: Warning: No Auth specified, running with no password protection
Mar 2 13:19:12 173-100-55-23 OSXvnc-server[9180]: Main Bundle: /Library/Application Support/VineServer
Mar 2 13:19:12 173-100-55-23 OSXvnc-server[9180]: Loading Bundle /Library/Application Support/VineServer/Resources/TigerBundle.bundleMar 2 13:19:12 173-100-55-23 OSXvnc-server[9180]: Running in Little Endian
Mar 2 13:19:12 173-100-55-23 OSXvnc-server[9180]: Waiting for clients
Mar 2 13:19:12 173-100-55-23 OSXvnc-server[9180]: Using Private Event Source
Mar 2 13:19:12 173-100-55-23 OSXvnc-server[9180]: Using Dynamic Event Tap -- HID for console userMar 2 13:19:12 173-100-55-23 OSXvnc-server[9180]: Started Listener Thread on port 5900
OS: Mac OS X 10.6.2
Vine Sever: 3.1.2b2
Connection type: PPP via Sprint PCS Wireless Broadband