Someone guessed a password for a little-used account on my iMac sometime last month, and I didn’t notice it until just today. Dammit.
So for the past month, apparently, someone has been running an IRC server on my machine, doing who knows what kinds of nefarious stuff. Bastards.
This is of course totally my fault. I had ssh open and was using passwords instead of public/private keys for authentication, so all they had to do was hammer away at my machine until they guessed a password.
My logs show it all. Hundreds upon hundreds of attempts until they finally got in. They then copied source code into a subdirectory off /tmp, compiled it, and started it up. Sneaky. Typical pansy hacker crap. Not exactly the kind of thing that sends you into a panic screaming “my Mac is insecure!”
Since obviously, this is total user error on my part.
I feel like a total moron.
Anyway, I’m spending today wiping my machine and reinstalling all my apps, then restoring data files from backups. Not what I hoped to do today.