One of the staff at Lillifoot gave me a call yesterday – the iMac was doing strange things, and browsing websites all by itself. Was I remotely controlling it? No, but I immediately knew what had happened. Last month I had set up the Vine VNC Server to test out remote support. As an experiment, I had started up the server, and tried to connect a VNC viewer via a ssh tunnel. There was some problem (I can’t remember what), so I temporarily disabled the security. And then completely forgot about it. Until the phone call yesterday. Anyway, I now know the answer to “How long does it take for someone to find an unprotected VNC server?” (about 6-7 weeks)
Luckily, the curious visitor was only able to connect through a locked down user account, and the staff member was watching when it happened. The logs show no other activity has taken place (though I still did a full scan of the system).
Renaissance Developer 
Laying yourself wide open Joe – you might as well have just put a sign up saying hack me here. Giving the IP address means that a better hacker can get into the machine that targeted you (as it is unlikely to be the hackers actual location) check its logs, find you and do the job properly as you have generously told them what software you are running.
LikeLike
Hi Hugh. Good point, well made! Strangely enough, when I wrote this I actually tried to re-read it through my “Hugh Filter” (i.e. what would Hugh think of this?). I obviously need to upgrade my filter 🙂
I’ve already disabled remote access to the computer in question, and I’m fairly certain there are no bugs left behind. I had a suspicion, based upon what the intruders did, that it was probably some kids fooling around, but I obviously don’t really know. (No, I didn’t run nmap on the ip address). I have removed the remote details from the post, though. Thanks for checking!
LikeLike