macos – Attempting to determine if Mac is being hacked

You’re totally not being hacked.

There is perhaps hacking makes an attempt, however because the log entry says “Authentication failed…” I’d chalk this as much as makes an attempt to hack any IP handle on the earth by armies of bots and/or script kiddies. Any and each IP handle that’s uncovered to the Web will get scanned by armies of bots and/or script kiddies each day.

That they’re getting previous your router to start with is a priority, however they’re not logged in.

The TTY000 and console logins are simply regular logins through your consumer on macOS. Right here, have a look at the same final output from my system; actual username redacted to nope for instance’s sake:

nope       ttys000                         Mon Aug 18 08:45   nonetheless logged in
nope       ttys000                         Mon Aug 18 08:40 - 08:40  (00:00)
nope       ttys000                         Mon Aug 18 08:40 - 08:40  (00:00)
nope       ttys000                         Mon Aug 18 08:22 - 08:22  (00:00)
nope       ttys000                         Mon Aug 18 08:21 - 08:21  (00:00)
[Repeated lines removed]
nope       ttys000                         Sat Aug  2 22:21 - 22:21  (00:00)
nope       ttys000                         Sat Aug  2 21:37 - 21:37  (00:00)
nope       ttys004                         Sat Aug  2 21:36 - 21:36  (00:00)
nope       ttys003                         Sat Aug  2 21:33 - 21:33  (00:00)
nope       ttys002                         Sat Aug  2 21:31 - 21:31  (00:00)
nope       ttys001                         Sat Aug  2 21:29 - 21:29  (00:00)
nope       ttys000                         Sat Aug  2 21:29 - 21:29  (00:00)
nope       ttys000                         Sat Aug  2 21:28 - 21:28  (00:00)
nope       ttys000                         Sat Aug  2 21:28 - 21:28  (00:00)
nope       ttys000                         Sat Aug  2 21:09 - 21:09  (00:00)
nope       ttys000                         Sat Aug  2 21:07 - 21:07  (00:00)
nope       ttys001                         Sat Aug  2 20:49 - 20:49  (00:00)
nope       ttys000                         Sat Aug  2 20:47 - 20:47  (00:00)
nope       ttys003                         Sat Aug  2 20:30 - 20:30  (00:00)
nope       ttys004                         Sat Aug  2 20:27 - 20:27  (00:00)
nope       ttys006                         Sat Aug  2 20:24 - 20:24  (00:00)
nope       ttys005                         Sat Aug  2 20:23 - 20:23  (00:00)
nope       ttys004                         Sat Aug  2 20:23 - 20:23  (00:00)
nope       ttys003                         Sat Aug  2 20:23 - 20:23  (00:00)
nope       ttys002                         Sat Aug  2 20:23 - 20:23  (00:00)
nope       ttys001                         Sat Aug  2 20:22 - 20:22  (00:00)
nope       ttys000                         Sat Aug  2 20:17 - 20:17  (00:00)
nope       ttys000                         Sat Aug  2 20:17 - 20:17  (00:00)
nope       ttys000                         Sat Aug  2 20:16 - 20:16  (00:00)
nope       ttys000                         Sat Aug  2 20:16 - 20:16  (00:00)
nope       console                         Sat Aug  2 20:10   nonetheless logged in

The road from Aug 18 that reads:

nope       ttys000                         Mon Aug 18 08:45   nonetheless logged in

…is me at the moment logged in to the Terminal. And the Aug 2 line:

nope       console                         Sat Aug  2 20:10   nonetheless logged in

…is after I rebooted my MacBook Air fully.

Which means, console is for macOS as an entire and stays the identical till restart/reboot. The opposite ttys000 entries are if you end up really logged in. The console session pertains to the OS state and the ttys000 pertains to the consumer state when the consumer is within the Terminal.

Reboot your machine to see this in motion. Once you do it is best to see a console and ttys000 on the identical precise date.

What you might be seeing is regular macOS conduct that you’re misinterpreting within the context of you being supposedly a “goal of a harassment and doxxing marketing campaign.”

Replace: In response to your current edit that asks:

“Tips on how to I work out what factor is inflicting that???”

The difficulty you might be asking about are unsuccessfully login makes an attempt like this:

opendirectoryd: (PlistFile) [com.apple.opendirectoryd:auth] Authentication failed for  (#): ODErrorCredentialsInvalid

To restate what I state above.

“There is perhaps hacking makes an attempt, however because the log entry says “Authentication failed…” I’d chalk this as much as makes an attempt to hack any IP handle on the earth by armies of bots and/or script kiddies. Any and each IP handle that’s uncovered to the Web will get scanned by armies of bots and/or script kiddies each day.

That they’re getting previous your router to start with is a priority, however they’re not logged in.”

The explanation these login makes an attempt (100% unsuccessful) is since you are connecting to a community or a router that’s no correctly blocking such try. Questions solely you may reply are:

• Is your macOS firewall energetic?
• Is the firewall in your router energetic?
• Are you connecting to a Wi-Fi hotspot that has questionable safety practices?

If any/all of those are in play that might create log entries with tons of unsuccessful login makes an attempt.

Once more…

You’re totally not being hacked or focused in any means, form or type.

You’re merely overanalyzing belongings you (truthfully) barely perceive and are projecting your fears into them. Please wind that down; you might be 100% protected.