Httpd hacks ?
Hi everyone, new user here hoping from some experts insight.
I've had wifi security problems recently and switched to ethernet to connect my mac. Nonetheless I still activate wifi for my phone on a limited basis. When I do I have a 30 characters key, mixing letters, numbers and punctuation.
After forgetting to switch wifi off I came back home and noticed I forgot my Wifi on. Before disconnecting I checked if anything was connected to my router, and the MAC address of my phone was registered. But the router had not given an IP address to it and instead it was "undefined". I know this kind of thing can happen when 2 devices share the same MAC address and i thought maybe another intrusion was going on or had been going on.
I switched off Wifi and got back to my computer to check what connections were active. Among the normal processes, HTTPD, one that's not normally active on my mac, was sending upload traffic from my mac IP address. The traffic was almost at full throttle with no pause.
In Pref/system, no sharing was checked, as usual. And still httpd was very much active. I also have no httpd.conf file to check on my mac, or I didnt find it. I have never activated an apache server.
I decided to reboot and since then everything's back to normal, no httpd has been active since.
Anyone can share some light or ideas on what could be happening ?
I seen such behaviour on Linux systems, it can be a camounflaged process. Most liekly a IRC bot or something.
You can try to search with "find" on terminal for a binary called httpd and cheack that, if you see the traffic again try "lsof" and grep for TCP to see what is going on. Hope that helps.