Was my LibreOffice hacked or accessed by outside third party?

[Iklatenk]

I have dynamic/changing IP address. It changes after every restart/shutdown - something I need to note now.

I had LibreOffice open, when my Mac encountered problem and had to be forced to shut down. I turned it back on, opened LibreOffice and got this window titled LibreOffice 5.1:


Either another instance of LibreOffice is accessing your personal settings or your personal settings are locked. Simultaneous access can lead to inconsistencies in your personal settings. Before continuing, you should make sure user [insert my user name] closes LibreOffice on host [ip adress and my ISP provider]
Do you really want to continue?


First I was scared from seeing words "another instance accessing", but as the IP address displayed resembled one of my own, I performed an experiment. I made snapshot of my current IP address, then forcibly shut Mac down one more time, turned it on and opened LibreOffice to get another one of those windows.

I compared IP addresses: The IP address I had before forcibly shutting down was the same the alert window had.

So, is it logical to conclude that when LibreOffice is open and Mac is forcibly shut down, it memorizes the IP address Mac had during shut down, then keeps it in memory and when Mac is turned on again with new IP address, Libre Office still holds to that previous IP address?

And that the first time it happened, where I couldn't compare IPs, it was the same issue - as I have not encountered this problem ever again after that time.

Chance of anything malicious going in should therefore be impossible?

One of the replies in here:
https://ask.libreoffice.org/en/question/25236/disturbing-error-message/
Says that:

"Unless you are 'myname' in that error message, then you need a firewall installing (possibly a good idea anyway)."


Problem is, I do not know if the IP address first time had been mine or maybe someone from same ISP provider, accessing my LibreOffice. The following experiment following this event showed that forced shut down does make Libre Office remember the IP address Mac had before forced shut down.

What I need to know is, how likely is it that the first time was someone accessing/hacking my LibreOffice or is that impossible?

 

[MacInWin]

1. Don't forcibly shutdown the Mac if at all possible. That is NOT good as it leaves many items in cache still active and the next boot picks up that cached stuff that may or may not apply. If you absolutely have to do a forcible shut down, then on the next boot, do a safe boot first, run DU to check the drive and then you can reboot normally. You should also anticipate that even after that routine you will see cache-related strangeness sometimes. Forcible shut downs are brutal.

2.

So, is it logical to conclude that when LibreOffice is open and Mac is forcibly shut down, it memorizes the IP address Mac had during shut down, then keeps it in memory and when Mac is turned on again with new IP address, Libre Office still holds to that previous IP address?

No, not in memory as that is powered down at the shut down, but it is entirely possible that in some cached data on the HD the IP number was kept from the previous boot. Normally that gets cleared out when doing a proper shutdown, but forcing the system off without the opportunity to clean things up leaves the cache full, which is then re-read by the restarted LibreOffice, leading to the kind of thing you are seeing.

I don't know why LO thinks it needs the IP number of your system. I don't use LO and now, based on what you are saying, I won't in the future. NO application except maybe a browser needs to know the IP number. But given that LO seems to think it needs to cache that information, every time you do a forced shut down, you'll see that message.

Just don't forcibly power off the Mac unless you really, really, really have to.

 

[Iklatenk]

1. Don't forcibly shutdown the Mac if at all possible. That is NOT good as it leaves many items in cache still active and the next boot picks up that cached stuff that may or may not apply. If you absolutely have to do a forcible shut down, then on the next boot, do a safe boot first, run DU to check the drive and then you can reboot normally. You should also anticipate that even after that routine you will see cache-related strangeness sometimes. Forcible shut downs are brutal.

Do You have any advice for those rare cases, where Mac just freezes and nothing moves, nothing works? So far Forced Shutdown is only thing that helped me to get out from it. I haven't found any key combinations or such.

Does Forced Shut down damage apps permanently? OSx? Or what about Hard Drive? I hated doing it, but I got stuck with non-responsive computer...

2.No, not in memory as that is powered down at the shut down, but it is entirely possible that in some cached data on the HD the IP number was kept from the previous boot. Normally that gets cleared out when doing a proper shutdown, but forcing the system off without the opportunity to clean things up leaves the cache full, which is then re-read by the restarted LibreOffice, leading to the kind of thing you are seeing.

I don't know why LO thinks it needs the IP number of your system. I don't use LO and now, based on what you are saying, I won't in the future. NO application except maybe a browser needs to know the IP number. But given that LO seems to think it needs to cache that information, every time you do a forced shut down, you'll see that message.

Just don't forcibly power off the Mac unless you really, really, really have to.

Huh... the IP address thing is that serious? I thought it was strange, but LibreOffice is so well know and googe now didn't show any results about people complaining about IP address thing. Now I'm worried. The exact wording was

closes LibreOffice on host [xxxx.cable.ISPname.com]


First xxxx being IP address numbers, then the word "cable", then the name of the company and then the domain letters.

 

[pm-r]

It seems to be an ongoing thing if you want to check some of the other posts that a google search provides:
https://www.google.ca/search?client...-8&oe=UTF-8&gfe_rd=cr&ei=BR9TWPn9Mc_M8gfOyqko

 

[Iklatenk]

It seems to be an ongoing thing if you want to check some of the other posts that a google search provides:
https://www.google.ca/search?client...-8&oe=UTF-8&gfe_rd=cr&ei=BR9TWPn9Mc_M8gfOyqko

Oh, didn't think about using such search combination. Thank you!
Seems like those people have more consistent problem. Not certain if mine being this one time thing is more worrysome or good. But no one seems to be worried about LibreOffice knowing their IP address. I don't know what to think about this.

 

[pm-r]

But no one seems to be worried about LibreOffice knowing their IP address. I don't know what to think about this

I wouldn't worry about it and lots of stuff knows lots of info about your Mac once it's connected to the Internet.

Not much difference than having your phone number listed in some phone book(s) or the listed address of your home.






- Patrick
==========

 

[MacInWin]

Do You have any advice for those rare cases, where Mac just freezes and nothing moves, nothing works? So far Forced Shutdown is only thing that helped me to get out from it. I haven't found any key combinations or such.

Does Forced Shut down damage apps permanently? OSx? Or what about Hard Drive? I hated doing it, but I got stuck with non-responsive computer...

If truly "nothing" works, then sometimes a forced shutdown may be needed. I think I've done that 2-3 times in the last five years. But far too many people just assume the machine is unresponsive way too soon. In fact, it would be better to disconnect from mains and wait for the battery to die. The OS should sense the battery dying and start closing things. CMD-Tab may work to allow you to change from a stuck app to one that works and from there shutdown properly. I also keep Activity Monitor running in the background, and CMD-Tab to that will let me see what application, if any, is not responding and kill just that one application. All of those actions can and should be taken before you reach for the power switch.

A forcible shut down can leave some applications in strange states that will show up when you reboot and restart the app(witness what happens with LibreOffice, Word will also show "recovered" documents, etc.), but unless the application is in the critical task of writing out a critical file to the drive when the power dies, it probably won't damage the app. The hard drive is more at risk, because it may be busy with either a foreground task or a background task (like Time Machine), and if the power dies as it is updating something critical, like the directory, then the drive may well be unusable until it is reformatted (and you lose everything on it in that process).

So try to avoid the forcible shut down at all, or at least keep it to a "once in a blue moon" event. It's like Russian Roulette. You might get away with it for a long time, but the consequences can be dire.

As far as the IP is concerned, it's true that lots of applications track the IP number, and lots of information is tied to it. But when an app that has no reason to track it, like LibreOffice, does track it, then I ditch the application. I don't like it when developers do things like that. It's a bit like watching someone walk through the parking lot and stopping to look through the windows of your car. It may, and most likely is, innocent, but the first thing that comes to mind is, "Why?"

 

[pm-r]

But when an app that has no reason to track it, like LibreOffice, does track it, then I ditch the application

Or download and use some apps like "Little Snitch" and have some control over things.

https://www.obdev.at/products/littlesnitch/index.html





- Patrick
==========

 

[MacInWin]

If you use Little Snitch, be prepared to be inundated with reports of activity. It's almost too much.

 

[chscag]

Also note that "Little Snitch" is no longer free. A single license is now $34.95 and their web site makes no mention of supporting Sierra. The latest update they have posted is for El Capitan. And I agree with Jake about it being too much.

 

[pm-r]

To each their own choice I'd say regarding Little Snitch…

And in case some may not know what it can do:
Lot of apps on your mac may connect to outside servers without your permission. Sometimes this leads to sending out your presonal data. This handy application works like firewall. It monitors and prevents all the connections to outside servers. When applicaiton installed on your mac tries to “phone home” without your persmission , Little Snitch alerts you and terminates the connection. It displays new warning window with “allow” or “deny” options. With the help of Little Snitch network monitor you may determine which apps use network connection. It provides additional network and privacy protection.

And BTW:
What's New

Version 3.7.1:
Further improved compatibility with macOS 10.12 Sierra. (bold mine)
Fixed a crashing issue in the Known Networks window of Little Snitch Configuration.
When a connection attempt is allowed or denied automatically (according to Preferences > Alert > Confirm connection alert automatically) a user notification is now shown. This allows you to review those automatically handled
More…
https://www.macupdate.com/app/mac/10426/little-snitch

And yes, like most good apps, it does take a bit of user setup and configuration at first, but that can easily be overcome reading the developer's setup suggestions.

Just a suggestion and a user's choice I'd say…


PS:
Little Snitch3.7.1
Little Snitch offers a free, built-in demo mode that provides the same protection and functionality as the full version. The demo runs for three hours, and it can be restarted as often as you like. The Network Monitor expires after 30 days.

Runs on OS X Yosemite (10.10) and later, including macOS Sierra (10.12).
https://www.obdev.at/products/littlesnitch/download.html

I can't recall if even the LittleSnitch v.2.5.x of May 2012 era was even totally free.

And yes, one always has other choices.






- Patrick
==========

 

[MacInWin]

If Little Snitch sounds good, do not get it from macupdate.com. They have started bundling crapware with their downloads. Go to the developer site.

 

[pm-r]

If Little Snitch sounds good, do not get it from macupdate.com. They have started bundling crapware with their downloads. Go to the developer site.

Hmmm… not quite always 100% correct, but regardless of the details, using the developer's site is always a preferred source.

And do check that the correct compatible version is actually being downloaded to install.






- Patrick
==========

 

[MacInWin]

Patrick, I'm not sure what you mean by "not quite always 100% correct," but here is a thread that backs up what I said:

http://www.mac-forums.com/os-x-apps...rogramming-macupdate.html?highlight=macupdate

macupdate.com used to be a great site, but recently it's a crapshoot. Some downloads have "bundled" crapola, others don't. It's not worth the risk if other sites exist (and they always do).

 

[Iklatenk]

Thank you all very much for this information!

 

[pm-r]

Patrick, I'm not sure what you mean by "not quite always 100% correct,

Just do some update checking as to how some macupdate downloads work and what and how some possible "extras" might get included for installation.

Most in my experience have been very obvious if and when they might have occurred, and the option is in the install if one reads even bothers to read it.

And maybe even have a read here:
http://www.thesafemac.com/is-downloading-from-the-developers-site-safe/






- Patrick
==========

 

[MacInWin]

Yep, nowhere is absolutely safe. But macupdate.com is a repeat offender, so it goes in the "nope" category. For now, developers have been OK for me, and I do use the Mac App Store, but I do avoid the "aggregators" like macupdate.com and softonic and downloads and cnet and...