Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mac OS X Proxy Changed


  • Please log in to reply
3 replies to this topic

#1 theguitarman

theguitarman

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 07 January 2016 - 10:06 PM

Hello,

 

I am currently using Mac OS X El Capitan 10.11.2 on a Macbook Pro laptop. Applications I have used today are Chrome, TunnelBear (which was off at the time) and Parallels to run Windows 7. I quit Chrome and then restarted because I received an "Unable to reach Proxy" error message when trying to load a new site. The error remained. I quickly discovered that only http traffic was trying to reach the proxy and failing, but https traffic was working just fine. I went to Network Settings, Wifi, Advanced, Proxies and saw that a Proxy had been setup for 127.0.0.1 port 62123 on http only. After removing that, web traffic returned to normal.

 

But now the question remains, how did this happen? Is this computer compromised?

 

Thanks in advance for the help.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:48 AM

Posted 09 January 2016 - 07:18 AM

You can check for opened/ unsecured ports at Port 62123 (tcp/udp) :: SpeedGuide

Click on the SG security scan: port 62123 and read the info.

 

Other than the above....can't help you with deciding if the computer is compromised or not. Possibly someone monitoring the

Mac OS Forum could give more info if you start a new topic in it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 derekderaps

derekderaps

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 14 April 2016 - 02:01 PM

... Applications I have used today are Chrome, TunnelBear (which was off at the time) and Parallels to run Windows 7 ...

@theguitarman, I stumbled on your post after going through the same process: Had internet connectivity issues, saw my Web Proxy was enabled... thought, "Is my Mac compromised?" My gut told me the culprit was Tunnelbear: either the "TCP override" or "GhostBear" options. I'm not exactly how either one works, but a local proxy would make sense. And probably a bug with TunnelBear means it didn't get turned off properly at some point. Given that you also use Tunnelbear and we had similar experiences, I'm satisfied that it is the culprit.

 

Hope that helps!

Derek in Atlanta.


Edited by derekderaps, 14 April 2016 - 02:01 PM.


#4 theguitarman

theguitarman
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 14 April 2016 - 02:12 PM

... Applications I have used today are Chrome, TunnelBear (which was off at the time) and Parallels to run Windows 7 ...

@theguitarman, I stumbled on your post after going through the same process: Had internet connectivity issues, saw my Web Proxy was enabled... thought, "Is my Mac compromised?" My gut told me the culprit was Tunnelbear: either the "TCP override" or "GhostBear" options. I'm not exactly how either one works, but a local proxy would make sense. And probably a bug with TunnelBear means it didn't get turned off properly at some point. Given that you also use Tunnelbear and we had similar experiences, I'm satisfied that it is the culprit.
 
Hope that helps!
Derek in Atlanta.

Thanks, Derek!

I originally contacted TunnelBear support suspecting the same thing. They initially said that is was not TunnelBear. I cleared my computer and methodically installed software, and I did confirm that it was TunnelBear!

I elevated my support ticket and TunnelBear did confirm that Vigilant mode does setup this proxy to redirect traffic until your connection is secure. You are correct, there was a glitch somehow that left the proxy enabled on my computer, but turning TunnelBear on/off could have fixed it.

To summarize for all who encounter this issue, it is indeed caused by TunnelBear and I am confident that this was not malicious and my computer was not compromised. Hope that helps




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users