10/23/15

Slow Mac - What's going on?

Recently I've had two instances where my Mac just wouldn't respond. It was frozen. I clicked links and typed commands, but nothing would work. Since I run a great application called iStat Menus I could tell my CPU was running at maximum and I didn't have any resources left to do what I wanted. So how do you figure out what's going on and what do you do?  Good question! I'm glad you asked.





Apple provides a great application called Activity Monitor. If you have never used it, it's located in the utilities folder. It will show you all of your open applications and running process, how much CPU they are using, the amount of RAM being consumed, energy used as well as disk and network activity. 

In my case I found that a process called "storeassetd" was using 99% of my CPU. A lot of digging around the Internet finally revealed that this process is associated with the Apple Mac App store. looking at it, I guess the name makes sense. Somehow, when I was updating my Mac applications, the App store process didn't stop when I quit the software update. 

To fix the problem and stop the runaway activity you just highlight the application and click on the stop sign icon in the upper left.



The second instance of runaway CPU was a little more nefarious. I was being attacked by a hacker.



Again I was investigating why my Mac was running slowly and discovered that this time the responsible process was "opendirectoryd"  Being a UNIX admin I knew this was the LDAP login authentication process UNIX uses...WTF? This is where Apple's Console application comes in handy. 

Console is the application that allows you to look at all of the log files the Mac keeps. I fired up Console, did a little digging and found this:



Page after page of someone trying to log into my Mac as root. Hundreds of attempts per second!! No wonder my poor Mac was having trouble. 

I realized what had happened almost immediately. The previous week I had needed to access my Mac while away from home and had allowed remote login in the System Preferences Sharing configuration menu.  Since I have multiple Macs I had also set up my Airport router to forward all ssh requests to my iMac so I could log in to the correct Mac. The fix was just as easy. Shut down the ssh port on my Mac and remove the Airport Port forward using Airport Utility.

The moral of this story is to be vigilant. If you have a problem, if your Mac is running slowly and you don't know why, do a little investigation. It could just be a hung application (like my App Store process) or it could be something much much worse.

7 comments:

  1. Thank you so much Bruce! I have been plagued with this for weeks and all the support.apple stuff was garbage. I was rebooting several times a day to no avail! Once I turned off remote login I got my CPU back! Thanks a million!

    ReplyDelete
  2. Hello Bruce,

    Thanks for the info. My MacBook Pro was running great just a few minutes ago, and then without flipping a switch, its processes tanked. IN my case it was storeassetd.

    ON the note of protecting my Mac from outside malicious forces, can you recommend any program that would sweep my computer and shine a light on what is really happening. I am connected to the internet almost 24/7 for my job, but stick to the real common sites, Google applications, etc.

    I know that it has been awhile since you wrote this, so thank you for any help you can offer.

    -Tom

    ReplyDelete
  3. I hate it when my own blog deletes MY comment! So Thomas good to hear from you. Protecting your Mac from outside sources is more of a challenge these days but still relatively safe if you take some basic precautions.

    • Start by limiting access to your computer both physical and virtual.
    • Don't use an admin account for your everyday work.
    • Use a VERY good password for your account and the admin account you set up.
    • Make sure that you lock down your router and don't forward any ports unless you absolutely need it.
    • If you do need to forward some ports to a specific Mac make sure you monitor that Mac by checking your log files at least weekly
    • Download a utility like DetectX (http://sqwarq.com/detectx/) that can scan for key loggers, adware & malware and hidden executables. It's Free!
    • Lastly, just be vigilant!

    Hope that helps.

    Bruce

    ReplyDelete
  4. FWIW, whenever I setup a Mac or after installing an OS X update, I always check /etc/ssh/sshd_config.

    Then I disable Root SSH access and disable password authentication, and only permit key based SSH. That way in case you do forget to turn off remote login you can rest considerably more securely

    ReplyDelete
  5. Thanks for sharing this information about Amazon kindle support and kindle help for the Many issue.
    amazon kindle support.

    ReplyDelete
  6. I have also used software that creates firewall rules blocking any IP address after 3 failed SSH login attempts. Block times start at a few minutes and progressively increase. I don't recall the name of the software but I found it after a Google search. Combine that with Mezza's suggestion and you're in reasonably good shape.

    ReplyDelete
  7. I have deleted the storeassetd process in the activity table and radiputz the thing disappeard. Good method?

    ReplyDelete