You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Fixing a hacked /etc/hosts file

Last modified: Jan 27, 2020 8:14 AM
22 46200 Last modified Jan 27, 2020 8:14 AM

The majority of complaints about slow Macs also include a hacked hosts file. This file provides a way to redirect internet domain name lookups. There are three primary reasons for modifying this file:


  1. Developing internet services on your Mac. Developers can add entries like www.myhost.com that redirect back to localhost. This allows them to develop a web site for www.myhost.com and test it while running on their Mac. No one on the internet will see the version of the site under development. Then, when it is perfect, they can publish it to the real www.myhost.com server for everyone else to see. This is what the /etc/hosts file was designed to do. Someone using it in this fashion might have 5 entries in the file.
  2. A crude internet filter. There are web sites promoting the use of /etc/hosts to block certain "undesireable" websites by redirecting them to a non-functional server. What is "undesireable" you ask? Good question. You will have to ask the people who are pushing that list. This is not a valid use of the /etc/hosts file. It was not designed for this. Someone using it in this fashion might have 2000 entries in the file.
  3. To pirate software. Many expensive software packages, primarily Adobe and Microsoft products, will "phone home" to their corporate offices to verify that the software being used on someone's Mac is a valid and properly licensed version of the software. This is not a valid use of the /etc/hosts file. It was not designed for this. Someone using it in this fashion might have 23 entries in the file.
  4. For other miscellaneous hacks. I can't go into detail about this one. In some situations, these hacks can be perfectly legal. But this User Tip is not about individual rights, it is about undoing hacks that may be making your Mac very slow.


This User Tip is concerned with item #3 above. "What's the harm?", you might ask. Adobe is a rich company. I need the software for work. The license fees are way too expensive. To this, I respond, "then why are you here?" If you are here on Apple Support Communities asking for help with a slow Mac, something isn't right. Is this hacked software the cause? The Apple Support Communities Terms of Use require us to test our solutions before using them to help other people. But in order to test this, we would have to install thousands of dollars worth of pirated software and use it on a regular basis to see how it behaves. We aren't going to do that.


Plus, hacked software often includes a variety of malware like adware, command and control bots, or true viruses. If you provide your password to install the hacked software, you are giving it, and the malware, full control over your machine and all of your data. Encrypting your data will not help.


If a Mac has been hacked in this way to run pirated software, and the user is complaining about a slow Mac, it is safe to assume that at least some software on the system is not running properly. We know that because it has been hacked to keep it (or at least the license management portion) from running properly. The first step to fixing a poorly performing machine is to fix obvious problems like this one. Unfortunately, most people who hack their system in this way use instructions posted on the internet and they don't know how to undo the damage. This User Tip will explain how to do that.


  1. The first step is always to uninstall any pirated software. Do that before undoing your hack because you may need it working in order to uninstall it. Use only vendor-provided uninstaller or uninstallation instructions. Never delete files by hand. You could leave your Mac in worse shape than when you started.
  2. Download BBEdit (https://www.barebones.com/products/bbedit/) from Bare Bones Software. There are other programs you could use, but if you know what they are and how to use them, then you probably don't need this User Tip to begin with.
  3. Launch BBEdit.
  4. In BBEdit, choose File > Open...When the Open box appears, hold down the Shift key, the Command ⌘ key, and type the G key.
  5. In the Go to the folder: sheet that appears, type: “/etc” (without the quotes) and click the Go button.
  6. Click the Options button.
  7. Check the Show Hidden Items checkbox.
  8. Find the hosts file and click the Open button.
  9. At this point, BBEdiy may ask you to install a helper file and/or unlock the file. Click the Unlock button. To install the helper tool, you will have to provide an administrator user name and password. Normally I strongly discourage people from doing this. But in this case, we have to undo a hack, so there is no alternative.
  10. Select the following text and choose Edit > Copy from Safari's menu (or from whatever web browser you are using).


##

# Host Database

#

# localhost is used to configure the loopback interface

# when the system is booting.  Do not change this entry.

##

127.0.0.1 localhost

255.255.255.255 broadcasthost

::1             localhost


  1. In BBEdit, choose Edit > Select All and then choose Edit > Paste. The contents of the BBEdit window should be the same as the text above. If not, close the BBEdit window without saving and start over. Do NOT save.
  2. If the contents of the BBEdit window are the same as the text above, choose File > Save.Quit BBEdit.


At this point, the hacks should be undone. There is no need to restart your machine, but it would probably be a good idea anyway.


Will this make your machine faster? There is no way to tell. It will, at least, allow people to continue to help you here on Apple Support Communities.

Comments

Jan 27, 2020 8:14 AM

Above example is seemingly missing the IPv6 link local address range FE80 entry that is commonly included:


127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost 
fe80::1%lo0 localhost

Jan 27, 2020 8:14 AM

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.