Currently Being Moderated

Fixing a hacked /etc/hosts file

The majority of complaints about slow Macs also include a hacked hosts file. This file provides a way to redirect internet domain name lookups. There are three primary reasons for modifying this file:

 

  1. Developing internet services on your Mac. Developers can add entries like www.myhost.com that redirect back to localhost. This allows them to develop a web site for www.myhost.com and test it while running on their Mac. No one on the internet will see the version of the site under development. Then, when it is perfect, they can publish it to the real www.myhost.com server for everyone else to see.
    This is what the /etc/hosts file was designed to do. Someone using it in this fashion might have 5 entries in the file.
  2. A crude internet filter. There are web sites promoting the use of /etc/hosts to block certain "undesireable" websites by redirecting them to a non-functional server. What is "undesireable" you ask? Good question. You will have to ask the people who are pushing that list.
    This is not a valid use of the /etc/hosts file. It was not designed for this. Someone using it in this fashion might have 2000 entries in the file.
  3. To pirate software. Many expensive software packages, primarily Adobe and Microsoft products, will "phone home" to their corporate offices to verify that the software being used on someone's Mac is a valid and properly licensed version of the software.
    This is not a valid use of the /etc/hosts file. It was not designed for this. Someone using it in this fashion might have 23 entries in the file.
  4. For other miscellaneous hacks. I can't go into detail about this one. In some situations, these hacks can be perfectly legal. But this User Tip is not about individual rights, it is about undoing hacks that may be making your Mac very slow.

This User Tip is concerned with item #3 above. "What's the harm?", you might ask. Adobe is a rich company. I need the software for work. The license fees are way too expensive. To this, I respond, "then why are you here?" If you are here on Apple Support Communities asking for help with a slow Mac, something isn't right. Is this hacked software the cause? The Apple Support Communities Terms of Use require us to test our solutions before using them to help other people. But in order to test this, we would have to install thousands of dollars worth of pirated software and use it on a regular basis to see how it behaves. We aren't going to do that.

 

Plus, hacked software often includes a variety of malware like adware, command and control bots, or true viruses. If you provide your password to install the hacked software, you are giving it, and the malware, full control over your machine and all of your data. Encrypting your data will not help.

 

If a Mac has been hacked in this way to run pirated software, and the user is complaining about a slow Mac, it is safe to assume that at least some software on the system is not running properly. We know that because it has been hacked to keep it (or at least the license management portion) from running properly. The first step to fixing a poorly performing machine is to fix obvious problems like this one. Unfortunately, most people who hack their system in this way use instructions posted on the internet and they don't know how to undo the damage. This User Tip will explain how to do that.

 

  1. The first step is always to uninstall any pirated software. Do that before undoing your hack because you may need it working in order to uninstall it. Use only vendor-provided uninstaller or uninstallation instructions. Never delete files by hand. You could leave your Mac in worse shape than when you started.
  2. Download BBEdit (https://www.barebones.com/products/bbedit/) from Bare Bones Software. 
    There are other programs you could use, but if you know what they are and how to use them, then you probably don't need this User Tip to begin with.
  3. Launch BBEdit
  4. In BBEdit, choose File > Open...
  5. When the Open box appears, hold down the Shift key, the Command ⌘ key, and type the G key.
  6. In the Go to the folder: sheet that appears, type:
    /etc
    and click the Go button
  7. Change the Enable: field to say Everything.
  8. Find the hosts file and click the Open button.
  9. At this point, TextWrangler may ask you to install a helper file and/or unlock the file. Click the Unlock button. To install the helper tool, you will have to provide an administrator user name and password. Normally I strongly discourage people from doing this. But in this case, we have to undo a hack, so there is no alternative.
  10. Select the following text and choose Edit > Copy from Safari's menu (or from whatever web browser you are using).
    ##
    # Host Database
    #
    # localhost is used to configure the loopback interface
    # when the system is booting.  Do not change this entry.
    ##
    127.0.0.1     localhost
    255.255.255.255     broadcasthost
    ::1             localhost 
    
  11. In BBEdit, choose Edit > Select All and then choose Edit > Paste. The contents of the BBEdit window should be the same as the text above. If not, close the BBEdit window without saving and start over. Do NOT save.
  12. If the contents of the BBEdit window are the same as the text above, choose File > Save.
  13. Quit BBEdit.

 

At this point, the hacks should be undone. There is no need to restart your machine, but it would probably be a good idea anyway.

 

Will this make your machine faster? There is no way to tell. It will, at least, allow people to continue to help you here on Apple Support Communities.

Replies

  • 0 Replies:

Delete User Tip

Are you sure you want to delete this user tip?