Obscene ad posts on many web pages

Limnos you are awesome.

After I inputed the DNS servers you mentioned the vimax ads disappeared from Safari and all the normal ads run where they should on the page. Also, Firefox now runs at its normal, rapid speed.

I am curious what this means. I am not so proficient concerning networks -- I really don't know what all of this stuff does. I guess, most importantly, I would like to know if this means that there is still malware on my computer or if this means that there was never malware on my computer. Secondarily, I am interested in what a DNS server is and why inputting these two severs gets rid of the ads. Ya, but mostly I'd love to know whether or not this means my computer is clean.

Thanks so much.

That did it! Thanks so much. I never thought I'd be happy to see banner ads!

Computers don't really work with name addresses, they work with number addresses. A DNS (Directory Name Server) is a computer that acts like a telephone directory. You provide it with a name and it looks up the number and then directs you to the computer with that number. Many major internet service providers have their own DNS computer to serve their customers. Earlier this year somebody pointed out a vulnerability in the software being run by some ISPs. I don't have the reference but if you search for discussions earlier this year you will find reference to it as well as a website you can visit to see if your ISP is running the vulnerable software. The addresses I gave you are for a free DNS that runs a patch, suggesting it was indeed your ISP's DNS that may have been causing the problem due to somebody taking advantage of the vulnerability.

Web pages often have links that pull in things like ads from other web servers, so many addresses/numbers can be involved on a single page. What was probably happening was somebody didn't substitute bogus pages for all the addresses but just for a few. Say somebody has a page and they sell banner space for a company that provides ads, and when you load the page there is a bit of code that says go to 'Fred's Ad Company' for a banner. The hacker (or what you want to call it) says leave the rest of the page intact but instead of Fred's company being some number it really is, the person substitutes a number that takes you to one selling personal modification services.

Basically this isn't your computer, it is the DNS provided by your ISP.

What would concern me more is if your DNS was compromised then there could be risks to your security of online actions. A hacker could, for example, redirect you to a different page that looks identical to your bank's page when you log in to check your bank account online. They could then log you in to your bank and have you directed back to your real bank's page after collecting your information (account, password), without you even knowing it. For safety sake you might want to change passwords on any online accounts you use.

Again, this is not Apple or your computer or Mac software, it is your ISP's DNS and anybody is vulnerable to it if using an unsecured DNS.

To make a comparison, many people find it convenient not to have to pick up their telephone directories at the telephone company, or have to wait and sign for a delivery plus confirm it really is a telephone company representative making the delivery. They wait for the directory to appear on their doorstep. In theory somebody could substitute a fake directory so every time you phone pizza company X it really took you to a different company. What would be worse would be if you phoned a company and paid for something by credit card but it turned out not to be that company. They might even send you the thing you bought to cover their tracks, but then they have your credit card number.

I can't prove this is what is happening here, but there has been discussion of it over the past year.

When I put those DNS numbers into my network TCP-IP box,
I was unable to connect to Apple Discussions forums...

"OpenDNS Guide Blocked Domain"

Site blocked. discussions.apple.com is not allowed on this network.

This site was categorized as:

Chat, Software/Technology

http://block.opendns.com/?url=69748468868484748079841566818177701568807816747969 70891575848166&ablock

How can that be, you changed your DNS to OpenDNS
and you can post; but I can't? (And I had no previous
blocking nor any issues such as you've posted.)

So, I changed my DNS back to the defaults - and - it works... 🙂

Hmmm, I don't have any problem with it on several Macs!???

What happens if you put in...

209.18.37.226

When I enter that DNS (close to my IP address)
it does nothing; pages time out, open pages
won't connect. Nothing works online at all...!

Would this make a difference when using the
AirPort Extreme Base Station to connect via
ADSL, and have have the outgoing connection
shared behind the AEBS? Each has its own
special address behind the AEBS (10.x.x, etc.)

All of my browsers in use are the latest versions;
Firefox 3.x, Safari, Camino, Opera...

edited 2x

When I enter that DNS (close to my IP address)

OOPS, sorry for the lack of clarity, that nymber was supposed to go in your URL bar in a browser, not in DNS, these go in DNS Servers...

208.67.222.222
208.67.220.220

Then Apply.

Would this make a difference when using the AirPort Extreme Base Station to connect via ADSL, and have have the outgoing connection shared behind the AEBS?

It shouldn't. Did it work before?

The change of DNS numbers in the AirPort Extreme's admin utility panel
has seldom been a necessity; it shows in ghost numbers to the right of
the blank boxes, the ISP's default ones, though I have not entered them
into the primary (empty) boxes.

When I used the Open DNS numbers, only some web sites worked;
but Apple's did not. Some pages elsewhere did work; but Apple sites
gave a page with the information I previously posted; a no-connect
as quoted from the OpenDNS page.

The third (and singular) number was a no-go in a browser. It timed out.
And after refresh attempts led to nowhere, I decided to not try again.
209.18.37.226 - - http://209.18.37.226/

"Invalid URL
The requested URL "/", is invalid.

Reference #9.de2512d1.1228094948.0 "

And when I changed the default DNS (blank) to these two, I could not
visit any Apple Discussions or apple pages; some others did not work.
208.67.222.222
208.67.220.220

edited 2x

Are you working through some kind of Proxy?

Who's your ISP? Do the insist on PPPoE?

Message was edited by: BDAqua

TCP/IP using Ethernet over DHCP is how the AEBS is
set up to handle the ADSL; and I believe they changed
from PPPoE to DHCP or something a few years ago.

There is only one ISP in this area, they went from dialup
to something else, then now to DSL. A few other co's
have a long distance dial-in service, terribly slow, too.

arctic.net is the ISP, the company is now part of
American Broadband; nearly a continent removed.
There is no proxy involved at my end; only the
Apple Firewall turned on, nothing special, in OS X.

Hmmm, my guess if these...

DNS servers
banana.arctic.net [198.51.13.2]
pineapple.arctic.net [198.51.13.3]

do the job, then the ISP must be intercepting any DNS requests, or not forwarding them... but I've never heard of such a thing!?

Limnos--

I don't know who you are but that was the answer! Put the first set of numbers in the DNS box and all of the ads on CNN, BBC etc. went back to normal. Thanks a million. The Vimax stuff was making me crazy

Those are essentially the correct numbers
that automatically appear; or will work if I
still had to manually enter them.

So I'm not sure why that doesn't work;
but I am also glad I don't need it to.

Hurray - the obscene Vimax ads are gone, gone, gone! Thank you, thank you, thank you for your suggestion to change my DNS addresses to the ones you provided. Worked like a charm! This is after several months of frustration and five hours spent on line with a Symantec tech who in the end, almost $100 later, didn't have a clue how to fix the problem.

Welcome to Apple discussions Annej59, llmbogin. I'm glad you found the solution in this discussion. It's all things I pulled together from reading who others have posted here, so you can learn a lot just by reading topics here that interest you.

llmbogin: Just so you know, if you click on a person's identifier in the left column it will take you to a profile page where they may choose to post additional information about themselves.