Previous 1 2 3 Next 37 Replies Latest reply: Dec 22, 2008 3:07 PM by BDAqua Go to original post
  • Limnos Level 8 (46,040 points)
    Some DNS have been hijacked at the DNS. In other words they are the ones directing you to a false web site. Try putting these DNS addresses into your Preferences>Network>TCP/IP>DNS Servers:

    This is OpenDNS which I believe has been patched against this vulnerability. not all ISP DNS have this patch.
  • KyleMac Level 1 (0 points)
    Limnos you are awesome.

    After I inputed the DNS servers you mentioned the vimax ads disappeared from Safari and all the normal ads run where they should on the page. Also, Firefox now runs at its normal, rapid speed.

    I am curious what this means. I am not so proficient concerning networks -- I really don't know what all of this stuff does. I guess, most importantly, I would like to know if this means that there is still malware on my computer or if this means that there was never malware on my computer. Secondarily, I am interested in what a DNS server is and why inputting these two severs gets rid of the ads. Ya, but mostly I'd love to know whether or not this means my computer is clean.

    Thanks so much.
  • Whit555 Level 1 (0 points)
    That did it! Thanks so much. I never thought I'd be happy to see banner ads!
  • Limnos Level 8 (46,040 points)
    Computers don't really work with name addresses, they work with number addresses. A DNS (Directory Name Server) is a computer that acts like a telephone directory. You provide it with a name and it looks up the number and then directs you to the computer with that number. Many major internet service providers have their own DNS computer to serve their customers. Earlier this year somebody pointed out a vulnerability in the software being run by some ISPs. I don't have the reference but if you search for discussions earlier this year you will find reference to it as well as a website you can visit to see if your ISP is running the vulnerable software. The addresses I gave you are for a free DNS that runs a patch, suggesting it was indeed your ISP's DNS that may have been causing the problem due to somebody taking advantage of the vulnerability.

    Web pages often have links that pull in things like ads from other web servers, so many addresses/numbers can be involved on a single page. What was probably happening was somebody didn't substitute bogus pages for all the addresses but just for a few. Say somebody has a page and they sell banner space for a company that provides ads, and when you load the page there is a bit of code that says go to 'Fred's Ad Company' for a banner. The hacker (or what you want to call it) says leave the rest of the page intact but instead of Fred's company being some number it really is, the person substitutes a number that takes you to one selling personal modification services.

    Basically this isn't your computer, it is the DNS provided by your ISP.

    What would concern me more is if your DNS was compromised then there could be risks to your security of online actions. A hacker could, for example, redirect you to a different page that looks identical to your bank's page when you log in to check your bank account online. They could then log you in to your bank and have you directed back to your real bank's page after collecting your information (account, password), without you even knowing it. For safety sake you might want to change passwords on any online accounts you use.

    Again, this is not Apple or your computer or Mac software, it is your ISP's DNS and anybody is vulnerable to it if using an unsecured DNS.

    To make a comparison, many people find it convenient not to have to pick up their telephone directories at the telephone company, or have to wait and sign for a delivery plus confirm it really is a telephone company representative making the delivery. They wait for the directory to appear on their doorstep. In theory somebody could substitute a fake directory so every time you phone pizza company X it really took you to a different company. What would be worse would be if you phoned a company and paid for something by credit card but it turned out not to be that company. They might even send you the thing you bought to cover their tracks, but then they have your credit card number.

    I can't prove this is what is happening here, but there has been discussion of it over the past year.
  • K Shaffer Level 6 (11,885 points)
    When I put those DNS numbers into my network TCP-IP box,
    I was unable to connect to Apple Discussions forums...

    "OpenDNS Guide Blocked Domain"

    Site blocked. is not allowed on this network.

    This site was categorized as:

    Chat, Software/Technology 70891575848166&ablock

    How can that be, you changed your DNS to OpenDNS
    and you can post; but I can't? (And I had no previous
    blocking nor any issues such as you've posted.)

    So, I changed my DNS back to the defaults - and - it works...
  • BDAqua Level 10 (121,630 points)
    Hmmm, I don't have any problem with it on several Macs!???

    What happens if you put in...
  • K Shaffer Level 6 (11,885 points)
    When I enter that DNS (close to my IP address)
    it does nothing; pages time out, open pages
    won't connect. Nothing works online at all...!

    Would this make a difference when using the
    AirPort Extreme Base Station to connect via
    ADSL, and have have the outgoing connection
    shared behind the AEBS? Each has its own
    special address behind the AEBS (10.x.x, etc.)

    All of my browsers in use are the latest versions;
    Firefox 3.x, Safari, Camino, Opera...

    edited 2x
  • BDAqua Level 10 (121,630 points)
    When I enter that DNS (close to my IP address)

    OOPS, sorry for the lack of clarity, that nymber was supposed to go in your URL bar in a browser, not in DNS, these go in DNS Servers...

    Then Apply.

    Would this make a difference when using the AirPort Extreme Base Station to connect via ADSL, and have have the outgoing connection shared behind the AEBS?

    It shouldn't. Did it work before?
  • K Shaffer Level 6 (11,885 points)
    The change of DNS numbers in the AirPort Extreme's admin utility panel
    has seldom been a necessity; it shows in ghost numbers to the right of
    the blank boxes, the ISP's default ones, though I have not entered them
    into the primary (empty) boxes.

    When I used the Open DNS numbers, only some web sites worked;
    but Apple's did not. Some pages elsewhere did work; but Apple sites
    gave a page with the information I previously posted; a no-connect
    as quoted from the OpenDNS page.

    The third (and singular) number was a no-go in a browser. It timed out.
    And after refresh attempts led to nowhere, I decided to not try again. - -

    "Invalid URL
    The requested URL "/", is invalid.

    Reference #9.de2512d1.1228094948.0 "

    And when I changed the default DNS (blank) to these two, I could not
    visit any Apple Discussions or apple pages; some others did not work.

    edited 2x
  • BDAqua Level 10 (121,630 points)
    Are you working through some kind of Proxy?

    Who's your ISP? Do the insist on PPPoE?

    Message was edited by: BDAqua
  • K Shaffer Level 6 (11,885 points)
    TCP/IP using Ethernet over DHCP is how the AEBS is
    set up to handle the ADSL; and I believe they changed
    from PPPoE to DHCP or something a few years ago.

    There is only one ISP in this area, they went from dialup
    to something else, then now to DSL. A few other co's
    have a long distance dial-in service, terribly slow, too. is the ISP, the company is now part of
    American Broadband; nearly a continent removed.
    There is no proxy involved at my end; only the
    Apple Firewall turned on, nothing special, in OS X.
  • BDAqua Level 10 (121,630 points)
    Hmmm, my guess if these...

    DNS servers [] []

    do the job, then the ISP must be intercepting any DNS requests, or not forwarding them... but I've never heard of such a thing!?
  • llmbogin Level 1 (0 points)

    I don't know who you are but that was the answer! Put the first set of numbers in the DNS box and all of the ads on CNN, BBC etc. went back to normal. Thanks a million. The Vimax stuff was making me crazy
  • K Shaffer Level 6 (11,885 points)
    Those are essentially the correct numbers
    that automatically appear; or will work if I
    still had to manually enter them.

    So I'm not sure why that doesn't work;
    but I am also glad I don't need it to.
  • annj59 Level 1 (0 points)
    Hurray - the obscene Vimax ads are gone, gone, gone! Thank you, thank you, thank you for your suggestion to change my DNS addresses to the ones you provided. Worked like a charm! This is after several months of frustration and five hours spent on line with a Symantec tech who in the end, almost $100 later, didn't have a clue how to fix the problem.