10359 Views Previous 1 2 3 Next 37 Replies Latest reply: Dec 22, 2008 3:07 PM by BDAqua Go to original post
Some DNS have been hijacked at the DNS. In other words they are the ones directing you to a false web site. Try putting these DNS addresses into your Preferences>Network>TCP/IP>DNS Servers:
This is OpenDNS which I believe has been patched against this vulnerability. not all ISP DNS have this patch.
Limnos you are awesome.
After I inputed the DNS servers you mentioned the vimax ads disappeared from Safari and all the normal ads run where they should on the page. Also, Firefox now runs at its normal, rapid speed.
I am curious what this means. I am not so proficient concerning networks -- I really don't know what all of this stuff does. I guess, most importantly, I would like to know if this means that there is still malware on my computer or if this means that there was never malware on my computer. Secondarily, I am interested in what a DNS server is and why inputting these two severs gets rid of the ads. Ya, but mostly I'd love to know whether or not this means my computer is clean.
Thanks so much.
Computers don't really work with name addresses, they work with number addresses. A DNS (Directory Name Server) is a computer that acts like a telephone directory. You provide it with a name and it looks up the number and then directs you to the computer with that number. Many major internet service providers have their own DNS computer to serve their customers. Earlier this year somebody pointed out a vulnerability in the software being run by some ISPs. I don't have the reference but if you search for discussions earlier this year you will find reference to it as well as a website you can visit to see if your ISP is running the vulnerable software. The addresses I gave you are for a free DNS that runs a patch, suggesting it was indeed your ISP's DNS that may have been causing the problem due to somebody taking advantage of the vulnerability.
Web pages often have links that pull in things like ads from other web servers, so many addresses/numbers can be involved on a single page. What was probably happening was somebody didn't substitute bogus pages for all the addresses but just for a few. Say somebody has a page and they sell banner space for a company that provides ads, and when you load the page there is a bit of code that says go to 'Fred's Ad Company' for a banner. The hacker (or what you want to call it) says leave the rest of the page intact but instead of Fred's company being some number it really is, the person substitutes a number that takes you to one selling personal modification services.
Basically this isn't your computer, it is the DNS provided by your ISP.
What would concern me more is if your DNS was compromised then there could be risks to your security of online actions. A hacker could, for example, redirect you to a different page that looks identical to your bank's page when you log in to check your bank account online. They could then log you in to your bank and have you directed back to your real bank's page after collecting your information (account, password), without you even knowing it. For safety sake you might want to change passwords on any online accounts you use.
Again, this is not Apple or your computer or Mac software, it is your ISP's DNS and anybody is vulnerable to it if using an unsecured DNS.
To make a comparison, many people find it convenient not to have to pick up their telephone directories at the telephone company, or have to wait and sign for a delivery plus confirm it really is a telephone company representative making the delivery. They wait for the directory to appear on their doorstep. In theory somebody could substitute a fake directory so every time you phone pizza company X it really took you to a different company. What would be worse would be if you phoned a company and paid for something by credit card but it turned out not to be that company. They might even send you the thing you bought to cover their tracks, but then they have your credit card number.
I can't prove this is what is happening here, but there has been discussion of it over the past year.
When I put those DNS numbers into my network TCP-IP box,
I was unable to connect to Apple Discussions forums...
"OpenDNS Guide Blocked Domain"
Site blocked. discussions.apple.com is not allowed on this network.
This site was categorized as:
How can that be, you changed your DNS to OpenDNS
and you can post; but I can't? (And I had no previous
blocking nor any issues such as you've posted.)
So, I changed my DNS back to the defaults - and - it works...
When I enter that DNS (close to my IP address)
it does nothing; pages time out, open pages
won't connect. Nothing works online at all...!
Would this make a difference when using the
AirPort Extreme Base Station to connect via
ADSL, and have have the outgoing connection
shared behind the AEBS? Each has its own
special address behind the AEBS (10.x.x, etc.)
All of my browsers in use are the latest versions;
Firefox 3.x, Safari, Camino, Opera...
When I enter that DNS (close to my IP address)
OOPS, sorry for the lack of clarity, that nymber was supposed to go in your URL bar in a browser, not in DNS, these go in DNS Servers...
Would this make a difference when using the AirPort Extreme Base Station to connect via ADSL, and have have the outgoing connection shared behind the AEBS?
It shouldn't. Did it work before?
The change of DNS numbers in the AirPort Extreme's admin utility panel
has seldom been a necessity; it shows in ghost numbers to the right of
the blank boxes, the ISP's default ones, though I have not entered them
into the primary (empty) boxes.
When I used the Open DNS numbers, only some web sites worked;
but Apple's did not. Some pages elsewhere did work; but Apple sites
gave a page with the information I previously posted; a no-connect
as quoted from the OpenDNS page.
The third (and singular) number was a no-go in a browser. It timed out.
And after refresh attempts led to nowhere, I decided to not try again.
220.127.116.11 - - http://18.104.22.168/
The requested URL "/", is invalid.
Reference #9.de2512d1.1228094948.0 "
And when I changed the default DNS (blank) to these two, I could not
visit any Apple Discussions or apple pages; some others did not work.
TCP/IP using Ethernet over DHCP is how the AEBS is
set up to handle the ADSL; and I believe they changed
from PPPoE to DHCP or something a few years ago.
There is only one ISP in this area, they went from dialup
to something else, then now to DSL. A few other co's
have a long distance dial-in service, terribly slow, too.
arctic.net is the ISP, the company is now part of
American Broadband; nearly a continent removed.
There is no proxy involved at my end; only the
Apple Firewall turned on, nothing special, in OS X.
Hurray - the obscene Vimax ads are gone, gone, gone! Thank you, thank you, thank you for your suggestion to change my DNS addresses to the ones you provided. Worked like a charm! This is after several months of frustration and five hours spent on line with a Symantec tech who in the end, almost $100 later, didn't have a clue how to fix the problem.