Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Learn, share, and get recognized

Learn more about the Apple Support Community >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: asvpx
asvpx Author
User level: Level 1
0 points

Apple Discussions hacked by Tiger-Mate

Having just updated to Mac OS X 10.6.8, I was angry that Safari had been updated and is completely broken ....but that is another issue altogether.


It was whilst searching for a solution to Safari 5.1 problems that I came accross a breach to the Apple Discussions site and therefore Apple.com by a hacker known as Tiger-m@te (search for tiger-mate bangladesh will provide some background on his'her notariety).


I searched in Google: 'safari 5.1' + 'broken' and got the following:


Safari 5.1 'Broken' in OSX.6.8?: Apple Support Communities



The 4th link 'Safari 5.1 completely....' has the address https://discussions.apple.com/thread/3190534?start=0&tstart=0, but the page redirects to


http://chimac.net/2011/07/20/safari-5-1-completely-broken-under-lion-apple-suppo rt-communities/necko:classified1request-methodGETresponse-headHTTP/1.1 200 OK


....activating weird window behaviour, the pronouncement "Hacked" and some details of tiger-m@ate (though I've not clicked on any of the links).


....there was also a redirect to http://www.fotonons.ru/images/17.03.11/bytigermte.jpgrequest-methodGETresponse-h eadHTTP/1.1 200 OK


(note the .ru address !!!)


Someone has already posted a video of the type of thing you can expect :


http://youtu.be/NjhO64s901s


I do not know whether tiger-m@te is just showing off or whether there's an attempt to steal information.


I will inform Apple directly, but please JUST BE AWARE, AND BE SAFE

apple.com-OTHER, security warning

Posted on Sep 25, 2011 8:06 AM

Reply
19 replies
User profile for user: rccharles
rccharles
User level: Level 6
12,957 points

Sep 26, 2011 10:12 AM in response to asvpx

You may be experiencing a DNS explot. Some DNS servers have been hacked.


What you should try is:


DNS

What is a DNS? DNS stands for Domain Name Server.


When you enter an Internet address such as google.com into a web browser, your system needs to translate the character string into a numeric value. The address google.com translates to 72.14.204.103. A DNS server does this translation. There is a hierarchical series of DNS servers. The first DNS servers starts on your machine.


When using DHCP to set up your Internet connection, your ISP's DHCP server will provide you with an address of a DNS server.


You may configure your own DNS server address or addresses if you wish. Only change the DNS Servers entry. Leave the rest the same.


User uploaded file


*Try Google*

Google Public DNS is a free, global Domain Name System (DNS) resolution service, that you can use as an alternative to your current DNS provider.


To try it out:

Configure your network settings to use the IP addresses 8.8.8.8 and 8.8.4.4 as your DNS servers


http://code.google.com/speed/public-dns/


*Use OpenDNS*

BDAqua suggests in a post:


You can use OpenDNS for looking up web addresses.


208.67.222.222

208.67.220.220


https://www.opendns.com/homenetwork/start/device/apple-osx-tiger

(Please note that you do not need to a joint Open DNS to use it.)



Free Fast Public DNS Servers List

http://theos.in/windows-xp/free-fast-public-dns-server-list/

Reply
User profile for user: Kurt Lang
Kurt Lang
User level: Level 9
58,302 points

Sep 27, 2011 7:54 AM in response to asvpx

I saw the same thing on my web site Sunday morning. Safari displayed my home page normally, but Firefox displayed the worthless "Hacked by xxxx". Like these idiots think anyone outside of their little group cares one pigeon dropping for their display of "skills".


I was able to fix the issue in just a few minutes by opening my site's file listing and deleting files I knew shouldn't be there, and replacing any .html files with my backups. My hosting company sent this message this morning. This is partial, but explains what happened.


As you may be aware already, our network, and potentially your account, was the target of a large scale website defacing attack on Sunday, September 25th. We understand and share the upset and frustration felt by all of our affected customers. Please know that we are working as fast as possible to help all customers repair their sites.


The defacement worked by replacing index files in all public_html directories with the attacker's index.php. At this time, it does not appear to be any more malicious than taking over the web site's home page, but we are still reviewing servers at this time.


We sincerely apologize for the delay in notifying you of the changes, but in the last day our focus has been on actively repairing sites via automated and manual systems. Most we have been able to successfully repair, but we want to be sure you are aware of the attack and you review your sites if you have not already done so.


There was a bit more, but essentially, it was an attack on the hosting company's servers. A users Mac or Windows machine was not compromised to deface your site.

Reply

Apple Discussions hacked by Tiger-Mate

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up