Safari taken over by "suspicious error message"

CharlesY wrote:

Another simple solution that not only will fix the issue immediately, but also for the future, is to override the DNS entry for the annoying spam domain.

That's not a good idea, for multiple reasons.

First and foremost, seeing a pop-up like that is a warning that you are visiting a site that is either entirely untrustworthy or has been hacked. As such, you should avoid that site. If it's a site you believe to be legit, you should avoid it until the problem is fixed. Continuing to visit a known bad or hacked site could result in worse than just an annoying little pop-up. All it takes is a vulnerability in your system or a momentary lapse in judgement and you could be infected with malware or adware.

Second, modifying the hosts file is not something that should be attempted lightly. If you mess something up, you could have major issues connecting to any sites at all.

Third, the domains used by these scams change every day. Adding them to the hosts file to block them is not an effective long-term solution.

Thomas Reed

Director of Mac Offerings, Malwarebytes

With respect, I don't agree thomas_r.

1. If you read the original poster, he is talking about a site that has taken over his browser. He has the URL. Restarting the browser is not working for him to remove it. Similar responses to avowing a site that you believe to be legit. etc. etc. His problem is that he has a window open in his browser that he can't get rid of. Let's concentrate on fixing the specific problem.
2. Changing the hosts file is not inherently dangerous. However it may be possible to screw up your hosts file, so I'll edit my post above and add in a backup step. Thanks.
3. I completely disagree. The poster has a problem. My solution fixes it. And best of all, if it happens again with a different URL, there's a recipe for immediately fixing it.
4. As a meta issue, the more people know how to fix their own issues, the better off everyone will be.

I don't seem to be able to edit my original post, so here's an updated recipe:

Process:

1. Open a terminal window
2. type: sudo cp /etc/hosts /etc/hosts.backup
3. enter your password when asked
4. type: sudo nano /etc/hosts
5. go to the bottom of the file enter the next line. Note: replace my spammer's hostname with your spammer's hostname:
6. 127.0.0.1 mac-error-messages.org
7. hit Ctrl-X then Y to save the file
8. Type: sudo killall -HUP mDNSResponder
9. Quit Safari then restart while holding down the shift button.
10. In the new window, try browsing to the spammers domain. It should fail.
11. If it does fail, check other sites (like google, apple etc). If they don't work, go down to the rollback procedure below.
12. Select History -> Reopen all Windows from Last Session

Rollback (only use this if you can't browse the internet after you've performed the above):

1. Go to a terminal window:
2. type: sudo cp /etc/hosts.backup /etc/hosts
3. enter your password if asked
4. Type: sudo killall -HUP mDNSResponder

This resets your hosts file to where it was before you modified it.

CharlesY wrote:

His problem is that he has a window open in his browser that he can't get rid of. Let's concentrate on fixing the specific problem.

Yes, that was the problem he was having back in 2014. The problem would be far more easily solved, without the need to run commands in the Terminal using sudo, by following the instructions at the link in my very first response on this topic. Modifying the hosts file as a one-time solution to get rid of a pop-up is rather extreme when most people can simply solve it by holding down the shift key while re-opening Safari.

Yes, perhaps I should have mentioned that my solution is for those that want to preserve their open windows as well.

I guessed, though I didn't make it clear, that anyone that continued to read was looking for a more sophisticated solution. Personally, I kept reading as I have dozens of open Safari windows that I use as temporary bookmarks. Anyone that was satisfied by merely trashing their current session would have done so already.

There's a simple fix, then a not-so-simple fix. I've done this for folks who've had issues with annoying spam pop-ups that are so long they don't have a visible "OK" button.

Simple:

Quit Safari (force-quit if necessary by clicking the  logo and choosing Force Quit ...), and then relaunch Safari while holding the Shift key on your keyboard. This will sometimes prevent the pop-up from recurring so you can close the tab.

IF THAT DIDN'T WORK:

Not-so-simple:

Some websites are really nasty and don't play nice with the simple method above. So we can get mean. No tab can survive file deletion ... nor can your computer, so make sure you delete the right files!

• Quit Safari.
• Open a Finder window and, in the menu bar, click Go and then choose Go to Folder. You will see a box slide down.
• Type (or paste) ~/Library/Safari into that box, and click Go.
• There will be some files in the folder that appears. Find the file called "Last Session.plist" and drag it to your desktop.
• Launch Safari, and verify that all the tabs you had open are gone.
• Drag the Last Session.plist file on your desktop to the trash, and empty the trash.

Hope that fixes this problem! If you want any tabs back, you can go look through your history from earlier that day.

History > Earlier Today