Pranking via DNS the hard way (accidentally)
In 2012 I pulled an April Fools Day prank on my mother that I'm still proud of.
I knew a bit about HTML & CSS, and tinkered around in Linux... But apparently it wasn't yet the time when I knew about Git, so I don't have a live copy of this one anymore, unfortunately.
In my eyes, my mom spent entirely too much time on Facebook, so I had "Mark" "temporarily suspended" suspend her account.
I created a single HTML page clone of Facebook, added a "temporarily banned" message, and repointed her laptop's DNS.
My plan "worked" in that she saw the page as intended, but she knew right away it was me (this was not my first prank).
I was really proud of that site - I had used the image assets copied straight from Facebook, pulled hex color values from the source code and assembled it all into a pixel-perfect clone of a "real" Facebook page.
A clone that displayed just a single message when "logged in":
Our servers indicate that you have recently been spending too much time on Facebook. As a result, we have temporarily suspended your account. Please check back in a few hours.
- Mark
(Or, something very similar, I can't recall 100%)
This was back in the day of Ubuntu Live CDs (which, apparently they still make) and less-than-stellar file system encryption.
I woke up before anyone else (a feat in itself), and booted my mom's laptop into the Ubuntu Live OS.
I used MAMP a lot back then for work, so I likely hosted Fakebook on that. Which meant I also knew a little about DNS - namely, the etc/hosts
file.
I just pointed facebook.com
to whatever the LAN IP I needed was and boom - Pranked.
# /etc/hosts192.168.1.42 facebook.com
Damn - this was before https-by-default and higher browser security. This would not really work as well today 🤔