How To utilize a Hosts File

How to do things, solutions, recipes, tutorials
Post Reply
Message
Author
User avatar
Alucard_the_dex
Posts: 317
Joined: Wed 05 Oct 2005, 01:53

How To utilize a Hosts File

#1 Post by Alucard_the_dex »

What Is a host file? And what can it do?

MVPS makes a good description on just that

The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.

You can use a HOSTS file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems. Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by that DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements. Why? ... because in most cases "Ad Servers" like Doubleclick will open a separate connection on the webpage you are viewing.
http://www.mvps.org/winhelp2002/hosts.htm


In Short the Hosts file can be used To surf the web ad free. Another use parents can benefit from is being able to block Pornographic Sites from the kiddys easily without a third party program hogging resources and money.

Is there a risk to using a Hosts file?

Yes but the risk is low and can be avoided if the hosts file is used properly. Misuse can block websites you want to view or cut off internet all together. Also a Out of date or inadequate hosts file can result in fewer Adservers blocked and higher risk for malware.

So why use a hosts file?

As stated in the MVPS description it can Block banners malware and even unwanted websites.


I read the MVPS description but i still don't understand what exactly the hosts file does and how.

When you enter a website your computer checks the host file for its server first before the DNS service. If the website has a banner that your host file contains its Adserver with 127.0.0.1 before it your computer tries to contact itself for that banner. Obviusly the banner is not on your own computer resulting in a loopback and in place of a banner you'll see a 404 cannot find page.

Alright but how does it stop malware?

By Blocking the Adserver containing the malware your computer never accesses it nor can it access your computer. By neither one communicating nothing is placed on your computer (I.E. malware and cookies).

But i have heard of spyware taking over the hosts file so i don't use it to prevent this.

Yes malware can take over your host file but this can be easily fixed and prevented. Concerning not using the hosts file to prevent hijacks is a false sense of security. If you use the hosts file or not it is still there and can be hijacked by malware. By using the hosts file in the first place you can prevent hazardes websites. By Write protecting the host file you can reduce the possiblity of malware changing it. This too is a false sense of security. Altho yes it can prevent most malware chaning it only the simplist of malware wont be able to change it. Higher forms of malware can easily get by this or even direct your computer to a entirely different hosts file it creates.

So where is the hosts file and how do i use it?

In linux the hosts file is located in "/root/.etc/hosts". The Hosts file is easily edited using any simple text editor. Just add entries onto the existing hosts file with 127.0.0.1 to block the requested server.

Example

127.0.0.1 www.Doubleclick.net

Will block the double click website.

Is there a already made Hosts file i can download?

Yes there is many online but not all are good. A bad hosts file can end up in blocking wanted sites for no exact reason and can give a false sense of security due to lack of Adserver entries.

Klh has suggested MVPS Hosts file for its Amount of Adservers and how updated its kept.

http://www.mvps.org/winhelp2002/hosts.txt

There are many other good quality hosts files out there.

Here is a link to a small database of Hosts file websites

http://pgl.yoyo.org/adservers/links.php#2


Ok so how do i use these?

Simply Copy everything AFTER 127.0.0.1 local host and paste them onto your current hosts file

Wanna speed up accessing goosee.com and murga.com?

Just add these into your host file

216.194.77.177 www.murga.org
66.179.215.22 www.goosee.com

Still need help?

Feel Free to PM me or post with your questions. Suggestions are welcomed happily.
~Puppy Linux~ Where mans best friend becomes PCs best friend

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#2 Post by Flash »

Would you say that a Hosts file does more or less the same thing for a single computer as a DNS server does for the internet?

User avatar
Alucard_the_dex
Posts: 317
Joined: Wed 05 Oct 2005, 01:53

#3 Post by Alucard_the_dex »

Basicaly it does jsut about the same to my understanding. Im still learning about DNS servers myself but so far i think its just about the same as what a DNS server does for the internet. But by using the Hosts file You can override having to look thru the DNS server and send your request for the website strait to its own server.

This is what i understand outa it like i said im still learning. Most pple have no idea what a host file is at all so i felt like i should post my knowledge as easily as i could here.
~Puppy Linux~ Where mans best friend becomes PCs best friend

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#4 Post by Flash »

Alucard_the_dex wrote:Most pple have no idea what a host file is at all so i felt like i should post my knowledge as easily as i could here.
Thanks. Until you went to the trouble, I had no idea what a Hosts file was. :)

User avatar
Alucard_the_dex
Posts: 317
Joined: Wed 05 Oct 2005, 01:53

#5 Post by Alucard_the_dex »

Flash wrote:
Alucard_the_dex wrote:Most pple have no idea what a host file is at all so i felt like i should post my knowledge as easily as i could here.
Thanks. Until you went to the trouble, I had no idea what a Hosts file was. :)
Your Welcome ^^ Any suggestions?
~Puppy Linux~ Where mans best friend becomes PCs best friend

Bruce B

#6 Post by Bruce B »

I hope this helps to explain the DNS / hosts relationship.

The first principle is that computers don't connect with each other by names. They establish their connections with IP addresses.

The default sequence for getting the addresses is as follows:

The OS checks its cache to see if it already knows the address.

If not it opens the hosts file and scans it from top to bottom looking for an exact name match. If there is an exact match it uses the address assigned to that name.

If a match is not found the OS sends out a query for the address of the name. This query is sent to what is referred to as a DNS server. The remote DNS server looks up the name and returns the address if it has it.

About the DNS servers: If you connect with DHCP a part of that service is to provide your OS with the addresses of typically 1 - 3 DNS servers, which your OS will use to query.

If you make manual connection settings you may have to provide the OS with the address of the DNS servers.

The power of hosts is it has priority number 1. Whatever hosts says goes. If the name is in hosts, the OS will find it and use the address assigned to the name. No remote DNS queries will be made.

-----------------

About the cache. Sitenames get cached after the OS has gone through the above procedure and found a match. The TTL (Time To Live) in cache varies from server to server when the address is retrieved from a DNS server. With Google the TTL can be 2 minutes and 22 seconds. With other sites it can be several minutes to several hours.

With the Linux OS, I wonder if the entire hosts file gets cached on boot as someone posted. I hope not, because it could require reboots to unblock sites. I don't know about the TTL either. I'd have to do some specific testing before stating with certainity its behavior.

Also, I usually have a hosts file with a few hundred entries, this is the first time I've tried one with thousands of blocks.

------------------

Note: The top line of the hosts file should by convention read as follows:

127.0.0.1 localhost

Puppy's default hosts file reads like this:

127.0.0.1 localhost puppypc

Not knowing why Barry did this and thinking puppypc might be used for some internal scripting or processes, I'm using Puppy's default as the top line.

-----------------

Last note I've gone over the pre-made hosts list linked above. It is about as excellent a block list as one could expect. It blocks advertisers, data miners, counters and bad sites.

There are probably about a hundred sites that could be removed because they are no longer registered with the DNS and one site that was I presume mistakenly entered.

The ideal hosts file doesn't block any more or any less than what you really want blocked. And this one does a good job.

For people who want to surf clean - I heartily recommend that particular hosts file. You can download it from the browser to the /etc directory and if you don't like it you can delete it. (except for the top line localhost line which you should keep).

-------------------

Final last note:

If you use a remote proxy almost none of what I've written above applies, because you will be using its hosts file and DNS services.

User avatar
Alucard_the_dex
Posts: 317
Joined: Wed 05 Oct 2005, 01:53

#7 Post by Alucard_the_dex »

Thanks for clearing the DNS server subject up.

About the cache Bruce i Have heard that Windows Computers have slow down problems with large hosts files over 126 MB because of the cache. I still haven't had a problem myself and mine is 1.5Mb. On puppy i wonder if slowdowns would occur also with a large hosts file.

Refering to the Premade hosts file I personaly used Mike Skallas block list for a year with good results. Right now im running puppy with Mikes and MVPS Hosts files Merged into one with no problems. Recently Ive been testing merging 7 of the premade hosts files in the list ive posted. So far its about 2Mb large 50k Lines long 48 duplicate entrys (still trying to find out how to remove them). If anyone would like to help me test this hosts list plz pm me.

About the uneeded entrys bruce my peronal opinion If they still have them on their list they must have a reason. If there are websites blocked that i want to view ill simple go in and remove um no harm no fowl. My 50k line list may sound overkill but if it doesnt impact my computer or internets speed or stablity i want as many bad things blocked as possible. On the internet theres no such thing as being to safe.
~Puppy Linux~ Where mans best friend becomes PCs best friend

Bruce B

#8 Post by Bruce B »

> Thanks for clearing the DNS server subject up.

There is still more to learn, specifically about Linux caching behavior. Also, Linux uses three hosts files:

hosts
hosts.block
hosts.allow

I want to do some research on when and where to use the various files. Anything you can learn and post would be appreciated.

> About the cache Bruce i Have heard that Windows Computers have slow down problems with large hosts files over 126 MB because of the cache. I still haven't had a problem myself and mine is 1.5Mb. On puppy i wonder if slowdowns would occur also with a large hosts file.

I can state this with certainty, even though it might sound surprising, Windows computers thru ME do not cache the hosts file. Every single time the cache doesn't have the address corresponding to the name, it opens the hosts file and searches every single line, if it finds a match, it caches the match and only the match. If it gets to the bottom of the file with no matches, it sends a DNS query and caches that.

So in actual practice, if you access a site that refers five different sites, which by the way is common, Windows opens and searches the hosts file five different times.

One should think that time would be lost parsing a 10,000 names in a flat text file 5X. Yes, time is lost, but it is negligible. Even on a low-end machine, Windows does it with remarkable speed, and you'd likely not notice the time lost.

Then W2K comes along with the idea of caching the entire hosts file, and took forever and a day for it to do it on a big file. Serious problems. People experimented and found work arounds and ways to configuring W2K so that it would work fine.

As far as how XP handles it - I absolutely do not care and refuse to care. The last thing in this world I'm willing to give my time to is working out bugs and problems with that operating system. Bill and Steve and their crew can create and solve any problems any way they want.

> Referring to the Premade hosts file I persona used Mike Skallas block list for a year with good results. Right now im running puppy with Mikes and MVPS Hosts files Merged into one with no problems. Recently Ive been testing merging 7 of the premade hosts files in the list ive posted. So far its about 2Mb large 50k Lines long 48 duplicate entrys (still trying to find out how to remove them). If anyone would like to help me test this hosts list plz pm me.

Getting rid of duplicate entries is pretty simple:

# cat hosts|sort|uniq>1$
# mv hosts hosts.bak
# mv 1$ hosts

> About the uneeded entrys bruce my peronal opinion If they still have them on their list they must have a reason.

I think the reason is that things change fairly fast on the Internet and it takes time to check on 10,000 hosts and it doesn't hurt to leave them in.


> If there are websites blocked that i want to view ill simple go in and remove um no harm no fowl.

It is a good list and for the most part you won't want to go to the sites. There are sites I like to block, but occasionally visit. Once a site gets cached you can't access it by site name without a reboot or using the IP address. There are some tricks also. Suppose you block www.murga.org and the block gets cached.

You can still get there by going to murga.org because that name is not blocked or cached.

> My 50k line list may sound overkill but if it doesnt impact my computer or internets speed or stablity i want as many bad things blocked as possible. On the internet theres no such thing as being to safe.

I've been using a hosts file with about 800 entries with no problem. Last night I put the big list in Puppy running against Mozilla and had serious problems. I don't want to go into detail on the problems at present. First I'd like to narrow things down and isolate what is going on. After I've figured it out, I feel better about communicating, otherwise it is just static on the line.

User avatar
Alucard_the_dex
Posts: 317
Joined: Wed 05 Oct 2005, 01:53

#9 Post by Alucard_the_dex »

>hosts
hosts.block
hosts.allow

Ive heard to just leave them alone the hosts file is all you need to edit.

>Last night I put the big list in Puppy running against Mozilla and had serious problems.

What large hosts file? linky plz. On the serious problems note Mind giving a sumed up explanation no details needed Just so i know for when i test myself (havent used my 50k on puppy yet).
~Puppy Linux~ Where mans best friend becomes PCs best friend

Bruce B

#10 Post by Bruce B »

> Ive heard to just leave them alone the hosts file is all you need to edit.

That's the way I've done it and it worked fine with just several hundred entries.


> What large hosts file? linky plz.

The one you linked to in this thread.


> On the serious problems note Mind giving a sumed up explanation no details needed Just so i know for when i test myself (havent used my 50k on puppy yet).

In a way I mind, but on the other hand I don't want to create a mystery for you either.

Lots of problems, and it poses lots of questions for me. I'm a careful worker and I will systematically run this stuff down.

First off, I installed the hosts file PLUS a few hundred passes at the bottom. By 'pass' I mean sitenames with the URL already resolved.

It didn't run well, so I bypassed the localhost proxy, and made for a direct connect.

On some of the tests I made it would stall badly. I remembered back to the Netscape days and it was Netscape that also stalled badly with the hosts file. Internet Exploiter did pretty good.

The worst of it was that the majority of the actual DNS queries failed.

--------------

For some background.

When they programmed Netscape they had a timeout of like a minute and a half before it would return the 500. The idea is that Netscape programmers decided to give it every possibility of trying to get a site connection for you even if it had to take a long time.

Remember that the Netscape 3.x and 4.x were running on computers with modems and some of us were actually surfing at 14.4 kbps and we though we were cooking because some people had much slower modems.

Us people using Netscape had tough times with the hosts file the first few weeks we started it up. So what you'd do is when you see it bogging is tap the escape key and that helped to move it along.

Then Millie discovered that the speed improved by using 0.0.0.0, and for a while Steve Martin was offering hosts files in both formats.

I discovered that the whole problem gets solved by routing it to an actual web server.

In the meantime Pyrenean came up with the perfect hosts companion - eDexter.

Back to the subject at hand, at first glance it appears to me that Mozilla has a lengthy timeout built in. (maybe something carried over from Netscape, who knows?). I looked at the about:config and didn't find anything readily to adjust it.

Simply stated there are some problems I've got to run down. It doesn't discourage me in the least. It is just that it takes time to learn and analize.

---------------------

More history

I hate spyware only I don't particularly complain about it.

I got my first and last dose of spyware way back when, in the early days.

There was this company called Aureate then Radiate and it had an adbot in the %windir%\system directory.

I wanted to know where it was phoning home to. So I piped the .dll through a text stream utility and snatched the text out of it to a text file.

I opened the redirected file with a text editor and there were the sitenames it was using - plain as day.

That's how I made my first hosts file. That is also the file I posted publicly when I wanted to sell the idea to others. It took off like wildfire.

Just by using the tools that came with Windows that not many people knew about, you get to take charge of your computer again!

Some people criticized the hosts technique is not being 100% effective due to the fact that the DNS sequence is by-passed when direct IP connections are used.

So I published a page on how to use the Windows routing table to prevent outbound connections in cases where unwanted direct outbound calls are made with IP addresses.

You can do it all with just a text editor. The tools are built into the operating system.

------------

It is my computer. It is a personal computer. It is my resources. It is my phone. If some company wants to use my phone they better ask permission.

If they don't have more respect then that, they will get put on a block list. The block lists will be posted publicly and made available for anyone who wants use it.

User avatar
Alucard_the_dex
Posts: 317
Joined: Wed 05 Oct 2005, 01:53

#11 Post by Alucard_the_dex »

How did you compile it? Did you just copy and paste onto it and hit save? orrr ddi you do more?

((the only one i posted is MVPS the other is a link to a directory))
~Puppy Linux~ Where mans best friend becomes PCs best friend

Bruce B

#12 Post by Bruce B »

I merged it with my existing hosts, removed the dupes, but the blocks on the top and the resolves on the bottom.

User avatar
Alucard_the_dex
Posts: 317
Joined: Wed 05 Oct 2005, 01:53

#13 Post by Alucard_the_dex »

With what program did you do this in?
~Puppy Linux~ Where mans best friend becomes PCs best friend

Post Reply