Setting up a Hosts File

Discussion in 'privacy technology' started by Blackspear, May 3, 2005.

Thread Status:
Not open for further replies.
  1. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I am using spyblocker as well...there is a possibility to merge 1 host and to import whatever you like lol...simple and newbie friendly but may not be suited for advanced users I guess...;)

    /edit: and I don't mean anything by this
     
  2. FanJ

    FanJ Guest

    Hi Pete,

    (oops a little bit late reply....).

    Hostess has its own databases.
    Look in your Hostess directory and you'll see them.
    (I use Hostess but not the latest one).

    In your case (if I understood it right):
    1. you removed an entry from HOSTS;
    2. there was a new HOSTS file that did not have that entry anymore;
    3. you merged that new HOSTS file using Hostess.
    4. that entry was again in your HOSTS file.

    What happened (as I suppose):
    That entry was still in the database of Hostess itself; by using Hostess to merge, Hostess did put that entry again in your HOSTS file.

    So what you should do:
    If you use Hostess to maintain your HOSTS file, then do the maintenance through Hostess.
    If you want an entry removed from your HOSTS file, then remove it first in Hostess itself, and then let Hostess make a new HOSTS file.
     
  3. FanJ

    FanJ Guest

    Hi,

    About using Hostess to maintain HOSTS.

    I hope this is not too far off-topic.

    I will try to prove what I said in the previous posting about maintaining the HOSTS file with Hostess.
    Please keep in mind that I use Hostess version 2.10 (on W98SE), but I suppose that the same goes for the latest version.

    The issue:
    If I maintain the HOSTS file via Hostess, but make some changes in the HOSTS file itself without using Hostess, what happens the next time I use Hostess to maintain the HOSTS file.

    My answer:
    Of course you can make changes in your HOSTS file without using Hostess.
    But Hostess has its own databases in which it stores the info for your HOSTS file.
    Hostess uses those databases to make your HOSTS file.
    So if you make changes directly to your HOSTS file without making them through Hostess, those changes are not included in the databases of Hostess; and the next time you use Hostess to make your HOSTS file, those changes will be ignored (Hostess does not have that info).


    Prove:

    In this prove I will use an entry in HOSTS that is important for TDS-3.
    TDS-3 users will be familiar with it.
    More info about that particular entry can be found here:
    http://www.wilderssecurity.com/showthread.php?t=25715
    The entry is:
    64.91.255.87 www.dcsresearch.com

    I myself have a special group for it in my HOSTS file:
    DiamondCS forum F5
    In my HOSTS file it looks like this:

    # DiamondCS forum F5

    64.91.255.87 www.dcsresearch.com


    Proving:

    1.
    First I backed up my HOSTS file.
    (And as a precaution my whole Hostess directory).
    2.
    I deleted that line in my HOSTS file (without using Hostess):
    64.91.255.87 www.dcsresearch.com
    3.
    So I had now:
    # DiamondCS forum F5


    4.
    I copied the new HOSTS file to another directory.
    5.
    Then I used Hostess to import that copied HOSTS file into my HOSTS file.
    6.
    Then I looked again at my HOSTS file.
    Here is what I saw:
    # DiamondCS forum F5

    64.91.255.87 www.dcsresearch.com


    Conclusion

    If you use Hostess to maintain your HOSTS file,
    then be aware that, if you make changes to your HOSTS file without using Hostess, the next time you use Hostess those changes will be ignored.


    Additional suggestion

    Using Hostess might give an additional way to get your HOSTS file back in case it got corrupted.
    If you use some kind of file integrity checker (for example the CRC32-test in TDS-3) and you use Hostess, then put not only your HOSTS file into its database but also the Hostess files and databases.
    Keep backups of your HOSTS file, and (in case you use Hostess) the Hostess files and databases.


    I hope this might help a little bit.
     
  4. Moore

    Moore Registered Member

    Joined:
    Mar 14, 2004
    Posts:
    82
    Location:
    land of ?z
    I find myself using Hostess mainly for the hosts toggle , comes in very handy at times.

    Great guide Blackspear , I'm sure many people will find this useful..

    Would you mind if I added your link to the Bluetack/Gladiator/SpywareWarrior Hosts file guide at all ?

    http://www.bluetack.co.uk/forums/index.php?showtopic=3996
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thanks Moore, and no worries at all.

    Cheers :D
     
  6. Bonnie

    Bonnie Registered Member

    Joined:
    Dec 11, 2004
    Posts:
    18
    Just found this link via Spyware Warrior (thanks, Moore) and followed it here.

    Followed the instructions and downloaded the Bluetack HOSTS file – seems to be working nicely – thanks for all the info, Blackspear.

    Just a couple of quick questions:

    1. Going back to the very first post in this thread, item:
    2) Make sure you can view file extensions on your computer. Click on My Computer> Tools> Folder Options. Untick everything as per screenshot and then click on Apply.

    I take it that when you’ve downloaded the chosen HOSTS file you go back and restore the settings?

    2. Referring to hadi’s question, “Has IE-SPYAD same purpose/effect as HOSTS file”, can I take that, especially if using the Bluetack HOSTS file, that there is no great need to also use IE-Spyad (for those of us still on IE, that is).

    Thanks.
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Welcome to Wilders Bonnie.


    My pleasure Bonnie.


    Indeed.


    I still use IEspyad in case someone opens up Internet Explorer instead of Firefox, just another layer of protection, as it places sites within the restricted zone.


    Glad I could help…

    Cheers :D
     
  8. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Hi Guys

    I've spoken with the chaps at MVPS and I have permission to use their HOSTS file inside Online Armor.

    So, within the next 24h I will be adding the MVPS HOSTS file into Online Armor's central "untrusted" sites list, and from here on in it will get pushed out as part of our automatic updates whenever it is updated.

    What this means is when you try to visit any of these sites, content such as ActiveX, Java, etc will be silently blocked without any interaction from the user.

    While a HOSTS file will blackhole the sites, the inclusion inside OA will "de-fang" the site making them much, much safer and without any popups - and you don't need to worry about it.

    Hope you find this useful - I'll post separately once the file has been included in autoupdate.

    Cheers


    Mike
     
  9. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Mike
    You just keep pushing the envelope ! Roll on dude !! Roll on
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Fantastic Mike, looking forward to each program update.

    Will a user still have to disable the dns service to stop slowdowns in XP?

    Cheers :D
     
  11. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,656
    Location:
    Sydney, Australia
    Hi Blackspear

    No - we won't actually be writing the HOSTS information to a HOSTS file, we'll be adding it to the central OA "untrusted" sites list. So, you'll still be able to surf to the site, but any nasty content (or even suspicious content) would get blocked by the webfilter.

    The only real difference between that and the standard OA is the standard OA would warn you, but now that the data from MVPS has been added OA will automatically know this site is bad and will block active content without bothering the user.

    So - with that in mind - the user wont need to touch DNS, HOSTS or deal with manual updates in any way.

    Mike
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Excellent, OA is looking better all the time. I'm looking forward to the day where I can install Nod32 and just OA with built in firewall and registry protection.

    Cheers :D
     
  13. stein

    stein Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    26
    Location:
    Scandinavia
    Here is a free utility which automatically does the basics:
    http://www.timdorr.com/syko86/ycsoft/hostssecure.htm

    It is a no-nonsense utility from Tim Dorr, and uses the hosts list of mvps.org (http://mvps.org/winhelp2002/hosts.htm).

    Stein
     
  14. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i'm pretty sure hostsman will update at least three different sites automatically, you just need to open it and click around abit to find it. i'd show how to do it but i don't have access to it atm.
     
  15. stein

    stein Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    26
    Location:
    Scandinavia
    That's right. Hostsman (http://hostsman.abelhadigital.com/) has more features than Hosts_Secure, and can automatically import 4 different hosts lists (and even merge them, if wanted).
     
  16. Arup

    Arup Guest

    Best feature for Hostsman is its http server feature which makes surfing faster even and lets you know what is being blocked by hosts, also the ability to use four major hosts file merged into one makes it the best in its class.
     
  17. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Interesting thread. I am new here, and have some questions if you don't mind.

    There is no mention of the size of the hosts file degrading performance. A few years back I tried out Hostess and another one, with a few different downloaded lists. My experience was that there was a certain threshold at which it became a bit bogged down. Anyone else experience that? And at what size file or # of entries did you find that.

    Does a hosts file get initalized upon the packet generation? In other words, can you for instance replace it with the original MS copy before you go to a site and it filters nothing. And then replace that with your cusotm one and browse to a different site and it does filter. If that is the case, do you think it would be just as easy to write a script that toggles them for you like that, which I assume is what the hosts managers are doing anyway. Or is there a registry setting one could toggle themselves.

    Now to my real question. Does anyone know if there is a way to use a net range in windows xp similar to what the hosts file does. The hosts file is limited to single entries AFAIK. I know unix OS's have IP tables which if I am correct allow net range blocking. I know there are some plugins that do that, such as the RIAA blocker I think. As does the firewall I use, Outpost. A plugin that blocks ranges. But all of those are software solutions. I am looking for the hosts file type solution which precedes the software variety.

    This would be especially useful if you wanted to block not just www.somebadplace.com, but with a simple whois, you could block thier whole netblock. That is my current quest.

    Anyone know?

    Thanks for any pointers in the right direction.
    sul
     
  18. Arup

    Arup Guest

    The reason it got bogged down is due to MS's faulty DNS cache service which you don't need anyways, a good Hosts manager like HostsMan 2.1 disables it by default, I use four hosts merged into one with 68000 entries, no bogging or slow downs at all.
     
  19. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Hmm. I have since learned a great deal more, and I do have the dns service disabled. So you are saying that limitation is no longer a concern? That makes the hosts file more attractive than it was.

    How about blocking a net range. Any thoughts there?
     
  20. stein

    stein Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    26
    Location:
    Scandinavia
    As far as I know it is not possible to block single IP-addresses or ranges with the Hosts file.
    However, you can add bad IP-addresses to your local routing table and route them to nowhere.

    If your local network address is 192.168.1.33, your default gateway is 192.168.1.1, and 192.168.1.222 is not in use, you could use the following command line syntax to block 66.66.66.66:
    "route add 66.66.66.66 192.168.1.222".

    "route add 66.66.66.* 192.168.1.222" would filter out 66.66.66.0 - 255.
    "route add 66.66.66.6? 192.168.1.222" would filter out 66.66.66.60 - 69.
     
  21. POS

    POS Guest

  22. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Hmm. I have seen some mention of that before. Was not aware of the ? being a valid character though. There must be a file somewhere that one could manipulate, as if I recall correctly that is a static entry, much like adding and ARP entry to the ARP cache. Althogh, I have yet to find the file or registry entry that houses static mac addresses used in the ARP cache.

    Groovy suggestion. I will dig deeper. Thanks Stein!
     
  23. stein

    stein Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    26
    Location:
    Scandinavia
    ? is a valid wildcard character in XP at least.
    Remember the -p switch to make the route survive a reboot (route -p add ....).
    192.168.1.0 might be a more convenient adress to use as trash bin (no need to check if the address is in use).
    I have tried a routing table of 1.000 entries, and surfing doesn't seem to suffer much.

    The persistent routes are stored here:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes
     
    Last edited: Dec 27, 2005
  24. stein

    stein Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    26
    Location:
    Scandinavia
    After some playing I have noted the following:

    Wildcards do not work with "route add". They can be used with "route print" and "route delete" only.

    Using 127.0.0.1 for the gateway would be super nice. Adding a route with 127.0.0.1 as gateway generates an error message, but the route can still be seen with "route print". However, this entry does not have any effect. Your PC's real IP-address must be used (e.g. 192.168.1.222). This is a bit problematic if your PC travels and uses different addresses (typical dhcp).

    It is slightly easier use your network-IP (xxx.xxx.xxx.0) (e.g. 192.168.1.0) which does not represent any physical machine. But even this IP might change when you are on the run.
     
  25. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,317
    Location:
    Adelaide
    I was just coming in to post the same message. Does anyone know why this would be the case?

    Edit - I downloaded the Hosts.zip to another computer and WinRAR extracted it fine.

    To POS, what I've done is upload the HOSTS file in 7-Zip format. You can grab it from the following URL - http://www.savefile.com/files/9446040
     
    Last edited: Dec 28, 2005
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.