Jump to content

Hosts - one of the most effective things you can do to enhance online security...


Recommended Posts

One of the most effective ways to keep your system secure and private while on the web is to implement a managed blacklist of sites you just won't allow your device(s) to visit.

I have been developing a script that gathers data from various contributors around the web who have developed lists of badware web sites, and compiles the info into a blacklist of sites you REALLY DO NOT want to visit.  The result is pressed into service by a very simple process: 

Adding blacklist entries into your hosts file.

Windows uses the file %SystemRoot%\System32\drivers\etc\hosts. to allow you to pre-load your DNS cache.  The intent is that if you have a server you'd like to name, but the name isn't provided by an online DNS service, you can name it in your hosts file.

But what the hosts file can ALSO do is allow you to redirect name resolution to 0.0.0.0 for any number of sites that serve malware, ads, track you, or just deliver things you don't want to see.  An attempt to access that named site just fails.  Your computer never contacts it.

If you put the right list into your hosts file, your system will automatically, and most importantly without noticeable ongoing overhead, just avoid visiting badware sites.  That's it.  It doesn't require decisions by you, and it doesn't cause extra software to run.  And there's no cost; the information is freely available - and surprisingly well maintained.

What you see in a practical sense is that your browsing experience becomes free from ads, you no longer see viruses and malware trying to come in, and your browsing experience even gets faster.  No kidding.

Let's say, for example, that a badware site is www.iservemalware.com...

Maybe links to www.iservemalware.com are embedded in other people's web pages, in ad slots, for example, or in things you fear your kids might click on.  Maybe it shows up as a link in an eMail.  Or even worse, html that just opens the site as soon as you view the message.

It'd be nice if something would just stop your computer from visiting such a bad site, right?

One entry in the hosts file will do just that:

0.0.0.0 www.iservemalware.com

Boom, your computer won't visit the online server for www.iservemalware.com again.

Maybe you've already even added some of your own badware sites you've run across to your own hosts file.  But wouldn't it be great if you could combine the web browsing experiences of other folks out there too?  There are literally tens of thousands of bad web sites.  Seriously.  But that number is not infinite!

I present to you, free of charge and with no strings attached, my HostsCompiler script:

http://Noel.ProDigitalSoftware.com/files/HostsCompiler.zip

It retrieves badware site data, processes it into a minimum size blacklist, and augments your existing hosts file.  I've tested it on 64 bit Windows 7, 8.1, and 10, though it will probably also work on 32 bit systems and Vista and XP.

To set it up:

Unzip all the files into the same folder, open an elevated command prompt, CD into that folder, run HostsCompiler.bat by typing its name, it will prompt you to continue, and it will immediately go out and find lists of badware / malware / adware sites from online sources and add them to your hosts file.  You'll be instantly protected against visiting nearly 50,000 known badware sites. You'll notice a positive difference in your browsing experience.

Run it regularly - for example by scheduling it to run every day using the Windows Task Scheduler as I do - and you'll have a "set it and forget it" system that will keep itself up to date to block the latest servers showing up online with intent to turn you into a victim.  For me the script literally runs to completion in 5 seconds.

The online sources this script obtains the information from are the following at the time of this writing:

I wish to acknowledge the fine people who publish the lists at the above sites for their contributions to enhanced online security, privacy, and browsing performance.

The executables in my zip file are from the freely available GnuWin32 toolkit plus one I've written (SHOWTIME, a tiny command line executable for displaying the current time/date), and the script is editable and readable, with plenty of comments.  It's designed to coexist with whatever else you do with your hosts file.

If you have even the slightest worry over running this, I ENCOURAGE YOU to research the executables online and open HostsCompiler.bat in a text editor and learn how it works.

Those of you wishing to schedule regular HostsCompiler runs will be interested in this excerpt from the script:

:: Synopsis:
::
::      HostsCompiler  NoPrompt
::
::      NoPrompt -  (Optional) If specified, will avert the request for confirmation.
::
::
::      Suggest scheduling this job with a command line similar to:
::
::      HostsCompiler NoPrompt >>C:\Some\Path\HostsCompiler.log 2>&1
::

Be aware that this is batch script and that altering your hosts file is a bit geeky.  It requires a little knowledge about how Windows works and the exercise of some care.  Don't use this if you don't feel comfortable with manipulating files on your computer.

Please let me know if you have any problems or suggestions about things that could be improved.  I'd love to hear your experiences with this method of enhancing security.  Mine have been good.

After running this, if you find a site you'd like to visit no longer works, there are ways to determine what the host name is and whether it's being blocked by a hosts entry - e.g., choose F12 developer tools in Internet Explorer, go to the Network tab, enable tracing, navigate in your browser, and look for a Result of (Aborted) - and you need only comment out the entry in your hosts file to restore access.

-Noel

Link to comment
Share on other sites


I've had this available on another site for a while.  There are two things it just today does better than my prior versions:

  • If you have commented out an entry in your current hosts file, because you found that it was blocked and you really wanted your system to be able to visit that site, HostsCompiler will recognize that you have done so, consider it a whitelist entry, and not create a new blacklist for that site when next it is run.
     
  • It now does a better job of interpreting your existing hosts file and keeps duplicates out of the blacklist it generates in its next run.

You will now see something like the following in the section generated by HostsCompiler:

#---------------------------------------------------------------------------------------------------

# Added by HostsCompiler.bat on Sunday, June 12, 2016, 13:50:14 from:

# "http://winhelp2002.mvps.org/hosts.txt"
# "http://www.malwaredomainlist.com/hostslist/hosts.txt"
# "http://adaway.org/hosts.txt"
# "http://someonewhocares.org/hosts/hosts"
# "http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
# "http://www.quero.at/download/adblock-hosts.zip"

# The following are whitelisted entries found commented-out in the previous hosts file.
# These are excluded from the generated blacklist.

#0.0.0.0 cdn.optimizely.com
#0.0.0.0 d3m83gvgzupli.cloudfront.net

# The generated blacklist follows. Enjoy your enhanced security!

# Note: If you want to exclude any entry from the blacklist, comment it out by placing
#       a single # character in front of it. Then name resolution for that site will
#       then be allowed and it will be excluded from future HostCompiler runs.

0.0.0.0 ___id___.c.mystat-in.net
0.0.0.0 0.r.msn.com
0.0.0.0 005.free-counter.co.uk
0.0.0.0 006.free-counter.co.uk
.
.
.

Many thanks to contributor @bphlpt for submitting his ideas and code to help implement these features.

-Noel

Edited by NoelC
Link to comment
Share on other sites

I don't know.  I'm certainly not the first to think of blocking name resolution via a managed hosts file, of that I'm sure.

Right now my hosts file, as generated by this script, has 38K+ entries in it.

This script tries to work with whatever else you have already in your hosts file, avoiding overlap and not replacing, but adding to the end.

-Noel

Link to comment
Share on other sites

Please do not fall into believing this, everyone. This is a misuse of what the Hosts file is designed for. It's not as secure as many think; it's not designed to block websites, advertisements, malware, or anything similar.

The Hosts file is designed to provide a proper redirect when and if your DNS is not updated yet for sites that have moved to new IPs/webhosts.

Do NOT try anything like this as it has a negative impact on your system and makes ANY page you access take longer to load.

Link to comment
Share on other sites

  • Tarun locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...