Host file help

[stephens316]

The "hosts" file is a plain text file that can contain overrides to DNS. In it you can hard-code the IP addresses that domain names will map to. Normally, it's not used at all, but it's a great opportunity to block access to domains you don't want accidental access to.

The hosts file is typically found in "c:\windows\system32\drivers\etc\hosts". You may need to change the file's read-only attribute so that you can make changes. Open it in notepad.

You should notice an entry like this:

127.0.0.1 localhost

That defines the IP address of "localhost" to be 127.0.0.1, which by definition is your own machine.

To block a site, just add a similar entry to the end of the file. For example:

127.0.0.1 www.yahoo.com

Reboot the computer after saving the file.

Now "www.yahoo.com" is mapped to your machine. Since you're probably not running a web server, any attempt to visit that site using a browser will fail. In fact, ANY attempt to use "www.yahoo.com" will get redirected to your own machine, and will typically fail.

If you change the ip address to one of you intranet sites instead they will be redirected there this works for blocking like one or two sites so user can not check their email

The only caveat is that addresses are often cached by the software. That means you may need to exit all instances of your browser, for example, before the blockage becomes apparent. In the worst case, reboot, and it should take effect.

By the way, if you open the hosts file and find a long list of what look like anti-virus site domains, you've been infected by a virus, and probably want to scan as soon as possible. And feel free to delete those entries from the file.

[cluberti]

While good info, this should be located in the "Networks and the Internet" portion of the boards.

[Tarun]

Blocking sites with the Hosts file is not what it is actually meant for. It's also unfortunate that the Hosts file is not a safe method of blocking malicious websites, as malware can very easily edit all of the Hosts.

[Deman]

Open question,

How intelligent is malware these days, in that if you set the hosts file to be readonly would it be smart enough to change the permissions or would it simply just attempt and fail?

[cluberti]

It's better to set a proxy.pac file in your autoconfiguration address in IE, and mark that file as read-only. This is a much better method of preventing spyware and such than using the (very easily bypassed) hosts file, and although it does require some knowledge of javascript to make a working .pac file, is much more powerful and configurable. Take this very good (and updated rather frequently) example of how a proxy .pac file can do... things .

[Tarun]

Open question,

How intelligent is malware these days, in that if you set the hosts file to be readonly would it be smart enough to change the permissions or would it simply just attempt and fail?

It's a very simple command that can be run in a command prompt or any program can change them. HijackThis, Spybot S&D, RogueRemover Pro; many applications can. HijackThis and RogueRemover are made in Visual Basic, a very easy programming language and Spybot is made with Delphi. So anything can change attributes.

It's better to set a proxy.pac file in your autoconfiguration address in IE, and mark that file as read-only. This is a much better method of preventing spyware and such than using the (very easily bypassed) hosts file, and although it does require some knowledge of javascript to make a working .pac file, is much more powerful and configurable. Take this very good (and updated rather frequently) example of how a proxy .pac file can do... things .

That link is awesome cluberti! Thanks for posting it.

A common mistake that so many do is disable their DNS Client service. What's worse is so many "malware prevention" websites recommend this if you use their Hosts file.

[stephens316]

Ok that was not my intention of blocking malware but to actually redirect people from using web base email ex gmail at work in a domain evn but not having access to change the group policy while i am an admin i can not edit the group policy so i found this trick to edit the host file you use for 74.52.164.35 mail.google.com in th hosts file it will redirect you to the MSFN webpage when you try to go to google mail. instead you go to MSFN website you can change the ip addy to your works website.

[cluberti]

Right, but using a .pac file you can block people from going to sites as well, or redirect, or any number of things. You can use the hosts file, and this is just a different way to do such a thing (amongst others, of course, but it is one of the features of .pac files).