Hosts file

Encyclopedia : H : HO : HOS : Hosts file

---

In computing, a hosts file, stored on the computer's filesystem, is used to look up the Internet Protocol address of a device connected to a computer network. The hosts file describes a many-to-one mapping of device names to IP addresses. When accessing a device by name, the networking system will attempt to locate the name within the hosts file if it exists. Typically, this is used as a first means of locating the address of a system, before accessing the Internet domain name system. The reason for this is that the hosts file is stored on the computer itself and does not require any network access to be used, whereas DNS requires access to an external system, which is typically slower.

Location

The hosts file is generally named "hosts" and is located in the following directories for each operating system:

• Linux and other Unix-like operating systems: /etc
• Windows 95/98/Me: %windir%\
• Windows NT/2000/XP/Vista: %SystemRoot%\system32\drivers\etc\ is the default location, which may be changed. The actual directory is determined by the Registry key \HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath .
• Mac OS: System Folder:Preferences or System folder (format of the file may vary from Windows and Linux counterparts)
• Mac OS X: /private/etc (uses BSD-style hosts file)
• OS/2 and eComStation: "bootdrive":\mptn\etc\

Ad filtering

One use of the hosts file is ad filtering. This is accomplished by adding a line to the file that maps an ad server's hostname to an address that will not satisfy the browser's request for the ad. Since no additional programs are necessary to do this, hosts file based ad-blocking has a near-zero memory and CPU footprint, as well as requiring no loading time. The hostname for an advertiser may be obtained by right-clicking on the banner or advertisement, then clicking properties from the context menu. This will indicate the full URL, of which the part between the double slash and first single slash represent the hostname.

The two most common addresses used for this purpose are the 'null' address 0.0.0.0 (which may simply be written as a single '0') and the 'loopback' address 127.0.0.1. The distinction between the two is that 0.0.0.0 is an invalid destination address[link], so no connection can be established. If a name is mapped to the loopback address 127.0.0.1, any connections to the "blocked" domain will be mapped to the originating machine. If it is running a Web server, that Web server may attempt to handle the request. The ad-blocking technique may include a local web server that provides substitute images rather than 404 error messages [link], which would require the use of 127.0.0.1.

The following examples use the null address; the 127.0.0.1 would be substituted if the loopback method is to be used.

For example, this hosts file entry would block Doubleclick ads:

0.0.0.0 ad.doubleclick.net

These entries, demonstrating the short form of the null address, would block Google Adsense ads:

0       pagead.googlesyndication.com
0       pagead2.googlesyndication.com
0       adservices.google.com

Hijacking

The hosts file can also be used in malicious ways by the authors of Spyware and Viruses. It is similar to ad blocking with the hosts file, but instead of redirecting advertising servers to dummy ones, popular websites are redirected to an advertiser's server. This technique is known as Hijacking. The Qhosts Trojan hijacked many search engines such as Google and AltaVista and redirected them to a site specified by the author.

Other Malware such as Mydoom.B may just block the user from visiting sites about security and the removal of viruses. These sites included the makers of popular anti-virus software and Microsoft's Windows Update page to make the removal of the software more difficult for novice users.

Prevention of hosts file hijacking requires either routinely logging in with limited 'user' access (so malicious software has no privileges to change the hosts file, or other important things), or realtime monitoring software such as Windows Defender's "Hosts Monitor", which will warn if anything attempts to edit the hosts file. Changing the properties of the hosts file to read-only is mostly ineffective against modern hijacks as well-programmed malicious software can simply change the file's attribute value. Anti-spyware solutions like Spybot - Search & Destroy and ZoneAlarm's anti-spyware module have a feature to "lock" the hosts file. This does nothing more than set it to read-only. Another way to do this is set the permissions for the file so everyone can only read from it, although the owner and therefore malicious software running in the context of it can change the permissions in Windows and the root user can ignore the permissions in Unix.

Windows Quirks

Windows XP SP2, and perhaps other versions, appears to ignore the hosts file if the "DNS Client" service is running. One workaround is to stop the DNS Client service using the Administrative Tools/Services icon in the Windows Control Panel. To preserve this setting across reboots ensure that the service is reconfigured to start manually. It is not known whether there are better ways to workaround this quirk.

This quirk has been confirmed to apply to XP Pro x64 (v2003) SP1.

This quirk has been confirmed and does not apply to Windows Vista

Restoration of the hosts file (Windows and Linux)

When a program hijacks the hosts file, it may be necessary to restore it.

1. Identify the location of the hosts file for your operating system
2. Create a backup copy
3. Open it with a basic text editor such as Notepad or Nano
4. Remove all entries for the sites which are hijacked. Some may have been added for legitimate programs. Always be sure to back up your hosts file. MAKE SURE THIS LINE IS IN THE HOSTS FILE:

   127.0.0.1        localhost

5. Save the file
6. Restart your computer (Windows)

External links

More Information

• [Blocking ads on the Internet] with a list of ad server hostnames and IP addresses.
• [Eliminate Web Advertisements] The author describes how to combine hosts files with multiple technologies to block advertisements.
• [Eric L. Howes] contains many good links for security and hosts-file-related stuff.
• [HOSTS File Myth] The author explains his opinion on why using the hosts file to stop malware is false security.
• [SSMedia hosts file and Utilities] hosts file here, available in a weird upload, and then download what isn't there type format. Neat site.

Custom Hosts Files

• [MVPS hosts] Information on blocking ads using a HOSTS file and a free, comprehensive, updated HOSTS file download
• [The Security Now! podcast page on the hosts file]
• [Andrew Short's Hosts file project] comprehensive hosts file.
• [Bluetack HOSTS File and Manager] A massive hosts file
• [Dan Pollock's hosts file] Pretty thorough website, lots of comments, lot of work went into this as shown in his credits.
• [Hosts-pider] The largest public hosts file on the net, with over 100,000 hostnames in the blacklist and counting.
• [Mikes Ad-Blocking hosts file] available as a direct download to merge in, or as an installer.
• [SCoooBY's fav free apps] SCoooBY's AD Blocking Hosts File.
• [hpguru's Hosts file]

Applications to Manage hosts files

• [Abelhadigital's HostsMan 2.1] is a freeware application that lets you manage your hosts file.
• [Aldo's Hosts Manager 1.4] is another hosts file manager alternative, though very slim in options.
• [Funkytoad's Hoster 3.1] free application to arrange, and edit your hosts file.
• [Mike Meyer's HostsToggle 2.1] an open source hosts file tweaker
• [Ray Marron's Hostess 3.0]

 

---

From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.

Search Titles

0

1

2

3

4

5

6

7

8

9

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z

?