LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Closed Thread
 
Search this Thread
Old 05-28-2009, 02:19 PM   #1
BslBryan
LQ Newbie
 
Registered: May 2009
Distribution: Ubuntu
Posts: 3

Rep: Reputation: 1
How To: Block All Internet Ads in Any Web Browser


Hello, everyone. I'm visiting over from the Ubuntu forums, and I'd like to share a quick tutorial about blocking malicious software in any browser whatsoever.

Firefox has a great add-on called AdBlock, which blocks (you guessed it!) ads. But, not everyone uses Mozilla Firefox. This isn't really fair to the Opera users, Midori users, etc.

So, how can you block ads with these browsers? Simply use your /etc/hosts file.

The /etc/hosts file is the predecessor to modern DNS. It is a local mapping of IP address to hostname. At this time, since we more or less rely on DNS, the /etc/hosts file is probably pretty empty. You’ll likely just have something along the lines of:

Code:
127.0.0.1 localhost hostname
So, how are you supposed to block all of the internet's advertisements if the /etc/hosts file looks like that?

Well, you're not, if it only contains that, which it likely does.

Oh well, right?

Wrong!

I have managed to find an /etc/hosts file that is 15,169 lines long, without comments.

...


That's a ton of mapped IP addresses! What the original author of the file has done is compose every bad thing he was able to find into the hosts file, and map it to 127.0.0.1. (Alternatively, you can map it to 0.0.0.0)

Do you see the genius in this?

If not, I'll explain.

When your browser is told to display an ad it needs to look up the address. The /etc/hosts file is checked before DNS, which will go on to tell it to ask the local machine. The local machine, of course, does not have that information to display, so, simply, nothing is displayed.

WHOOOOOOOOOOHOOOOOO!

And guess what? This doesn't only apply to being able to block ads, but also ad banners, 3rd party page counters, 3rd party cookies, web bugs, and even most hijackers. You’re not only blocking ads anymore, you’re simply just blocking thousands of known malicious websites.

That's right.

And this works with every browser.

So, without further ado, here is the script to end malware.

I am not the original author of this file, but it has been published under a CC-BY-SA license and I am therefore allowed to redistribute it. For more information, check out the information contained in the file.

Open up your favorite shell, and run

Code:
sudo mv /etc/hosts /etc/hosts.orig
sudo wget -c http:// [MODERATED] -O /etc/hosts
These commands will firstly back up your /etc/hosts file, and then wget the contents to fill the new /etc/hosts.

No restart required, you'll be ready to try it out immediately.

Enjoy your ad-free browsers. I hope that I've helped everyone!

//moderator: links judged to be good for removal even in the event of being reminded to be cautious.

Last edited by unSpawn; 06-02-2009 at 12:59 PM. Reason: Quick Change to Tutorial
 
Old 05-28-2009, 02:42 PM   #2
pwc101
Senior Member
 
Registered: Oct 2005
Location: UK
Distribution: Slackware
Posts: 1,847

Rep: Reputation: 128Reputation: 128
My understanding is having a huge hosts file slows down address lookups since every time you enter an address, your browser has to scan through 15,000 lines before realising www.google.com isn't a dodgy address. I may be wrong on this, but that is my understanding.

I prefer privoxy - a local filtering proxy which I believe filters based on a series of regular expression-based rules rather than this brute-force approach.

To each their own, I suppose.
 
Old 05-28-2009, 03:28 PM   #3
verdeboy2k
Member
 
Registered: Jan 2004
Location: /dev/random
Distribution: Gentoo amd64, CrunchBang amd64
Posts: 350

Rep: Reputation: 32
If you want to do the same thing without having the hosts file slowdown, dnsmasq offers similar functionality and it seems to be pretty snappy. Also, it allows you to use DNS for your LAN to boot!
 
Old 05-28-2009, 04:16 PM   #4
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,499

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
For me , this is not the purpose of the host file, use firefox with plugins, or dsnmasq

Last edited by repo; 05-28-2009 at 04:18 PM.
 
Old 05-28-2009, 04:35 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,139
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Using /etc/hosts for redirecting lookups like that is a crude, pre-Junkbuster era method of dealing with things. It is crude because it is a static listing and because it only deals with domainnames. it can't parse code to resolve Javascript fun nor can it do path-based filtering. Opera, in earlier incarnations, already had the possibility of creating a "filter.ini" for regex-based exclusions built in. The current Opera-9.x allow you to fine-tune Javascript and other things on a site-by-site basis, again built in.

Networked applications that don't incorporate a resolver rely on Glibc (stub resolver) to do the resolving for them. Related to that is the nscd which caches requests to some extent. This still is likely to be far less performant than using a persistent caching nameserver like say Pdnsd. On top of that Pdnsd allows you to reload configuration files on the fly, so for instance a wee BaSH script to parse and update entries from say malwaredomains.com or malware.com.br is easily made. For blocking domainnames I use Pdnsd and Privoxy on top of that (I agree, way more versatile method) for its regex-based filtering.
 
Old 05-29-2009, 03:35 AM   #6
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
I would use:
http://www.privoxy.org/
 
Old 05-29-2009, 04:44 AM   #7
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,732
Blog Entries: 12

Rep: Reputation: 456Reputation: 456Reputation: 456Reputation: 456Reputation: 456
I use the host file from http://www.mvps.org/winhelp2002/hosts.txt as well as AdblockerPlus in iceweasel.

I haven't noticed any slow downs surfing the web. Screw ads and tracking cookies.
 
Old 06-01-2009, 06:48 PM   #8
Ruler2112
Member
 
Registered: Oct 2004
Location: Michigan, US
Distribution: Redhat 7.3, 9.0; Slackware 10, 10.1, 10.2, 11; FreeBSD 7.0; KnoppMyth 5.5
Posts: 125

Rep: Reputation: 16
I think this is a very quick and easy way to block a lot of crap. Are there better ways? No doubt. Are they as easy as replacing one file in your system? Heck no.

FYI, the site-by-site JavaScript filtering that you mentioned in Opera unSpawn is expanded in the NoScript add-on for Firefox. It filters JavaScript, Java, Flash, and so forth on a site-by-site basis. It only works in FireFox though, and the rules are on a per-machine basis.

I like this approach because it filters your entire network in one fell swoop and would be extremely easy and fast to set up. Thanks for sharing BslBryan.
 
Old 06-01-2009, 07:35 PM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,139
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Quote:
Originally Posted by Ruler2112 View Post
I think this is a very quick and easy way to block a lot of crap. Are there better ways? No doubt. Are they as easy as replacing one file in your system? Heck no.
Easy yes, crude even more so. Maybe reread the reasons against using it more closely. And what makes you think I don't know about NoScript?..
 
Old 06-02-2009, 12:11 PM   #10
Ruler2112
Member
 
Registered: Oct 2004
Location: Michigan, US
Distribution: Redhat 7.3, 9.0; Slackware 10, 10.1, 10.2, 11; FreeBSD 7.0; KnoppMyth 5.5
Posts: 125

Rep: Reputation: 16
Quote:
Originally Posted by unSpawn View Post
Easy yes, crude even more so. Maybe reread the reasons against using it more closely.
I have read and understand the reasons for not using it. I still think it's very nice of the OP to post in such detail how to do it, along with a link to an appropriate hosts file. I also believe that an awful lot of people (noobs especially) would be willing (and able) to replace one file on their system to filter out crap for all the boxes being fed by the linux system no matter what browser used rather than install and configure software to do so.

Would I use this method when setting up a production box? Probably not. Would I if I were pinched for time and just needed to get something semi-effective up and going ASAP? Sure.



Quote:
Originally Posted by unSpawn View Post
And what makes you think I don't know about NoScript?..
Maybe because you didn't mention it while devoting half of your first paragraph to such a feature present in Opera???

FYI, I view posts on here as not only helping inform the person you're directing the comment to but also the community at large. If somebody does not happen to know about NoScript and reads this thread, they will because of what I posted and I accomplished something good. You don't have to get defensive; I was merely pointing out that such functionality is easily available for FireFox, a much nicer browser than Opera IMO.
 
Old 06-02-2009, 02:42 PM   #11
mlnutt
Member
 
Registered: May 2006
Posts: 34

Rep: Reputation: 15
How does this pertain to "security?"
 
Old 06-02-2009, 03:07 PM   #12
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Personally I think using a hosts file is an obsolete method of doing this. There are many better ways of doing it.
 
Old 06-02-2009, 04:15 PM   #13
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
Quote:
Originally Posted by Ruler2112 View Post
I think this is a very quick and easy way to block a lot of crap. Are there better ways? No doubt. Are they as easy as replacing one file in your system? Heck no.

FYI, the site-by-site JavaScript filtering that you mentioned in Opera unSpawn is expanded in the NoScript add-on for Firefox. It filters JavaScript, Java, Flash, and so forth on a site-by-site basis. It only works in FireFox though, and the rules are on a per-machine basis.

I like this approach because it filters your entire network in one fell swoop and would be extremely easy and fast to set up. Thanks for sharing BslBryan.
If you are using a package based system, then installing privoxy is as easy as installing the package, and changing the path to the web to point to it.

The default privoxy configuration works pretty well right out of the box, and its flexibility is far, far greater than a hosts file can give you - and it doesn't slow the system down, and it can be deployed to guard an entire network.

Further, if your protection DOES give problems with a site, it is trivial in most browsers to change to a direct connect, thus bypassing privoxy, if that is necessary to deal with some specific issue. With a hosts file, you have to point to a different hosts file.

Anyone who wants to continue to defend the old-fashioned and very crude hosts file means of blocking is welcome to do so, but I am sure there are still a few people out there who think the Model A Ford was the absolute pinnacle of automotive technology, too.
 
Old 06-02-2009, 04:45 PM   #14
Ruler2112
Member
 
Registered: Oct 2004
Location: Michigan, US
Distribution: Redhat 7.3, 9.0; Slackware 10, 10.1, 10.2, 11; FreeBSD 7.0; KnoppMyth 5.5
Posts: 125

Rep: Reputation: 16
Quote:
Originally Posted by jiml8 View Post
If you are using a package based system, then installing privoxy is as easy as installing the package, and changing the path to the web to point to it.

...

Anyone who wants to continue to defend the old-fashioned and very crude hosts file means of blocking is welcome to do so, but I am sure there are still a few people out there who think the Model A Ford was the absolute pinnacle of automotive technology, too.
A) Simply downloading and copying a single file is much quicker, easier, and less intimidating than installing software for many people.

B) I don't believe I was defending this method, only pointing out that it has it's uses. It is a good method for certain circumstances, just like everything.



My apologies for trying to thank and be appreciative to the OP for something many people may not know. I learned from him that there are hosts files out there that people have built to streamline this type of thing and am grateful to him; he allowed me to add one more tidbit of junk to my already overflowing brain to pick out at an opportune time in the future. From now on, when somebody visits from another forum to share information, I'll not say anything in response. Please, continue saying how worthless his post is and how much the method presented sucks - I'll no longer hinder your efforts to make him not want to post anything that might be helpful to somebody.
 
Old 06-02-2009, 05:06 PM   #15
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
Quote:
My apologies for trying to thank and be appreciative to the OP for something many people may not know. I learned from him that there are hosts files out there that people have built to streamline this type of thing and am grateful to him; he allowed me to add one more tidbit of junk to my already overflowing brain to pick out at an opportune time in the future. From now on, when somebody visits from another forum to share information, I'll not say anything in response. Please, continue saying how worthless his post is and how much the method presented sucks - I'll no longer hinder your efforts to make him not want to post anything that might be helpful to somebody.
And you need to climb off your high horse.

No one said it was "worthless". Everyone said: "there is a much better and more modern way."

I'll just repeat it. "There's a much better and more modern way."

And you also - before you rant - should take the time to look at who "everyone" in this context is. To put it simply, the weight of experience on this board is all saying: "there's a much better and more modern way".

Learn, or not. Your choice. But do NOT think you will get away with misquoting or misrepresenting what we say or said.
 
  


Closed Thread

Tags
advertising, block, dont_use_a_hosts_file, firefox, localhost, tutorials, ubuntu, websites


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux: Which internet/web browser do you use and favour ? frenchn00b General 33 11-08-2008 04:59 AM
Unable to access internet thru web browser corbis_demon General 3 10-22-2006 04:46 AM
Internet connection problem, able to ping but unable to get web page in browser rajnishmishra Linux - Networking 13 07-15-2004 12:54 AM
Emptying Internet cache under Konqueror web browser piggysmile Linux - Software 2 05-25-2004 04:31 AM


All times are GMT -5. The time now is 08:19 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration