|
Get rid of advertisement and stats ips ?
Hi,
when opening www.gmx.net and typing netstat -epaoFc | grep seamonkey, these got called : img.web.de img.ui-portal.de js.ui-portal.de 213.248.125.73 216.34.207.71 217.72.195.157 217.72.200.153 etc. (seems random) The only real ip for www.gmx.net is 217.72.204.254 (found with ping), the rest is for advertisements and statistics... I use hosts files and I enter ips manually by looking at netstat. There is a way to allow or block a range of ips, like : iptables -I INPUT -m iprange --src-range 80.230.0.0-80.255.0.0 -j DROP Do you have other tips and tricks ? /etc/hosts.deny ? Cheers |
Quote:
I use the NoScript and the Adblock Plus extensions for firefox and all is fine for me. |
I dont use firefox.
|
so you said...
Quote:
What you didn't say: to achieve what? [edit] ...I know - its in the threads title... |
I don't want to use extensions or other programs.
I will use /etc/hosts By the way : do you know range of ips I should ban ? Like dangerous ips, spamming ips etc ? |
Well, then, you have sort of limited what "tricks and tips" other people can give you.
|
Feel free to give tips.
I feel free to use what I like. What about banning a range of ips ? |
Indeed - there is no such thing as spamming IP's or dangerous IP's - and if they are (dangerous,spamming...) today - they may not be tomorrow.
It is a never ending and tedious work not to use such extensions to the browser and still get the same result. /tips |
How often do they change ?
I noticed these come often for ads : 193.93.124. TELEFUN 207.36. affinity.com 212.129.63. TELEFUN 213.248.125. Akamai 80.231.197. Verisign etc. |
In /etc/hosts make those addresses point to 127.0.0.1 as in the examples shown here: http://www.mvps.org/winhelp2002/hosts.htm
Of course, this will be a labour of love as you'll have to do it manually every time you find one. |
malware block lists..
* Dshield.org recommended block list (http://feeds.dshield.org/block.txt) * EmergingThreats rules (many contain IP addresses): (http://www.emergingthreats.net/rules/) * EmergingThreats RBN IP (http://doc.emergingthreats.net/pub/M...NetworkIPs.txt) * Spamhaus Drop List (http://www.spamhaus.org/drop/drop.lasso) http://www.adsblacklist.com/ Quite a few of the content filtering systems can block ad sites, for a minor subscription fee. Easier for me to pay them for automatic updates than to try and maintain it myself. You have Verisign in your list.. Verisign was not an advertising site last time I checked. they are a SSL Certificate provider |
For instance I blocked 80.231.197.203 (verisign), is it a stats server ?
|
http://www.verisign.com/verisign-inc/index.html - I can't believe you haven't heard of the security certificate provider Verisign.
|
If I open www.myspace.com then 80.231.197.203 among others is called.
|
...so?
Why shouldn't verisign get called? BTW: I does not get called for me - which shows that you can - by going this way - very proably easily lock out legitimate sites and create problems instead of solving...what exactly? (never mind - don't answer that) |
jomen
How do you know which site is legitimate or not ? I never noticed any prob by blocking it : which problems are you talking about ? |
The problem that you can't know for sure wheter a site is "legitimate" or not.
How do you make this decision? The problem that you may block sites you actually need for things to work properly. The problem that an IP can be reassigned from one you dislike today to one you actually want tomorrow. ... |
You already wrote that before and that doesnt help solve the problem, but thanks anyway.
|
You're welcome.
I (and others) suggested things to help solve your problem. Mine does not help? So be it... I see a problem you don't (want to?) see. Thats fine with me - have fun! |
I am interested in that subject because I like a faster browsing, without ads, and also without spying sites or cookies.
For example in /etc/hosts, first I block all then I test manually and I unblock what is needed etc. |
o.k.
What you describe is the "hard way" for me - as opposed to the easy way of AdBlock/FlashBlock/NoScript browser extensions, possibly combined with allowing javascript and cookies only after being asked for permission and deleting them automatically when the browser is closed. If you initially block everything and allow it only once something does not work - you have a lot of work ahead of you. The problem however remains - you need to look at something to determine if this will make work what did not because of the block - and then: how do you know that this is not "evil" to you? And what is or seems evil today can be totally different or neccesary tomorrow. A big hassle and a lot of work - to me. I will refrain from further comments - and hope you get the advice you need. |
Why you would want to manually create your own list that you have to test and verify and guess at instead of taking advantage of the work done by others is beyond me.. You will spend a far greater amount of time working on your list, adding to it, verifying the sites are good or bad then you will lose by just letting the ad's load on a page. Yes it cost you LESS to view those ads, than to spend your time creating a block list of tens of thousands of sites to block..
I think if you did a poll you would find many many people here running Adblock Plus and NoScript as default plugins for Firefox. I'm with jomen on this one for sure. Have fun !! |
I don't run adblock but I do run noscript - it is great.
I run privoxy for system-level blocking. Works with konqueror and anything else too. |
To the topic starter: don't be paranoid. :) My /etc/hosts file is now around 2.1 MB large and still there are unblocked sites left. If you are interested in I can send it to you or upload it on my server. But remember that this is *my* block list. My internal IP is 192.168.1.17 where I have running a web server for URL analysis and development.
|
If you're trying to browse faster, it seems like you're trying to save time. How much time are you really saving by manually editing your hosts file constantly? I'd posit that you are actually wasting more time than you save, therefor defeating the purpose.
Doing this stuff with browser plug-ins will save you a ton of time and hassle. Why you would want to do it manually is beyond comprehension. |
Just as an addition. :)
|
also it you happen to have a windows xp machine .Install "spy bot search and destroy" . It has it's own list it adds to the windows host file , just copy it,the host file, to Linux .
P.S. both the SBSD and the one from http://www.mvps.org/winhelp2002/hosts.htm will crash FireFox/seamonkey on fedora |
I also got my selfmade hosts file at http://linuxcbon.over-blog.com/article-2661230.html But that is work in progress.
Related question : Do you know tools to track/trace http or network requests ? This is to check what goes out and in. There is netstat, which options do you use ? |
there is " snort " http://www.snort.org/
|
I have written a small set of shell and PHP scripts to handle adding hosts/domains very easy. I will upload them to my server within the next days.
|
I did the experience without hosts or firewall :
Before opening a web site, type # netstat -tc You will see many Code:
Active Internet connections (w/o servers)Then open gmx.net, you will see many sites called Code:
img.ui-portal.de:www |
@linuxcbon: I moved your thread to the Networking forum since it's not really related to Linux Security.
Quote:
Quote:
On a personal note blocking ads and trackers is a Sisyphus task. Using /etc/hosts for that is reminiscent of one having used Mcrsft prdcts. I vaguely remember posting a list way back, but let's see if I can collate what's said plus add some of my own. One important thing to understand is that whitelisting IP addresses or ranges often makes no sense. It is crude. With virtual hosting an IP address does not equal one website but possibly many. Besides that what do you do when ads reside on the same site in a path?... Bottom (system) to top (user): 0. Block general access to ports like HTTPS in conjunction with whitelisting those sites you explicitly allow it for in your firewall. 1. Instead of /etc/hosts enable the 'nscd' service and use a caching DNS server like Pdns. That will speed up lookups, allow you to block IP addresses and allows you to block similarly to /etc/hosts but easier. While malware is a threat most often associated with using mcrsft products I have a script that will convert malware.com.br / malwaredomains.com type of blocklists into includes that pdnsd can handle. 2. The most important addition at this level and offered before is using Privoxy. Simply because it is mature (evolved from Junkbuster), is actively maintained, comes with (restrictive) configuration files you can change easily, blocks by hostname and regex (/some/path/ads.cgi.*), can disable or "transform" page elements etc, etc. Like with Pdnsd it's versatile in that it can accept custom config files, a script that will convert malware.com.br blocklists to something usable is easy to make. There's some sites that host Privoxy blocklists you might want to look at. 3. Basically the user level centers around browser sanity: disabling or regulating HTTPS, media plugins, Java, javascript and cookies on a site by site basis. Opera comes with built-in blocking for Java, plugins, Javascript and cookies and built-in filtering capabilities, all of which can be enabled on a site by site basis. Firefox does not but has plugins like NoScript to mitigate. Other browsers may or may not be maintained as intensively as those two and so using them might expose you to all sorts of problems or risks. 4. Educate yourself. If privacy is your focus then you should have a basic understanding of markup languages. Also do read sites that deal with privacy issues and those that deal with like tricking browsers into Doing Things. You're entitled to your own opinion. And you're received a lot of contributions people find useful in general. Saying "I do not use Firefox" doesn't cut it in my book. Saying "I do not use Firefox because Opera's built-in Javascript filtering works better" might be disputable but at least people know you know you have given things some thought. Anyone who has been working with filtering solutions would recognise Privoxy as the single most efficient way of blocking things w/o major trade-off wrt performance. Dismissing things without good reasoning only shows you haven't given it thought properly or you don't know what solutions look like ;-p |
I don't follow advice because I experiment and learn by doing.
That 443 trick is mean and I need https for my emails. Plus the fact that ips cannot be blocked by /etc/hosts I need to read about dns servers and proxies. I used privoxy before but I looked for something simpler. Now time for me to experiment. Cheers. |
Quote:
Quote:
Quote:
|
New experiment :)
I tried TCPDUMP When no connection ongoing and no /etc/hosts file, I do Code:
tcpdump -w output.txtWhen page is fully loaded, I type CTRL C I got Code:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 68 bytesCode:
# tcpdump -r output.txt | morewww.gmx.net --> MAIN SITE img.ui-portal.de --> DESIGN js.ui-portal.de --> DESIGN adclient.uimserv.net --> ADS pixelbox.uimserv.net --> ADS gmx.ivwbox.de --> ADS img.web.de --> ADS fips.uimserv.net --> ADS I update the hosts file with ads entries, I got : Code:
# tcpdump -w output.txtAnother nice tool to check connections :) |
There is a online tool which shows all connections :
http://performance.webpagetest.org:8080/ It's easy to use and useful ! |
See that page for results :
http://performance.webpagetest.org:8080/result/9AG/1/details/ |
| All times are GMT -5. The time now is 02:49 AM. |