Hello, everyone. I'm visiting over from the Ubuntu forums, and I'd like to share a quick tutorial about blocking malicious software in any browser whatsoever.

Firefox has a great add-on called AdBlock, which blocks (you guessed it!) ads. But, not everyone uses Mozilla Firefox. This isn't really fair to the Opera users, Midori users, etc.

So, how can you block ads with these browsers? Simply use your /etc/hosts file.

The /etc/hosts file is the predecessor to modern DNS. It is a local mapping of IP address to hostname. At this time, since we more or less rely on DNS, the /etc/hosts file is probably pretty empty. You’ll likely just have something along the lines of:

So, how are you supposed to block all of the internet's advertisements if the /etc/hosts file looks like that?

Well, you're not, if it only contains that, which it likely does.

Oh well, right?

Wrong!

I have managed to find an /etc/hosts file that is 15,169 lines long, without comments.

...


That's a ton of mapped IP addresses! What the original author of the file has done is compose every bad thing he was able to find into the hosts file, and map it to 127.0.0.1. (Alternatively, you can map it to 0.0.0.0)

Do you see the genius in this?

If not, I'll explain.

When your browser is told to display an ad it needs to look up the address. The /etc/hosts file is checked before DNS, which will go on to tell it to ask the local machine. The local machine, of course, does not have that information to display, so, simply, nothing is displayed.

WHOOOOOOOOOOHOOOOOO!

And guess what? This doesn't only apply to being able to block ads, but also ad banners, 3rd party page counters, 3rd party cookies, web bugs, and even most hijackers. You’re not only blocking ads anymore, you’re simply just blocking thousands of known malicious websites.

That's right.

And this works with every browser.

So, without further ado, here is the script to end malware.

I am not the original author of this file, but it has been published under a CC-BY-SA license and I am therefore allowed to redistribute it. For more information, check out the information contained in the file.

Open up your favorite shell, and run

These commands will firstly back up your /etc/hosts file, and then wget the contents to fill the new /etc/hosts.

No restart required, you'll be ready to try it out immediately.

Enjoy your ad-free browsers. I hope that I've helped everyone!

//moderator: links judged to be good for removal even in the event of being reminded to be cautious.

My understanding is having a huge hosts file slows down address lookups since every time you enter an address, your browser has to scan through 15,000 lines before realising www.google.com isn't a dodgy address. I may be wrong on this, but that is my understanding.

I prefer privoxy - a local filtering proxy which I believe filters based on a series of regular expression-based rules rather than this brute-force approach.

To each their own, I suppose.

If you want to do the same thing without having the hosts file slowdown, dnsmasq offers similar functionality and it seems to be pretty snappy. Also, it allows you to use DNS for your LAN to boot!

For me , this is not the purpose of the host file, use firefox with plugins, or dsnmasq

Using /etc/hosts for redirecting lookups like that is a crude, pre-Junkbuster era method of dealing with things. It is crude because it is a static listing and because it only deals with domainnames. it can't parse code to resolve Javascript fun nor can it do path-based filtering. Opera, in earlier incarnations, already had the possibility of creating a "filter.ini" for regex-based exclusions built in. The current Opera-9.x allow you to fine-tune Javascript and other things on a site-by-site basis, again built in.

Networked applications that don't incorporate a resolver rely on Glibc (stub resolver) to do the resolving for them. Related to that is the nscd which caches requests to some extent. This still is likely to be far less performant than using a persistent caching nameserver like say Pdnsd. On top of that Pdnsd allows you to reload configuration files on the fly, so for instance a wee BaSH script to parse and update entries from say malwaredomains.com or malware.com.br is easily made. For blocking domainnames I use Pdnsd and Privoxy on top of that (I agree, way more versatile method) for its regex-based filtering.

I would use:
http://www.privoxy.org/

I use the host file from http://www.mvps.org/winhelp2002/hosts.txt as well as AdblockerPlus in iceweasel.

I haven't noticed any slow downs surfing the web. Screw ads and tracking cookies.

I think this is a very quick and easy way to block a lot of crap. Are there better ways? No doubt. Are they as easy as replacing one file in your system? Heck no.

FYI, the site-by-site JavaScript filtering that you mentioned in Opera unSpawn is expanded in the NoScript add-on for Firefox. It filters JavaScript, Java, Flash, and so forth on a site-by-site basis. It only works in FireFox though, and the rules are on a per-machine basis.

I like this approach because it filters your entire network in one fell swoop and would be extremely easy and fast to set up. Thanks for sharing BslBryan.

Easy yes, crude even more so. Maybe reread the reasons against using it more closely. And what makes you think I don't know about NoScript?..

I have read and understand the reasons for not using it. I still think it's very nice of the OP to post in such detail how to do it, along with a link to an appropriate hosts file. I also believe that an awful lot of people (noobs especially) would be willing (and able) to replace one file on their system to filter out crap for all the boxes being fed by the linux system no matter what browser used rather than install and configure software to do so.

Would I use this method when setting up a production box? Probably not. Would I if I were pinched for time and just needed to get something semi-effective up and going ASAP? Sure.



Maybe because you didn't mention it while devoting half of your first paragraph to such a feature present in Opera???

FYI, I view posts on here as not only helping inform the person you're directing the comment to but also the community at large. If somebody does not happen to know about NoScript and reads this thread, they will because of what I posted and I accomplished something good. You don't have to get defensive; I was merely pointing out that such functionality is easily available for FireFox, a much nicer browser than Opera IMO.

How does this pertain to "security?"

Personally I think using a hosts file is an obsolete method of doing this. There are many better ways of doing it.

If you are using a package based system, then installing privoxy is as easy as installing the package, and changing the path to the web to point to it.

The default privoxy configuration works pretty well right out of the box, and its flexibility is far, far greater than a hosts file can give you - and it doesn't slow the system down, and it can be deployed to guard an entire network.

Further, if your protection DOES give problems with a site, it is trivial in most browsers to change to a direct connect, thus bypassing privoxy, if that is necessary to deal with some specific issue. With a hosts file, you have to point to a different hosts file.

Anyone who wants to continue to defend the old-fashioned and very crude hosts file means of blocking is welcome to do so, but I am sure there are still a few people out there who think the Model A Ford was the absolute pinnacle of automotive technology, too.

A) Simply downloading and copying a single file is much quicker, easier, and less intimidating than installing software for many people.

B) I don't believe I was defending this method, only pointing out that it has it's uses. It is a good method for certain circumstances, just like everything.



My apologies for trying to thank and be appreciative to the OP for something many people may not know. I learned from him that there are hosts files out there that people have built to streamline this type of thing and am grateful to him; he allowed me to add one more tidbit of junk to my already overflowing brain to pick out at an opportune time in the future. From now on, when somebody visits from another forum to share information, I'll not say anything in response. Please, continue saying how worthless his post is and how much the method presented sucks - I'll no longer hinder your efforts to make him not want to post anything that might be helpful to somebody.

And you need to climb off your high horse.

No one said it was "worthless". Everyone said: "there is a much better and more modern way."

I'll just repeat it. "There's a much better and more modern way."

And you also - before you rant - should take the time to look at who "everyone" in this context is. To put it simply, the weight of experience on this board is all saying: "there's a much better and more modern way".

Learn, or not. Your choice. But do NOT think you will get away with misquoting or misrepresenting what we say or said.