Frequently Asked Questions
Important Notice for Windows 2000 users:
Those of you who use Windows 2000 and use the very large version of the Hosts file may experience system slowdowns and slow connections. Most often, this is noticed by those with dialup connections, but may occur with broadband connections as well. To fix this problem, please read these instructions.
I was fed up with advertisers tracking people's movements without their knowledge or consent. I do not have a philosophical problem with ads on the Internet being used to generate revenue, but I do have a problem with covert information gathering used to display ads.
Advertisements on the web, in my opinion, should follow the magazine ad model. In a magazine, ads are shown that relate to the subject matter of the magazine. This does not require the advertisers to secretly gather information in order to display ads that should interest the reader. The same model can and should be used on the Internet. Advertisers should display their ads on sites that relate to the content of the ads. This way, they still reach the audience they want to reach without invading that audience's privacy.
The inspiration for this site came from reading the OptOut newsgroup on GRC's servers. A fellow by the name of Bruce brought up the Hosts file as a method for blocking ads. Stephen Martin then posted a list of servers to be blocked using the Hosts file. This generated a lot of "how-to" questions, and so my site was born. My site attempts to make using the Hosts file painless and simple to implement.
My site was designed in order to help people. You may link to my site or tell anyone you wish about my site. I ask that you do not copy any material from my site in any form (except to print a copy of the instructions for your personal, non-profit use), but you may most certainly tell people to come here to find the information they are looking for. The only things you may copy from my site, unless you obtain permission from me, are the example "Hosts.txt" or "Hosts" files to use as a Hosts file on your own computer, and the freely available eDexter program. All material is copyrighted by Stuart Hanzlik, the author of this site. (and in the case of eDexter, eDexterJavaDog, and DNSKong, by Pyrenean)
eDexter, eDexterJavaDog, and DNSKong may only be downloaded for use on your computer and may not be distributed in any other fashion. If others wish to use eDexter, they may download it from this site only, and may not distribute it themselves. The author of eDexter, eDexterJavaDog, and DNSKong, Pyrenean, retains all distribution rights and has allowed this site to distribute the programs. Requests for other distribution methods may go to him. Any other copyright/material use questions should be mailed to the author of this site.
In most cases, yes. Some people have found "0.0.0.0" to be faster in blocking ads than "127.0.0.1" I have not seen this personally, but I use Windows 2000 and an ADSL connection, so it may well work for the majority of people.
with using "0.0.0.0" is that it may cause problems using any kind of proxy
server, such as CookieCop
Plus or WebWasher. For this reason,
I do not currently use "0.0.0.0" in my Hosts file, but you may try it and
see if it works for you. You can do this by opening the Hosts file in Notepad,
and go to edit: replace (or press
Note: older versions of Notepad may not include the replace feature, and so you would need to use a different text editor. If notepad can not open the file because of size limitations, or if the replace feature is not there, then I suggest you download and try Editpad.
I recommend you backup your current Hosts file before making any changes to it though.
Check your Hosts file for bad entries. You can do this by opening it using Notepad. When you open the file, look for any entries that match the site you want to see. For instance, if there is an entry for www.yahoo.com and you want to go there, then you will need to edit that line of the Hosts file. You may either remove that one line entirely, or simply place a # at the beginning of the line.
The best thing to do if you are not sure which site to remove from your Hosts file is to put a # in front of the questionable line(s). That way, the computer will skip that line and ignore it. If you can now access the site that was blocked, then you have removed the right server from the Hosts list. If not, remove the # from the beginning of the line and try a different one.
The best thing about using the # is that if you find that you didn't do that to the right line, you can simply remove it and you Hosts file will be back to normal. If you remove the line entirely, then you would have to either write it down and type it back in later, or start completely over again. So - use the # for testing!
Absolutely. The Hosts file is a great complement to other programs, such as CookieCop Plus or WebWasher. The Hosts file will work with any program that uses the web, and usually will not cause problems when implemented using the method and example file on my site. The main thing to be concerned with is that you don't block a site in Hosts that you want to access with another program. Also, if you use a proxy like CC Plus or WebWasher, then make sure you don't remove any entries they have made into the Hosts file.
Some proxy servers can not be bypassed, unfortunately, and will not work with the Hosts file properly according to Microsoft. This is because of a bug in the programming of the way Hosts is handled by Windows. The work around for this is to add all the entries from your Hosts file into the exclusions section of your proxy settings in Internet Explorer. This would be very time consuming, and is not recommended. The other thing you can do is visit the GRC FAQ site and read the information about "nasties.reg." You can use this file to add many add servers to your Restricted Zone in IE, and if you do so you can then block cookies using the Restricted Zones settings and that will stop tracking from those servers. If you use Netscape, I don't currently have such a procedure available, because it does not use restricted zones.
Here is a link to Microsoft's Knowledge Base article on the problem.
Also, here is a link to a page by Bruce, which will force Windows to perform DNS lookup with Hosts before it consults anything else. This may solve the external proxy server problem.
First, make sure you save "hosts.txt" in your c:\windows directory for Windows 95/98/Me, or c:\winnt\system32\drivers\etc\ for Windows NT/2000/XP Pro. Windows XP Home may use c:\windows\system32\drivers\etc\ . Then, open your start menu and open the DOS prompt. Type in the following two bold lines followed by enter after each one:
(use these two for Windows 95/98/Me)
rename hosts.txt hosts
(or use these two for Windows NT/2000/XP Pro)
rename hosts.txt hosts
(or use these two for Windows XP Home)
rename hosts.txt hosts
(you may then close the DOS Prompt and you will be done renaming the file)
There are a wide variety of reasons that all ads are not blocked by the Hosts file. First of all, not all of the ad servers are in the Hosts file. Any ad server not in the Hosts file can not be blocked. Secondly, if the ads come from the same server as the web pages you want to see, then you can not block them using the Hosts file. (I would recommend something like WebWasher if you want even more ads blocked, but be aware that running a program to do this will use extra memory and processor power from your computer, and the Hosts file does not.) Third, if an ad comes from a site that only uses a numeric IP address, it can not be blocked using Hosts. This is because Hosts needs a name to block a site, and not just an IP address. Finally, there could be some other reasons that the ads aren't being blocked - but rest assured that many, many ads are blocked by the Hosts file, and it does not cost you a thing to use it.
eDexter is a personal HTTP (like the web) server. This means that it runs entirely on your computer and can interact with your web browser. It does this so that it can put images of its own in the place of the blocked advertisements. You would want to do this so that you do not see annoying empty white boxes with x's or something like that in them.
eDexter works by acting as a personal HTTP server. The process (slightly simplified for clarity) that it follows is like this:
An ad server is blocked by the Hosts file and redirected to the 127.0.0.1 IP address of your computer.
The browser still wants to put something in the ad's place, so it asks 127.0.0.1 for the ad.
eDexter sits on 127.0.0.1 as the personal web server and takes the request for the ad from the browser.
eDexter then pretends the request was for one of its own gif files.
The appropriate HTML headers are made by eDexter to make the browser think it will get the ad.
The gif file is opened by eDexter, and then sent to the browser. (eDexter is telling the browser "here is the file you asked for."
The browser then puts the gif from eDexter where the ad would have been, and nothing is ever downloaded from the Internet.
If for some reason there are no gif files in the eDexter directory, eDexter will send a "404 Lost Dog" error message to your browser.
At this time, no known vulnerabilities exist. eDexter is a personal web server, and does not understand any kind of scripting (such as CGI or ActiveX), so that eDexter can not be used to get into your computer. The only thing eDexter understands is to send pictures to a request for information. So, if a "hacker" tries to talk to eDexter, eDexter will only send a picture back as a response. It won't do anything else or execute any remote commands. Basically, all the "hacker" would get is a message to "Feed the dog," or a "woof," or another of eDexter's pictures. There are no security issues with eDexter at this time at all.
If you have a firewall on your computer, you may block port 80 outbound, and this will keep anybody from ever knowing that eDexter is even running. I recommend that everyone run a personal firewall even if they do not use eDexter to keep your system and data safe. You can read about them here.
This question is a couple months old. There have since been several new versions of eDexter. The current version is wonderful and likely does not need any updating.
Akamai servers sometimes are needed to view some sites normally. Akamai is in the business of providing content and streaming media to websites so that the website does not need to store the data internally. In other words, Akamai acts as a cache for web content in some respects. This means that blocking them will prevent normal access to some sites, because those sites will not be able to load the content they need from the Akamai site. The Hosts file I have on this site comes with the Akamai servers listed, but not blocked. They are not blocked because they have the # symbol at the beginning of the line. If you wish to block them, simply open your Hosts file from Notepad, and scroll down to the Akamai section. You may then remove the # from the start of each line and the servers will then be blocked. To unblock them again if you have trouble, simply put all the # symbols you removed back into place.
They are there so that you may easily tell which firm's ads you are blocking with each entry. This way, if you want to unblock all of an ad firm's sites, you may do so by putting a # symbol in front of each of its servers. Having the servers broken into company groups makes it easier for you to determine which servers you wish to block and which ones you don't, if you want to decide for yourself.
You can try downloading Editpad from JGSoft, or use another text editor without the size limitation.
You can use all three without any trouble. Here is a somewhat simplified but lengthy explanation: Your browser will ask the hosts file how to find a www address when you type one in and want to go there. If hosts knows, it will then go there or block the site, depending on how you set it up. If you have a site blocked, your browser asks the localhost (127.0.0.1) address for the information. This will bring eDexter into action. eDexter will pretend to be the blocked server and respond to your browser - but all it will do is send an image and nothing else. That doesn't matter, as your browser will think it talked to the blocked server and go on loading the rest of the page. In this scenario, neither WebWasher nor the web will be accessed at all. You do need to be sure you check the box "bypass proxy server for local addresses" in your browser options though.
If you have not blocked the www address you are trying to go to with hosts, then your browser will send its request for the page through WebWasher (thus the term proxy) to find the page. WebWasher will then talk to the server and get all the info, but will filter it according to your settings. In this scenario, eDexter will not be accessed at all, while the web will.
On a page that loads from multiple servers, the situation is still the same - the blocked servers go from the browser through hosts and eDexter, while the unblocked servers go from the browser through hosts and WebWasher.
So, there should not be any problems with all three on your system, because your browser talks to eDexter and WW separately, while WW and eDexter never have to talk to each other. And Hosts is built into Windows as a standard feature, so it will not interfere with anything either.
The Hosts.sam file is a sample Hosts file that comes with Windows. You should simply leave it where it is and not attempt to modify it. The Hosts file will work fine even with the Hosts.sam file in the same directory.
LMHosts is for use with LAN's (local area networks) and does not concern us for use over the Internet. You should leave any LMHosts files that you find alone and not modify them. An LMHosts.sam file is a sample LMHosts file and you do not need to worry about it either. It is there to help you build a LMHosts file should you need one. (hint - you'll know if you need make one, so if you don't know then you probably don't need one! So just leave all LMHosts files the way they are on your computer)
First, you should try using "127.0.0.1 localhost" at the top of your hosts file. If that doesn't work, try converting the entire Hosts file from 0.0.0.0 to the 127.0.0.1 format.
Those of you who use Windows 2000/XP Pro and use the very large version of the Hosts file may experience system slowdowns and slow connections. Most often, this is noticed by those with dialup connections, but may occur with broadband connections as well.
Windows 2000/XP Pro also includes a service known as the DNS cache. You can locate it in your services listed as "DNS Client". To use Hosts or DNSKong you may need to stop and disable this service. Some machines seem to run Hosts without disabling this service. It is safe to turn it off and disable it. You will likely never notice it is gone. As far as I can tell, no other Windows operating system offers such a service. - PyreneanIf you use DNSKong, please read these instructions.
The Hosts file must be saved by a user with administrator-level access. Only administrator-level accounts can save the file in the proper Hosts directory under Windows 2000, which is "c:\winnt\system32\drivers\etc\".
Please visit this well-done page by Bruce. It will explain how to force Windows to use the Hosts file for DNS lookup before your ISP's proxy server or anything else is used. This may also allow those who previously could not use the Hosts file for unexplained reasons to successfully begin using it.
The easiest thing to do when you have a recurring problem accessing a site is to temporarily disable the hosts file by dragging it from your c:\windows folder to your desktop. You should restart your browser and may have to reboot depending on your version of Windows.
If the site works with Hosts removed, you know that hosts was causing the problem. If not, then hosts wasn't the problem. To get hosts working again, just drag it back from your desktop to your c:\windows folder (c:\winnt\system32\drivers\etc\ for Windows NT/2000/XP Pro or c:\windows\system32\drivers\etc\ for Windows XP Home).
To search for an offending entry in hosts, you can open hosts with a text editor and use the menu command "find" to search for words that are related to the site you are viewing (such as "yahoo" if you can't access a Yahoo! site). If you find entries like that, simply place a # symbol at the beginning of the line and save the file. Restart your browser and/or reboot your computer. If you can access the site with hosts still in your c:\windows directory (c:\winnt\system32\drivers\etc\ for Windows NT/2000/XP Pro or c:\windows\system32\drivers\etc\ for Windows XP Home), then you have solved the problem.
If not, you may have to view the source of the webpage you are trying to view. You may do this in your browser by finding the menu command for view page source. Once in the page source, search for parts with http:// in front of them and note what servers they go to. You may then search your hosts file for matching servers and remove them by putting a # in front of their line or deleting their line entirely.
A common culprit is the Akamai servers. Many, many sites use them and I would not recommend that most people block them. There are many Akamai servers in some versions of the hosts file, and so I would suggest deleting them all rather than trying to put a # in front of each one.
Please visit this page on Pyrenean's website.
Yes, Willem has put together a good example DNSKong filter list for named.txt, which is based upon the Hosts file from Stephen Martin's website. You can get it here.
Try entering something like www.pyrenean.com
One note, Windows will cache the DNS resolution of sites you have been to since your computer was started (but only for a set period of time - 30 minutes or so, I think), so if you have been to www.pyrenean.com already, you may need to reboot your computer for this to take effect and clear the cache.
When done with the test, remove www.pyrenean.com from your named.txt and reload your filters and browser. (After all, Pyrenean wrote this great program, so you wouldn't want to block his website!)
Bruce outlines one other way to test DNSKong on a web page he wrote.
There are several ways that you can find the IP address of a URL. The easiest way for you may be to visit the website http://www.samspade.org, which will let you enter an address for a website and will then convert that address to an IP address for you. It will also return some other data about that site's address that you may or may not be interested in, but you will easily be able to get the IP this way.
Another method would be to open a DOS window (assuming you are using Windows) and type the command "ping www.theaddressyouwant.com" without the quotes. This command will attempt to connect briefly to that website to see if it is online and will tell you the IP address along with the connection data. Not all websites will respond to ping, so it may not always work for you.
ZoneAlarm may say that eDexter is asking for server rights the first time you run it, but you may safely deny that permission. After eDexter is running, you may occassionaly receive an alert stating that eDexter is attempting to access the Internet. eDexter does not attempt to access the Internet at any time, and this is probably an error in the way ZoneAlarm is handling a port 80 probe.
"What you are most likely seeing is ZoneAlarm reporting a port 80 probe to your computer. ZoneAlarm then reports whatever seems to own any port 80 even if it is only on the localhost. You should set ZoneAlarm to deny internet server access for eDexter." - Pyrenean
E-mail the author and ask him. I try to answer all e-mails as soon as I can. Sometimes a question may require researching, so you may not get an immediate reply. Also, this list of questions will continue to grow as long as I have new things to add to it.
Last updated: Jun. 12, 2002