Protecting your computer’s wire tentacles from getting tangled up with the Internet’s less savory sites can be as simple as pasting a few lines of code into a file.
Want to stop your teenage son or daughter downloading games to your computer? Want to stop your husband from watching porn? (we all know the computer forced him to watch it, right?) Or do you want to block all the ads that slow down your Internet browsing?
All the above is easily done. You can even kill access to online casinos. In fact, you can block access to any site, even Google, Bing or Facebook, if you want to.
All you need to know are the domain names of any sites you want to block and the location of the “hosts” file that your computer checks to determine the IP address of any domain name it is asked to visit to block it from checking the remote DNS (Domain Name System) for the registered IP address for that domain.
This method of site blocking works with Windows, Linux, Unix, Posix, Android, Symbian, Mac OSx, iOS and most other operating systems (OS’s). It doesn’t matter whether your OS is installed on a desktop, laptop, netbook, mobile phone, smartphone or other handheld device. You can speed up your browsing, block access to websites and block ads so long as you can locate and edit the computer’s “hosts” file.
The instructions shown here assume you use either Linux or windows. If you use a different OS, consult the Table of Hosts File Locations at the bottom of this page to check the location of your operating system’s hosts file.
Step One: Open the Hosts File for Editing
I assume you use Ubuntu. Adjust file paths if you use a different Linux distro.
- Open the Hosts file for editing by typing the following command into a terminal
gksu gedit /etc/hosts
or, if you use KDE
kdesudo kate /etc/hosts
- The file that opens contains a tab delimited list of IP addresses and domain names. It will look similar to this example
- Move on to Step Two.
This applies to most modern versions of Windows. I assume you use Windows 7. Versions of Windows below XP store their hosts file in a different location.
- Stop the DNS Client service by clicking Start and typing services.msc into the Run dialogue then in the window that opens, double-click the DNS Client service and set the startup type to manual and disable the service before closing the window.
- Locate the Hosts file at c:\windows\system32\drivers\etc\hosts.
- Right-click “hosts”, select Properties then untick Read Only before clicking OK.
- Navigate to Start>All Programs then right-click Notepad and select Run as Administrator.
- In Notepad, click File>Open then browse to C:\windows\system32\drivers\etc\hosts.
- The file that opens contains a tab delimited list of IP addresses and domain names. It will look similar to this example
# Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 126.96.36.199 rhino.acme.com # source server # 188.8.131.52 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost
Remember to re-lock your Hosts file as Read Only once you have edited and saved it.
The DNS Client service creates a local cache of the IP addresses associated with domain names. Domain name and IP address associations are usually kept in a remote DNS database. The intention with locally caching DNS lookup results is to shorten the time taken to load a webpage. Disabling the Windows DNS Client service makes a negligible difference to page load times that is more than compensated for by blocking access to ad servers and other non desirable sites.
Step Two: Block Access to Websites
A hosts file stores lines of IP addresses and domain names. Each IP address is separated from its associated domain by either a space, several spaces or a tab. A host file might also contain a hash symbol (#) followed by a single line of text.
The computer that hosts the hosts file reads each line of the hosts file ignoring anything on a line that is written after a hash symbol. Anything written after a hash symbol is a comment intended to be read by humans. Once a hash symbol is reached, the computer will skip to the next line within the file. It will keep skipping until it finds a line that does not begin with a hash symbol.
Each row of the file that contains an IP address to domain name mapping instructs your computer to associate the specified domain name with the specified IP address.
In the default hosts files shown in Step One, the IP address 127.0.0.1 is associated with the domain localhost. 127.0.0.1 belongs to your computer’s loopback device. Any request that sends your computer to IP address 127.0.0.1 causes your computer to loopback to itself i.e the request doesn’t take your computer anywhere, it just talks to itself.
You can block access to any website by telling your computer to loopback to IP address 127.0.0.1 whenever your computer is asked to query that website’s domain name. You are not restricted to redirecting requests to IP address 127.0.0.1. You can use any IP address.
For example, to block access to the website example.com, you would add the data 127.0.0.1 example.com into a row of your computer’s hosts file
Adding those two examples to a Linux hosts file will make it look like this
127.0.0.1 localhost 127.0.0.1 example.com 127.0.0.1 test.com
Notice that the specified domain name does not include the protocol prefix http:// or the host name www. Only the domain name of the site being blocked is required. Do not use individual page URLs and do not use wildcards.
The IP address is always stated to the left of the domain name that is being redirected to it.
Hosts files on Windows machines can have only one IP address and one domain name listed per row; this is fine for Linux and Unix too but Linux and Unix permit multiple domain names listed against one IP address per row also (with a space or tab between each domain name).
So, to block access to any number of websites, create a list of websites you wish to block and associate each one’s domain name with the IP address 127.0.0.1 by listing each domain name in the hosts file with the IP address on the left of the row and the domain name on the right of the row.
Step Three: Get a List of Bad Hosts
You could, if you really, really, really wanted to, create your own list of bad hosts by continuously adding them to your computer’s hosts file. But that would be the long way round to blocking all those malware infested, drug selling, drive-by installing, ad serving, naked body filled sites.
There are plenty of already compiled, regularly updated lists of bad hosts to choose from. You only need to download them, copy their content and paste it into your hosts file.
I use two merged lists. One list comes from mvps.org and the other list comes from hosts-file.net.
I take both lists, put them together into one file, sort them alphabetically then remove duplicate entries. In Linux I use the terminal command “sort -u file1.txt > file2.txt”. If you don’t use Linux, you can use an online tool such as Textris to sort and remove duplicate entries or you can use Excel.
Merging multiple lists of bad hosts, sorting them and removing duplicates is easy
- Open your hosts file as shown in Step One.
- Go to hosts-file.net and download their hosts file (click here to download it directly).
- Extract the downloaded file and open the file HOSTS.txt.
- Go to mvps.org and download their hosts file (click here to view it).
- Open Textris.
- Paste the contents from both hosts files into the text entry form at Textris.
- In Textris, select Miscellaneous>Remove Duplicates then let it do its magic.
- Again, in Textris, select Sorting/Alphebetizing>Natural Sort/Alphebetize.
- Copy the sorted text into your computer’s host’s file (e.g /etc/hosts or c:\windows\system32\drivers\etc\hosts).
- Delete any comments i.e any lines that begin with a hash symbol (#). There will be a few hundred of them.
- Save the file and browse a few sites to test your success.
Note 1: Linux users can merge and sort lists alphabetically with Kate instead of using Textris. Windows users can use Excel for the same.
Note 2: it’s usual to place the entries for localhost at the top of the hosts file.
We delete the comments to make the hosts file smaller. The smaller it is the quicker it loads and the less work your computer must do to read its content.
If you use regular expressions you can delete all comments, even those that are placed at the end of a line, with the search pattern “#.*” (without the quotes) and an empty replacement pattern. That regular expression will work in Kate, Notepad++ and Edit Pad Pro.
Sources for Host File Rules
Different pre-written hosts files block different types of site. The one from MVPS blocks mostly ad servers, malware sites and known fraud/phishing and casino sites. The hosts files provided by HostsFile (not to be confused with hosts-file) blocks porn sites as-well-as those blocked by the likes of MVPS.
No list will block all malicious or undesirable websites but the lists available at these sites will at least get you started on the right track:
Hosts-File (several very large lists)
MVPS (recommended in many reviews)
What You Will See
From now on, when you browse the Net you not be able to access any of the domains listed in your computer’s hosts file. Any website that attempts to download, stream or show you information from any of those blocked domains will load as normal but the parts where data from the blocked domains should show will either display as a blank section of the screen or will be replaced with the message “Unable to Connect to Server”.
To bullet point the browsing differences:
- Pop-ups will still load but any pop-ups filled with ads will now be blank because the ads will not load.
- Ad banners will show as blank, empty squares and rectangles.
- Sites known to administer malware will not be accessible
- Internet browsing will be quicker because your computer will not be slowed down by loading ads.
- Web pages that sometimes load and other times don’t will likely load more frequently because the ads that prevented them from loading no longer load with the website.
- Web pages will freeze less frequently.
- Unlike Adblock Plus and other browser based ad blocking methods, websites cannot detect their ads have been blocked so any sites that prevent access based on the presence of ad blocking software will not block you if only hosts file rules are used to block their ads.
The more rules you have in your hosts file, the better your results will be.
If you find you are unable to access certain sites after changing the content of your hosts file, open the hosts file and check that the inaccessible site’s domain name is not listed within it. If it is, remove it and the site will again load as usual. Only you can decide whether the site should or shouldn’t be blocked.
Useful Privacy Software
Spybot Search and Destroy (a Windows only program) adds rules to your computer’s hosts file. It doesn’t supply the most comprehensive list but it is an easy option for those who prefer not to manually edit their computer’s system files and the list is regularly updated.
Privoxy is proxyadding software that works on multiple operating systems (including Unix and Linux). It assists with ad and script blocking as well as anonymizing web access.
|Operating System||Location of Hosts File|
|Unix, Unix-like, POSIX||/etc/hosts|
|Windows 95, 98/98SE, Me||%WinDir%\|
|Windows NT, 2000, XP, 2003, Vista, 7||%SystemRoot%\system32\drivers\etc\|
|Windows Mobile||Registry key under \HKEY_LOCAL_MACHINE\Comm\Tcpip\Hosts|
|Apple Macintosh 9 and earlier||System Folder: Preferences or System folder|
|Mac OS X 10.0 – 10.1.5||(Added through NetInfo or niload)|
|Mac OS X 10.2 and newer||/private/etc/hosts|
|Also Mac OS X 10.2 and newer||/etc/hosts|
|iOS (only with jailbreak)||/private/etc/hosts|
|iOS 2.0 and newer||/etc/hosts|
|OS/2 & eComStation||“bootdrive”:\mptn\etc\|
|Symbian OS 6.1–9.0||C:\system\data\hosts|
|Symbian OS 9.1+||C:\private\10000882\hosts|
Note 1: %Windir% and %SystemRoot% represent the storage device that Windows is installed on (usually C:).
Note 2: The data in the table is a reformatted version of the data found in an article at Wikipedia.
No computer or surfer will ever be 100% safe from malicious content. Blocking access to sites will protect a computer and its users from known bad hosts. It won’t prevent access to unknown bad hosts. Ultimately, a computer’s end user (i.e you) is responsible his or her own protection. In other words, don’t blame me if you fall foul of another’s malicious actions.