Ad-blocking extensions like Adblock Plus are wildly popular among web power users, whether used to kill distracting ads or to make the most of a slow connection. Their weakness: These extensions only work with the browser you've installed them on.If you're interested in blocking advertising from specific domains globally, you can edit your computer's (or, better yet, your router's) hosts file to stop your browser, your phone's browser, or any other application from visiting that advertising server completely.
How Does This Work?
DNS is the telephone book of the internet. Generally, your computer/device uses two methods to locate the other server over the network. In the beginning, only the /etc/hosts file was used. Over time, that file became huge with all the DARPA and University hosts listed. Then DNS was created to turn that lookup into a service for everyone.
Today almost every operating system performs name-to-IP lookups by:
- checking the /etc/hosts file
- if not found, sending a DNS query
Any hostname found in the hosts file prevents further queries.
DNS is critical to the security of the Internet too. Any machine that can alter the name-to-IP lookup can trick your system into trusting a remote server with SSL without your knowledge. The safety of every SSL certificate used to protect all your online shopping are completely dependent on DNS.
So, by changing your lookup for an ad-server to point to your local machine, you've just shortcut their ability to do anything to your PC. Isn't that really want you want?
- Speeds up your internet use since the local hosts file by default is checked first, before DNS is used.
- Not just for browsers, but works for custom apps like iTunes, RealPlayer, Twitter clients or anything, since it works at the OS name resolution level. It doesn't care if this is UDP or TCP traffic.
- Platform independent; portables, OSX, Linux and even MS-Windows. If the system uses IP (internet protocol), then it has an /etc/hosts file somewhere.
- Stops ad-tracking too. The hosts file is great if you don't want to be tracked by them ever again; you won't need to use "opt-out" cookies either. (My new /etc/hosts file has over 12,000 entries. That's 12K worth of advertising network hosts that are not using bandwidth as I surf. The old one used for the last decade was only 1200 lines, yet still highly effective. That growth says something about internet tracking these days.)
- Blocks spyware and malware too, if those server locations are added to the file. That increases the safety of your networking experience.
Which File Exactly?
On OS X and UNIX-like operating systems, the hosts file is located at
On Windows, the file is usually at
%SystemRoot%\system32\drivers. (Copy that path, press Win+R, paste that path, and hit Enter.)
Typical hosts files will contain networking entries like this:
127.0.0.1 localhost 127.0.1.1 my-real-hostname ::1 my-ipv6-addr
How to Edit the Hosts File with a Community Created File First, find the hosts file by going to the paths above. The hosts file doesn't have an extension, and if you don't have a hosts file on your computer already that's ok. (On Mac, in Finder go to Go > Go To Folder and type in "/etc". Look for the file called "hosts").
If you have a hosts file already, make a backup of it to another directory just in case.
You can create your own hosts file, adding different ad servers you hunt down to your list, but that's a lot of effort. A simpler solution is to use a community created hosts file. You can find pre-made lists of ad network files by Googling or get a community provided file from hpHosts. There are many other versions and websites producing ad-blocking hosts files. Don't worry about a larger file making your PC slower. Even the largest files will actually make your PC feel faster.
Copy the hosts file to your etc location. If you had an existing hosts file already, copy the lines from your backup hosts file into your new one, starting with the "127.0.0.1" or other IP number. When you save the file make sure you save it without an extension; typing "hosts" in the filename line to prevent a .txt or other extension being added. (Note: The sites hosting the hosts file should provide instructions for installing it; please follow those just in case.)
There's an easy way to check these files for something nasty, since you are replacing your name-to-IP lookup with them. Search for any lines that do not start with ‘127.0.0.1' or a comment.
egrep -v '^127.0.0.1|^#' /etc/hosts |more
Stop the Bad Guys Out There There are a few people on the internet who are simply bad. Picking them out from the, shall we say, aggressive advertisers can be difficult, but a few definitely come to mind like cnbc7.com (note: This has nothing to do with the CNBC cable TV network.). These guys need to be blocked on every PC, period. Add this line to every computer hosts file, every DNS, every place that you can. They seem to only push spyware, malware and viruses. You can add them to your hosts file by adding the line:
You'll never be bothered by them again. I just received a spam email with a redirector to cnbc7 about 30 minutes ago. If I'd accidentally clicked on that link to a respectable website that happens to have a redirector inside the URL, my PC could easily have been compromised. BLOCKED. Please don't forget to do this for your own protection.
Important Notes Some care needs to be taken when editing this file. The format across all platforms is identical, but you probably want to merge the current file on your computer/device with one that you discover online. At some point in the future, you may want to be tracked or visit a website that you previously blocked. Just use a comment the specific server in the "hosts" file.
For example, I block facebook.com and www.facebook.com since I don't appreciate their fingers on almost every page across the internet. Recently, a TV network that I like to watch on the web forced all connections through Facebook, not just as a way to track, but to proxy their content THROUGH Facebook servers. I must allow Facebook access for that 1 hour every week to watch that show. To make this easy and reduce risk, I have 3 /etc/hosts files: hosts, hosts.noFB, hosts.FB. I copy the .nfFB or .FB file into the real hosts file as needed.
If you do block an entire website, like, www.facebook.com, here's what your browser will see.
- Any changes take effect immediately on write of the file.
- If the blocked domain is just for advertisements, that part of the screen will just be blank. When I visit http://cnn.com, their website is almost useful since almost every ad is blocked.
- Be certain to retain any hosts listed at the top of your original hosts file.
- Be certain you leave anything that looks like this:
127.0.0.1 localhost 127.0.1.1 my-real-hostname ::1 my-ipv6-addr
since removing those lines can be really bad for your PC networking. This will probably break a few things.
- On all modern operating systems, this file is protected, so you need root/administrative access to change it. On MS-Windows, be certain you use Run As Administrator to edit the file. For more help with that see Microsoft's support site. For Linux and other UNIX-based operating systems, you'll need to use sudo or gain root with an su -.
- Some versions of OSX don't follow the /etc/hosts method. Here's an out dated Apple support article to explain.
Some Routers Will Let You Add a Local Hosts File Some firewall software, like Smoothwall, will let you centrally manage a local /etc/hosts file for all the machines/devices on your subnet. This could be really helpful, avoiding having to add a modified /etc/hosts file to every PC. You can also use universal ad-blocking scripts on Tomato or on DD-WRT router firmware.
A Final Option When you block any website with an entry in your /etc/hosts it is like a nuclear bomb. There is nothing those hosts can do to load anything on your PC.
TheFu is an enterprise technical architect, F/LOSS loving, cross-platform C/C++ developer, aerospace engineer and rocket scientist. He enjoys Shiner Bock, piña coladas, travel and hiking when not hacking perl or shell scripts. Follow him at http://identi.ca/thefu.