Solved Hosts file versus Restricted Sites

September 2, 2013 at 07:52:47
Specs: Win 7
A while ago I made a hosts file and put it in
Windows\System32\drivers\etc\
It only has 56 entries.
Eventually I realized that it wasn't working.

I looked at the file and discovered that it had a .txt
extension. I must have used Notepad. I never use
Notepad anymore. Hardly ever...

So I removed the extension, but I realized more
quickly the second time around that it still wasn't
working. I put the same set of website names into
the list of Restricted Sites in Internet Options, and
that does work. But the Sites are only restricted in
what they are allowed to do.

I want to either get hosts working, or find a way to
have Restricted Sites blocked completely, as if they
were in a properly-working hosts file.

-- Jeff, in Minneapolis


See More: Hosts file versus Restricted Sites

Report •

#1
September 2, 2013 at 09:48:18
Please paste the contents of your hosts file on here so that we can take a look at it.

Always pop back and let us know the outcome - thanks


Report •

#2
September 2, 2013 at 14:27:59
# HOSTS file prepared by Jeff Root
# July 22, 2013
#
# Put this file in Windows\System32\drivers\etc\
# Name it "hosts"
#
# The first functional line must be: "127.0.0.1 localhost"

127.0.0.1 localhost

::1 localhost #[IPv6]

127.0.0.1 abmr.net
127.0.0.1 adblade.com
127.0.0.1 adbrands.net
127.0.0.1 addthis.com
127.0.0.1 admeld.com
127.0.0.1 adnxs.com
127.0.0.1 adsafeprotected.com
127.0.0.1 advertising.com
127.0.0.1 afy11.net
127.0.0.1 amazon-adsystem.com
127.0.0.1 atwola.com
127.0.0.1 bizographics.com
127.0.0.1 bluekai.com
127.0.0.1 burstnet.com
127.0.0.1 casalemedia.com
127.0.0.1 collective-media.net
127.0.0.1 contextweb.com
127.0.0.1 cpxinteractive.com
127.0.0.1 criteo.com
127.0.0.1 crsspxl.com
127.0.0.1 crwdcntrl.net
127.0.0.1 demdex.net
127.0.0.1 doubleclick.net
127.0.0.1 estat.com
127.0.0.1 exelator.com
127.0.0.1 facebook.com
127.0.0.1 gigya.com
127.0.0.1 googlesyndication.com
127.0.0.1 imrworldwide.com
127.0.0.1 intellitxt.com
127.0.0.1 interclick.com
127.0.0.1 invitemedia.com
127.0.0.1 kontera.com
127.0.0.1 mathtag.com
127.0.0.1 mookie1.com
127.0.0.1 nexac.com
127.0.0.1 openx.net
127.0.0.1 p-td.com
127.0.0.1 pointroll.com
127.0.0.1 pro-market.net
127.0.0.1 pubmatic.com
127.0.0.1 quantserve.com
127.0.0.1 revsci.net
127.0.0.1 ru4.com
127.0.0.1 rubiconproject.com
127.0.0.1 scorecardresearch.com
127.0.0.1 store.yahoo.com
127.0.0.1 store.yahoo.net
127.0.0.1 tacoda.net
127.0.0.1 tidaltv.com
127.0.0.1 tribalfusion.com
127.0.0.1 turn.com
127.0.0.1 viglink.com
127.0.0.1 xiti.com
127.0.0.1 yieldmanager.com
127.0.0.1 ytimg.com


Report •

#3
September 2, 2013 at 15:04:08
✔ Best Answer
Looks perfect - you shouldn't be able to access any sites within the long block starting 127.0.0.1 abmr.net (as I'm sure you already know). Some ideas:

Unhide all file extensions and make sure that no hidden extension appears after hosts

Clear History on whatever browser you are using - it might be looking at the cache.

In Command Prompt type these two commands (hit Enter after each one);
ipconfig /flushdns
ipconfig /renew

Move your existing hosts file onto the desktop then copy the text of your hosts file into NotePad (or whatever text editor you use) and use that to create a replacement.

Otherwise it could be a permissions issue.

Might be worth Googling "Hosts file not working" to see if there are any useful hits.

As for Restricted Sites about the only way I know around it is to disable about everything you can in "IE > Tools > Internet Options > Security tab > Restricted Sites icon > Custom Level". That's all very fine and dandy unless you want to use restricted sites to allow some features.

Always pop back and let us know the outcome - thanks


Report •

Related Solutions

#4
September 2, 2013 at 21:08:34
Thanks, Derek. I hoped there was some critical typo.
But if it's a cache thing, which does seem likely, that will
certainly get cleared. I've been preparing to re-install W7
from scratch on the same drive. Probably re-format the
existing partions. Last time I did it, Windows seemed to
understand that the partition it had created originally was
the one to use for System Reserved. I've already backed
up my bookmarks so I can reload them. That's usually
one of the last things I do before going ahead, so maybe
today is the day.

Would you have any suggestion about how to determine
which sites can be removed from the hosts list? It isn't a
problem with the very short list I have, but lists that can be
downloaded contain thousands of sites, and I expect that
my browser would never be exposed to the vast majority
of those. Many probably don't even exist anymore. If I
didn't bump into a site at all in say, 90 days, I'd want to
remove it.

-- Jeff, in Minneapolis


Report •

#5
September 3, 2013 at 07:46:01
Yes, there are specialist websites that collect huge databases of what they consider to be undesirable. I am not in anything like that position but would add that (at a glance) most seemed to be ones that I happen to recognise as advert servers.

You might want to consider this:
https://adblockplus.org/releases/ad...
The filter is produced by the same outfit that produced Adblock Plus for Firefox (which is very good indeed). It adds a filter to IE Tracking Protection. If you go this way you could put a hash sign against all your hosts entries to disable them and see how you get on. The difficult bit is if you need a hosts entry back to determine which one it is.

Always pop back and let us know the outcome - thanks


Report •

#6
September 7, 2013 at 17:29:56
The hosts file isn't working.

I cleared the cache by reinstalling Windows from scratch.
The URLs of the unwanted websites are showing up in the
status bar and their ads are onscreen.

Do I need to set the file attributes in some special way?

I checked it with a hex editor-- the lines end with 0D 0A
as they should.

-- Jeff, in Minneapolis

message edited by Jeff Root


Report •

#7
September 7, 2013 at 17:42:13
"Make sure when you reinstall, you delete ALL partitions & format to NTFS"
Did you delete all the partitions?

W7 - Click on > Drive options (advanced) Then highlight each partition & hit > Delete.
http://www.blackviper.com/os-instal...
http://www.blackviper.com/os-instal...

Here are some examples of why you delete all partitions.
http://forums.spybot.info/showthrea...
http://forums.whatthetech.com/index...
http://blog.eset.com/2011/10/18/tdl...


Report •

#8
Report •

#9
September 7, 2013 at 18:25:05
I honestly don't know why hosts isn't working. You don't have to set attributes in any special way, it normally just works. I'll think about it but don't hold your breath. Did you try remaking it using copy/paste and NotePad?

SpywareBlaster is one of my favourites too (see #8) but somehow slipped my mind. Not only does it give you protection without anything running at all but it also kicks off many of the worst ad-servers. It just needs updating about every two weeks which puts puts kill bits in the registry against undesirable web addresses - hence it does its prevention job without even running (rather like hosts).

Always pop back and let us know the outcome - thanks


Report •

#10
September 7, 2013 at 22:37:32
A bit more about hosts. I'm probably too pedantic with mine but I never leave an open line, extra line space or space. I doubt it would help but you could replace this part:
=================
# The first functional line must be: "127.0.0.1 localhost"

127.0.0.1 localhost

::1 localhost #[IPv6]

127.0.0.1 abmr.net
=================

with this:

=================
# The first functional line must be: "127.0.0.1 localhost"
#
127.0.0.1 localhost
#
::1 localhost#[IPv6]
#
127.0.0.1 abmr.net
=================

For comparison my localhost parts are simply this:

==============
127.0.0.1 localhost
::1 localhost
==============

Assuming the above makes no difference there is one more thing you could try.
Rename hosts to xhosts so that it is temporarily disabled.

Create a new very simple one in NotePad - just this alone:

127.0.0.1 localhost
127.0.0.1 google.com
127.0.0.1 www.google.com

Name it just hosts with no extension and put it in the proper location.
See if that blocks you from going to Google - it should.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#11
September 8, 2013 at 02:25:13
Good news, bad news, and bad news.

The good news is that I found the obvious cause of the problem.
The first bad news is that it is due to my own stupidity (as well
as that of other people, but mostly mine).

I'm running 64-bit Windows, which means I have to store a second
copy of the hosts file in SysWOW64\drivers\etc\. I forgot to do so,
in part because I didn't add that bit of info to the top of the hosts
file itself as a reminder.

The second bad news is that it didn't work. Although it looks like
forgetting the second copy was the fatal flaw, apparently there is
still another fatal flaw. I used CCleaner to clear the Temportary
Internet Files, history, and cookies, including the cookie for this
place, and rebooted twice, and still all those unwanted websites
show up in the status window.

-- Jeff, in Minneapolis


Report •

#12
September 8, 2013 at 05:43:56
Seems the second copy no longer applies in Win 8 64 bit. I have no "etc" folder in that path but it still works fine with just one copy in the ususal place.

"unwanted websites show up in the status window"
Jeff, give me a prod to wake me up - what status window do you mean?

Always pop back and let us know the outcome - thanks


Report •

#13
September 8, 2013 at 10:23:17
I couldn't think of the right word, so I said "window". The status line
at the very bottom of Internet Explorer. (And many other programs...)

My Internet connection is slow enough that I can read many of the
URLs as the bits of pages are downloading.

I should have said... I was surprised this time around (shortly after
re-installing Windows) to find that there was no "etc" folder in
SysWOW64\drivers\. I had to create it. I thought the folder existed
when I previously tried to do this a year ago or so.

I'll do a Google search for hosts file dependencies. I might have
disabled some service that is needed to use the hosts file.

-- Jeff, in Minneapolis


Report •

#14
September 8, 2013 at 12:27:09
Aha, OK, status bar - got you now. Just wondering if despite websites being blocked they could still appear there before doing the loop back. Have you any other proof as to whether they are blocking or not?

That mini hosts file I suggested at the end of #10 would prove the point. If you've renamed your hosts to xhosts you can soon get it back if whenever you like. It would be easy to check whether you can still get to Google, whatever happens to appear in the status bar.

I have no Win 7 64 bit to check out that "SysWOW64\drivers\etc" location but unless you have seen it given online somewhere I am wondering it it is necessary. Two hosts files sounds a tad odd to me.
EDIT: This seems to fit with my drift immediately above:
http://www.sepago.de/e/helge/2009/0...

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#15
September 9, 2013 at 00:31:55
Based on the info in your link, I removed the second copy of
hosts and the \etc\ folder I created for it.

I tried a minimal change in the hosts file in the direction of your
suggestions in reply #10: I removed the comment " #[IPv6] ".
No improvement. I see ads from blacklisted sites. I can't
always tell which site is responsible for an ad, but a few are
clear, such as doubleclick.net on this page.

I had no luck finding dependencies for making the hosts file
do its thing. Basically I don't know what program processes it.

-- Jeff, in Minneapolis

message edited by Jeff Root


Report •

#16
September 9, 2013 at 10:17:34
Did you try putting Google in there in both the forms I suggested to see if it blocked your access to it?

Always pop back and let us know the outcome - thanks


Report •

#17
September 9, 2013 at 16:05:42
Oh, my!!!

I'm shocked. I did put the super-short Google-only version
of hosts into Windows\System32\drivers\etc\ , and when I
tried to go to Google just now, I immediately got the familiar
error message telling me the web page can't be displayed.
Apparently it worked!

Why???

-- Jeff, in Minneapolis

message edited by Jeff Root


Report •

#18
September 9, 2013 at 16:21:07
I hate to say this but I really think it was always working. What you see in the status bar is its attempt to go to the website but it is then looped back to local hosts instead.

Try temporarily adding those same two google lines in your original longer hosts file. If it blocks you then all of it is working. If it doesn't then come back because one way or another I think we could fix it.

UAC might prevent you "making changes to it in situ". If so copy/paste it onto the desktop to make the changes. Copy it back when you've done.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#19
September 9, 2013 at 18:19:43
I used Notepad because it apparently is 64-bit, while my usual
text editor is 32-bit, so ironically can't put stuff into System32.
Run as Administrator, Notepad saved directly intp System32,
only once appending .txt to the filename, which I immediately
discovered and removed in Windows Explorer.

As soon as I added www.google.com to the list, Google was
blocked. I didn't have to clear the cache or even restart IE.
It was NOT blocked by adding google.com. I tried putting
"www." in front of all the other site names (doubling the length
of the hosts file), but that does not appear to have worked.
I still see the names in the status bar and still see the ads.
The thing is, when I used those names *without* the "www."
in Internet Options > Security > Restricted Sites, those ads
were not displayed. I think they still downloaded, though,
because the sites are not blocked, just restricted. With my
dial-up connection, the time to download stuff is the thing
that I most want to eliminate.

I'll try clearing the cache, as I was about to do a couple of
hours ago when I got sidetracked.

-- Jeff, in Minneapolis


Report •

#20
September 10, 2013 at 08:13:09
I have sometimes found with hosts it is necessary to have both the www and none www alternatives in some instances, although mostly it works without www. Maybe it is there way of trying to defeat us. Restricted sites never seems to need www.

Well, I'm not sure I can offer much more on this. It seems odd if the hosts file is blocking google yet letting other stuff through - I can see no reason for this.

If you have never run ADWCleaner it would be worth a shot just in case you have some bad toolbars (or their remnants) lurking. You just download and save the file then double click it. You do the Scan and then the Clean to get shot of them. The Report (log) will tell you what it found, if anything:
http://www.bleepingcomputer.com/dow...

Always pop back and let us know the outcome - thanks


Report •

Ask Question