Hosts File - Important Basic Security Guide


By: MrFace
December 16, 2010

What is a hosts file?

Hosts file is a plain text file that maps hostnames of common and uncommon sites to IP addresses in all DOS based systems. Basically, it is your local DNS resolver for specified hostnames to IP’s. Whatever IP is assigned to a hostname in the text will resolve to that IP before your DNS will resolve it and basically overrides DNS resolution. This file loads in the system cache before/during startup of your OS.

Why is this important?

This is important because it can be a main source of trouble if your hosts file is infected/injected with malicious content; see: http://en.wikipedia.org/wiki/Mydoom.B for an example. Worms, now more than ever, are utilizing this file to redirect you basic hostname to malicious sites and/or blocking security sites(IE. Symantec update sites) altogether. However, you can use this file as a major advantage to your computer and your family’s computer(s.)

What do you mean?

Well in the first paragraph, we talked about how your file is loaded into cache and how it redirects certain hostnames to IP’s. With that being said, you can force your computer to resolve any hostname to any IP that you want. For this guide, we will be discussing forcing resolution to home IP or 127.0.0.1 or localhost. What this means is we can take a hostname like “aconti.net” (this is used for spam ads and rollover click ads) and force it to resolve that IP as 127.0.0.1 so those annoying “green rollover links” will not populate to your computer. Meaning, they don’t appear any more.

How do I do that?

Well first, you need to find your hosts file. You can search for the file “hosts.*” or “hosts” or find it in the following directories:

Windows XP/Vista/7 = C:\windows\system32\drivers\etc
Windows 2000 = C:\winnt\systems32\drivers\etc

After you have located you file, open it up. It should have a block of commented out section explaining what it is and one entry (if you haven’t already edited it.) That entry should simply state:

127.0.0.1 localhost

This means that the hostname “localhost” resolves to 127.0.0.1 automatically. (Note: save a backup of the file before editing, remember redundancy is the key for proper restoration of a system)
To take the example above, we can add “aconti.net” to this file to force resolution to your local machine; effectively blocking it. Here’s how:

After your first line, add this:

127.0.0.1 aconti.net

So your file should now look like:

127.0.0.1 localhost
127.0.0.1 aconti.net

Again, this points that hostname to your local machine meaning that if you try to go to that hostname in your browser a blank page should appear. Save the file. You have now edited it. You can add as many hostnames as you want in there and it will do the same as long as you keep the proper format.

Additional info:

You can also use this as a sort of local web proxy if you wish for blocking sites that your children probably do not need to visit.
http://en.wikipedia.org/wiki/Hosts_file - good explanation of hosts files
http://www.mvps.org/winhelp2002/hosts.htm - automatically populated hosts file so you don’t have to enter a million hostnames into your file. The best one I have found on the net as well as one of the first things I do when I load a machine for a friend or family member. After placing the file in the correct directory, rebooting the machine would not be a bad idea.

Good luck, protect yourself and if you require any more information, feel free to send me a PM.
-mrface


Need more help?
Describe your Problem
Example: Hard Drive Not Detected on My PC

Ask Question