Tag Archives: /etc/hosts

THELIST.txt update (THENEWLIST.txt)

In this post I am simply  doing an update to the ‘THELIST.txt’ file which is essentially a blacklist of web servers that are ad servers or have been found to be malicious. I have added more servers (mostly ad web servers). The file is accessible here:

http://zitstif.no-ip.org/THENEWLIST.txt
SHA1 (THENEWLIST.txt) = 02a2e93167f680a09f5047ef1b081483b680bfde

You can then download this file and append the output of ‘THENEWLIST.txt” to your hosts file.

For Microsoft Windows you will most likely have to do the following:

1.) iexplore http://zitstif.no-ip.org/THENEWLIST.txt
2.) Save the file to a location
3.) Run CMD.exe as an Administrator
4.) ‘cd’ to the directory where you saved ‘THENEWLIST.txt’
5.) Execute the following command: attrib -R C:\WINDOWS\system32\drivers\etc\hosts
6.) Then execute this command: type THENEWLIST.txt >> C:\WINDOWS\system32\drivers\etc\hosts
7.) Execute the following command: attrib +R C:\WINDOWS\system32\drivers\etc\hosts

For *nix hosts do:

1.) Gain root via: su or sudo -i
2.) chmod a+rw /etc/hosts
3.) printf “GET /THENEWLIST.txt HTTP/1.0\n\r\n” | nc -vv zitstif.no-ip.org 80 2>&1 | egrep -v ‘HTTP|Apache|Date:|ETag:|Accept-Ranges:|Content-|Connection:|Modified:|Connection’  >> /etc/hosts
4.) chmod a+r/etc/hosts && chmod a-w /etc/hosts

I hope this is useful to you. I think most people would like nearly ad free web browsing.  In addition to that, legitimate ad servers have been known to serve up malware:

http://news.cnet.com/8301-27080_3-20000898-245.html

So by using this file in tandem with the Adblock extension/plugin you can get for Firefox/Google-Chrome, you will be less annoyed by ads and not have to be too concerned about ads serving up malware for you.

If you have any questions, comments, or concerns feel free to contact me.

Protecting end users by black listing domain names

One of the many programs that I use for Windows to help prevent and remove malware is SpyBot S&D.  One of the methods that SpyBot S&D utilizes, is by editing the hosts file, which for Windows is located at (usually):

C:\WINDOWS\system32\drivers\etc\hosts

About a year ago, I was monkeying around with my hosts file and noticed all the entries put by SpyBot S&D. I thought to myself, “What a wonderful idea.” For those of you who aren’t familiar with the hosts file, please take a gander at this:

http://en.wikipedia.org/wiki/Hosts_file

Ergo, I compiled (well I used quite a bit of from the hosts file that was edited under Windows by SpyBot S&D)a list of offending domains that are usually associated with scams, malware, and/or other nefarious things and put it on my website. I felt that end users who use Linux or even Mac OS X could benefit from editing their hosts file in such a way. Here’s the hosts file:

http://zitstif.no-ip.org/THELIST.txt
MD5sum: 7ec6a57b82d53359c3bcff54d0b1cc62

For *nix end users, if you want to append THELIST.txt on the fly over the Internet via bash shell, give this a try and verify your results as root:

printf "GET /THELIST.txt HTTP/1.0\n\r\n" | nc -vv zitstif.no-ip.org 80 2>&1 | egrep -v 'HTTP|Apache|Date:|ETag:|Accept-Ranges:|Content-|Connection:|Modified:|Connection'  >> /etc/hosts

By doing this, you’ll protect your end users by making the blacklisted domain names unavailable to them. This may not be perfect, but this is one of the many ways you can help prevent identity theft for your end users or even yourself.

More to come.