HOWTO: Block websites using the HOSTS file

Blocking ad servers and malicious websites is a tough task these days. There are so many tools out there to keep ads blocked, remove spyware, and scan for viruses. Most of this unwanted content comes from known ad servers and known malicious websites. You can harness the power of the Windows’ HOSTS file to actually block some of this stuff. I’ve been doing this for years, and I’m still surprised how well it works.

In a nutshell

For your version of Windows, the HOSTS file is located in

Windows XP:
C:\WINDOWS\system32\drivers\etc\

Windows 2000:
C:\WINNT\system32\drivers\etc\

Windows 98/ME:
C:\WINDOWS\

It does not have an extension — it is just called hosts. The purpose of the HOSTS file is to allow you to manually enter IP addresses associated with websites, so the DNS server can quickly resolve an address. Say you know that google.com is the IP address 64.233.187.99 — you could enter that into the HOSTS file so when your machine requests google.com, it will immediatly know to go to http://64.233.187.99/. Instead, we can take known ad servers, and tell them their IP addresses are 127.0.0.1. For those of you that don’t know, 127.0.0.1 is your local machine, if you were running a server on it. So say, some ad server hosts a banner ad at http://www.adsite.com/ads/23bh3.jpg. If you redirect this server to your lcoal machine in the HOSTS file, when a website calls that hosted image from the ad server, it will try to load http://127.0.0.1/ads/23bh3.jpg. Since that folder and that image don’t exist on your computer, the image won’t show, and you’ve blocked the ad from showing on that website.

Putting it together

This first line of the HOSTS file should list the local IP address:

127.0.0.1       localhost

That tells the rest of the file, 127.0.0.1 is your local machine, like I explained above. You could also use 0.0.0.0 instead of 127.0.0.1 — either will work, but whatever you use for localhost, use below. After that, enter known ad servers and use your local IP (whichever you chose at the top). You can find maintained HOSTS files online or start to build your own. Here’s a little snippit of what my HOSTS file looks like:

127.0.0.1       localhost
127.0.0.1       92.132.206.rev.adknowledge.com
127.0.0.1       a-con1.adknowledge.com
127.0.0.1       a-lbs.adknowledge.com
127.0.0.1       a-pwr.adknowledge.com
127.0.0.1       a-sw1.adknowledge.com
127.0.0.1       aa1-1.adknowledge.com
127.0.0.1       aa1.adknowledge.com
127.0.0.1       aa2-1.adknowledge.com
127.0.0.1       aa2.adknowledge.com
127.0.0.1       aa3-1.adknowledge.com

Extra step: Windows XP/2000 only

In XP and 2000, the DNS Client (a system service), will make your machine come to a grinding hault if your HOSTS file is too large. This service is unnecessary and can be stopped and disabled. Go to Start > Run > enter “services.msc” then hit [Enter]

Navigate to DNS Client, right-click it, select Properties, under Start-up Type, select Manual. Click Apply. Then below that, click the Stop button. You should do this before you save a large list of servers to your HOSTS file.

Disabling/Enabling the HOSTS blocking

If you ever need to disable the blocking, just rename the hosts file to anything. I usually rename it to hosts.disable. After you do that, you need to restart your browser to see the changes. To enable it again, just rename it back to hosts.

You could also write a script to do this for you. An example called disable.bat:

cd C:\WINDOWS\system32\drivers\etc && ren hosts hosts.disable

And another example called enable.bat:

cd C:\WINDOWS\system32\drivers\etc && ren hosts.disable hosts

More info about HOSTS

To get a HOSTS file already full of servers, you may go to MVPs.org. To learn more about the HOSTS file, check this site out; it’s where I learned about it. Also, I posted this tip a while back, at Of Zen and Computing.

Comments

  1. Pingback: I need to be able to block certain websites - Error

  2. hi, ive tried doing it as followed to the instructions that you gave but nothing seems to be working. Im just wanting to block all this social sites like http://www.hi5.com, http://www.wayn.com, http://www.friendster.com, myspace and many more. To basically keep my kids from spending too much time on them and that i dont trust the friends that they are keeping in contact with. Ive done them according to the steps as provided but nothing seems to be working. Even after closing and restarting the IE or firefox again.

    Reply
  3. ive tried doing and following the steps given above as stated…if there something that im doing wrong?

    Reply
  4. still not working…ive tried it several times, i guess im not really much of a computer freak. please do guide me through…i have gone into the windows/system32/drivers/etc and into the hosts file to change it

    127.0.0.1 localhost
    127.0.0.1 http://www.hi5.com
    127.0.0.1 http://www.friendster.com
    127.0.0.1 http://www.skyblog.com
    127.0.0.1 hi5.com

    done and followed the whole entire steps of what was being taught if you wanted to add more
    Go to Start > Run > enter “services.msc” then hit [Enter]

    Navigate to DNS Client, right-click it, select Properties, under Start-up Type, select Manual. Click Apply. Then below that, click the Stop button. You should do this before you save a large list of servers to your HOSTS file. ( did all that as well) but somehow nothing seems to be working even though after i have closed and reopened the window.

    Guide me please..

    Reply
  5. i just realise and forgot to ask, is there a way to enable and disable the way of using it? or do i just save it as it is and run from where i am. Do i have to go back into the dns client and click on start or change under the start-up type to automatic again and than click apply? i think ive basically tried everything i can…

    desperately need help..

    Thank u and sorry for being such a pain as im still learning…

    Reply
  6. Roger,
    Don’t you mean http, not www? Can you give an example?

    ext.name.com/name.com

    127.0.0.1 ext.name.com
    127.0.0.1 name.com

    Reply
  7. Instead of blocking certain sites, can a hosts file be configured to allow certain sites only……say I only want my kid to be able to see a handfull of sites and want the rest of the WWW cut off….can I do that?

    Reply
  8. to tony,

    what you’ll need to do is this

    127.0.0.1 localhost

    127.0.0.2 hi5.com

    127.0.0.3 friendster.com

    127.0.0.4 skyblog.com

    127.0.0.5 enter another site.

    this will block entire websites.

    Reply
  9. John,
    Right-click the hosts file and choose Open. A box should pop up with a list of programs. Scroll down to Notepad or Wordpad and open with one of those.

    Reply
  10. It is not working still, just like terry said, i did everything. But still not blocking the website that i dont want : (
    Help!

    Reply
  11. You also have to make sure that you don’t save the hosts file as a .txt file. It can’t have any extension. If you don’t have Windows showing file extensions on your system, you can still change them by right-clicking, choosing Properties, and checking for and removing the extension there.

    Reply
  12. The hosts file is really simple once you get the hang of it. One thing I am noticing is that there does not look like there are any spaces in the ip domain combo. So try this.

    A quick way to open it is this.

    click Start->Run

    in the blank type: notepad C:\WINDOWS\system32\drivers\etc

    This will open it in notepad.

    copy the following:

    127.0.0.5 myspace.com
    127.0.0.5 facebook.com
    127.0.0.5 anothersite.com
    127.0.0.5 hi5.com

    keep adding domains as you need. in notepad I use a tab between them not spacebars. Hosts files do not allow wildcard characters. To get into that level of blocking you need to have a router with a custom DNS table.

    Reply
  13. Hi Dan,
    The HOSTS file doesn’t support wildcards, so the answer is No. It would be nice to block something like *.myspace.com or *.info, etc, but it cannot be done.

    Reply
  14. i did all the steps needed to block a website but i had a problem in saving it. it says “make sure that the path and file name is correct”

    Reply
  15. Simple easy way to block web sites, thanks for your easy to use information. Yes we could probably look up in Windows information but thanks to Bill Gates assuming everyone can split the atom, would make for one frustrating “search”. Thank you again nice site for internet information!

    Reply
  16. I just updated my HOSTS file thanks to http://www.mvps.org. Wow, I sound like a commercial. heh..

    Whatever. So anyway, they have a HOST file you may download which has hundreds upon hundreds of hosts to be blocked not only for the purpose of blocking ads, but for security. Visit the following page for the wisdom! http://www.mvps.org/winhelp2002/hosts.htm

    Take your time there. There’s good knowledge on this page! It’s well worth the time you decide to spend. Their HOSTS file for download is inside of a ZIP file which has a batch file (.bat for those of you who don’t know yet) that, when opened, will backup and replace your existing HOSTS file for you.

    But for those of you who don’t want to lose what you already have in your HOSTS file, then check this out: I Copy/Pasted the content of their HOSTS file anyway because I had stuff in mine that wasn’t in theirs, and thus it would have been lost. And it was really easy. I put the cursor in front of the first entry (literally in front, on it’s far left side) in the really long list, then I pressed Shift+Ctrl+End in order to select everything from that point forward to the end so I could then go ahead and copy it. So then I pressed Ctrl+C to copy (if I pressed Ctrl+X, I would have cut the text, thus made a change, and I would have had to be bothered with the “Would you like the save the changes?” dialog box. No, thanks! heh).

    Then I did Alt+F4, pressed Enter for “Ok” to save changes, and I was done. I went back to surfing, and suddenly, I was ad-free. Whatta wonderful thing.

    Now to answer Ramjit, it’s simple: If their IP changes, the solution is simple: just add it to your HOSTS file (or replace the one which changed).

    Always remember that you’re the one in control. You’re the user. To the computer, you’re God. This perspective should help reduce such questions with obvious answers. :) No offense intended here. I’m doing my personal best to help save you time.

    Enjoy your ad-free web-surfing! (although, it won’t be 100% ad-free. Some sites are clever like that).

    Reply
  17. Pingback: Parental Control Software using Windows User Accounts - Computer Forums

  18. Hi,

    I was using Vim in WindowsXP to edit the host file. It was screwing up the new line or tab characters. Anyway, after nearly giving up, I tried Notepad and it worked. An example follows

    127.0.0.1 orkut.com

    127.0.0.1 http://www.orkut.com

    There is a tab between the host address and host name. Also, I used two newlines after each address, name pair.

    Hope it helps.

    Reply
  19. Guys, try using 0.0.0.0 instead of 127.0.0.1

    For some odd reason, on some computers if you put 127.0.0.1 (local) it somehow resolves the proper i.p and goes out.

    If you set the website to 0.0.0.0 there is NO WAY it is going to resolve.

    Reply
  20. Oops! We were unable to fulfill your request.

    Sorry for the inconvenience, but we experienced an error fulfilling your request.
    Go back to Home or click on the Back button of your browser to go back to the page you came from.

    help me please

    Reply
  21. Hiya,when I open the host file it says that its a sample host file???How do I get to an active one??I’ve searched and it comes up with two sample hosts???any help will be greatley appreciated…….

    Reply
  22. I have Windows XP and Office 2000. There is one website that I can never connect to. Internet Explorer (7), shuts down as soon as I click on the site. I have tried doing this with the pop up blocker off but it makes no difference. I can never access this website. What do you think the reason might be please?

    Reply
  23. Keeps saying “cannot create…..make sure path & filename is correct” & “not enough memory available to complete this operation. quit one of more applications to increase availabel memory and then try again.”

    i even tried the “extra step” for the DNS Client but keeps saying “unable to open DNScache for writing on Local Computer…Error5:Access Denied”

    PLEASE HELP!

    Reply
  24. Just want to say Thanks! I been wanting to do this on my son’s computer for a while. It worked perfect!

    Reply
  25. Hey “JAMES” you said:

    “Wow, 3 people have commented and all 3 comments are retarded.

    Its a shitty world I live in.”

    Make that count 4!

    YOU FORGOT TO INCLUDE YOURSELF!!

    Is it painfull to be so dumb!??

    Reply
  26. Hi,

    I’m using vista home premium, i go to system32/drivers/etc and then there is a ImHosts.sam file, a HOSTS file and a HOSTS backup file made by spybot search and destroy.

    Anyway my problem is that when i open the HOSTS file in notepad and put in

    127.0.0.1 (website)

    it wont let me save it..it says cannot create (path file name) make sure path and filename are correct

    this is all that is in the HOSTS file at the moment

    127.0.0.1 localhost
    ::1 localhost

    so basically it wont let me save the file. It works perfectly on XP when i do this so im really curious as to know why it aint working.

    Any of you pro’s know how to fix this?..the same question has been asked twice before but no one seems to have answered it!

    Thanks and i hope for a reply!

    Reply
  27. Star, that’s an excellent question worthy of its own post. But before I write a post on it, let me explain. Vista’a UAC blocks your access to the HOSTS file since it’s a system file. To get around it, you can either completely turn off UAC and edit it normally, or… copy the HOSTS file to your desktop and edit the copy normally. Then rename the copied file on your desktop to HOSTS and drag it into the etc folder. It will ask if you want to overwrite the existing hosts file; say yes.

    Reply
  28. If you cannot get it to work it is probably because that webpage is cached…

    In IE;
    Go to “Tools”
    “Internet Options”

    and remove the temporary files, close/reopen IE…

    Make sure you turn off you “DNS Client” in the services…

    Reply
  29. Hi Mark

    I done what you said but drag and dropped it on the desktop..added in a random website and it worked perfectly. Good way of getting around the problem.

    How do you turn off the UAC?

    and what is the DNS client? not in really technical terms tho!

    i’ve seen a few people write about it..what happens when you turn it off or on etc

    i only came across this site by accident on google, searching for a way around that hosts problem. It’s great to learn new stuff about computers everyday!

    Thanks for your tips

    Reply
  30. Hi Mark !

    i need to block an intranet site,that uses IP addr. , no name.

    i tried to block the site by editing host file as follows

    127.0.0.1 local host

    127.0.0.1 10.101.0.5 # this is the intranet site i need to block.

    But it does not working… ;( Can u give me a solution… plz…..

    Reply
  31. Pingback: Block Specific Websites For Specific PC - Computer Forums

  32. Hey Shijin,

    You can’t do that with the HOSTS file. You’ll need to find some software (or hardware) alternative to content blocking.

    Reply
  33. Pingback: true false maybe » Giving up Reddit for Lent

  34. A large hosts file only “bogs down” your Windows computer while it initially caches or periodically re-caches the records into memory. The last time I used hosts file for domain name blocking was on Windows 2000 and it’s default hosts file re-cache period was every 15 minutes (if I remember right). The machine would be very unresponsive for about 5 – 10 seconds every 15 mins. while it re-cached. I’m using XP Pro now and it crawled for about a minute when I first added your hosts file but has been running normally for at least 30 mins. now so maybe XP has a different hosts re-cache algorithm than 2000.

    I’m going to run this hosts file on my machine for a week and if it doesn’t affect performance then I’m pushing it out to all of my Active Directory workstations.

    Reply
  35. Hi Larry,

    You might need to turn off the DNS Client — like I said above — in order to not deal with the “bog down” from the system. Also, I don’t know where your re-cache data is from, but from my experience, you just need to close your browser windows and re-open them.

    Reply
  36. i blocked a website for a while, using this method… and i would really like to unblock it now…
    if it’s possible can i delete the IP address and the page will be unblocked?
    i’ve tried deleteing and it tells me i don’t have access to do such task.
    help!

    Reply
  37. Pingback: site block - Raymond.CC Forum

  38. Pingback: 12 Geeky Techniques to Stop Yourself Slacking Off

  39. Pingback: How to Eliminate Compulsive Internet Fiddling

  40. i can block the site hi5.com. it only block hi5.com home page but the users can still access their account in hi5.com…when they type it opens…how can block the individual account on hi5.com

    Reply
  41. Hey guys..don’t worry there is way to block internet…i my self tried at 127.0.0.1 and failed….try this method and will work!

    1) Go to LAN connection

    2) click it and go to properties

    3) double click Internet protocols(TCP/IP)

    4) Click “Use the following DNS sever”.Then enter this numbers:

    5) Prefered DNS SERVER: 127.0.0.1
    Alternet DNS server: 126.0.0.1

    Thats all and u will block internet.u want internet connection back just deleted these numbers and click obtain DNS server adress automatically!….have fun…..

    Reply
  42. How can I disable all websites exept for websites that are needed at work? For example, if I need only gmail.com and verizonwireless.com, how can I get these to be the only ones that can be viewed by employees? Thank you. Your help is greatly appreciated.

    Reply
  43. allthingsmarked says “Extra step: Windows XP/2000 only.
    In XP and 2000, the DNS Client (a system service), will make your machine come to a grinding hault if your HOSTS file is too large. This service is unnecessary and can be stopped and disabled. Go to Start > Run > enter “services.msc” then hit [Enter]”

    My question is: Won’t disabling the DNS Client affect P2P apps like uTorrent?

    Reply
  44. Is there a way to use hosts file to block craigslist personals but not the rest of the site?? Just want access to the raunchy personals….

    Reply
  45. hosts can’t block ips. if you put ip into browser, browser won’t even lookup dns, doesn’t check hosts.
    instead, use Proxomitron killfile.
    adblock might also work.

    urls, or pages:
    proxomitron for sure will block pages on a site (eg, cl personals search, but cl urls for actual ads aren’t differentiable, so you need to write content filter. likely a bit of the actual ad will appear (top line only))
    adblocker should be able to block cl search urls, but couldn’t block certain cl ads.

    Reply
  46. iirc, uTorrent uses ips, but that “(show country flag)” option i think must do reverse lookup. don’t know if that uses windows “dns client” service, but you could shutoff utorrent “flag” option. (that may not be the name of the option!)

    Reply
  47. Okay when i 1st added the 2 sites i want to block under the localhost, it worked.

    2 days later i could open the pages without touching anything in the hosts.

    Help?

    Reply
  48. After you edit or modify your HOST File “block website” what you need to do is to clear all cache saved on your web browser then try again… :)

    Reply
  49. Mark says:

    Below is your answer to star a while back…the problem is that I cannot save the notebook edits as a “file.” It will only save them as a “txt.” How can I change that?

    Star, that’s an excellent question worthy of its own post. But before I write a post on it, let me explain. Vista’a UAC blocks your access to the HOSTS file since it’s a system file. To get around it, you can either completely turn off UAC and edit it normally, or… copy the HOSTS file to your desktop and edit the copy normally. Then rename the copied file on your desktop to HOSTS and drag it into the etc folder. It will ask if you want to overwrite the existing hosts file; say yes.

    Reply
  50. Pingback: How to impose restrictions on search in Internet Exp to few websites?How to restrict kids to specific sites? | Websites

  51. You are an !d!ot:
    1. DNS service is Necessary to be on AUTO and activated.
    2. the HOSTS file, once saved, will translate “letter address” to “IP address”, using the DNS service it contacts your ISP (like aol) on port 53, in the background and finds out the real IP.

    this is May 2010, not 1998:
    you should use 0.0.0.0 as the ip not 127.0.0.1, because it conflicts with legitimate connections from Firefox, Chrome, Chromium, Opera and SeaMonkey Browsers, all of those hook up to the 127.0.0.1 for secondary connections and act as servers, to the localhost (whose IP is 127.0.0.1).

    to sum things up:
    use:
    0.0.0.0 ad.website.com
    which gives you immediately page-not-found internal error (GOOD!)
    and never stop the windows-DNS Service.

    ==============================================
    •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
    [3] this step is important to prevent DNS errors, do it every time you’ve modified and saved the HOSTS file:
    on XP right click the Icon of the Network-Card used for the internet, and select REPAIR this will clear old DNS table and reRegister the new ones, including the HOSTS file values.
    ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
    ==============================================

    Reply
  52. tnx for the info..i already make changes in my settings on windows system 32…but….when i tried to type the website “farmville.com” in the URL for instance… it automatically loads up to the site itself..is there another way i can make changes for this please help me..tnx..

    Reply
  53. Hi,

    I’am trying to block http://www.google.com and all other sites of google. But when i change the hosts file to:
    127.0.0.1 google.com

    It is still possible to go to the site maps.google.com and news.google.com.

    Is there a way to block everything before .google.com???
    Thnx

    Reply
  54. Dear Friends,

    if i want to block all the internet execpt one website

    suppose i just use only google home page and i want to block al other websites and internet from my computer what can i do for it ???

    Regards,
    Baiiii

    Reply
  55. Pingback: Block web sites | FinAppx

  56. Pingback: Things admins should do « Data Integrated Entity

  57. Pingback: Restrict access to all sites except three sites

  58. It’s in reality a nice and useful piece of info. I am happy that you simply shared this helpful information with us. Please keep us informed like this. Thank you for sharing.

    Reply
  59. hi i want both batch file which allow all certain websites & block i get the block websites but allow i didnt get is it possible to create batch file which allow also

    Reply
  60. Pingback: Onestepsearch Spyware - Remove Spyware, Malware and Viruses

  61. Pingback: Onestepsearch Virus - Remove Spyware, Malware and Viruses

  62. Pingback: Block Spyware Hosts File - Remove Spyware, Malware and Viruses

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>