Blocking ad servers and malicious websites is a tough task these days. There are so many tools out there to keep ads blocked, remove spyware, and scan for viruses. Most of this unwanted content comes from known ad servers and known malicious websites. You can harness the power of the Windows’ HOSTS file to actually block some of this stuff. I’ve been doing this for years, and I’m still surprised how well it works.
In a nutshell
For your version of Windows, the HOSTS file is located in
Windows XP:
C:\WINDOWS\system32\drivers\etc\
Windows 2000:
C:\WINNT\system32\drivers\etc\
Windows 98/ME:
C:\WINDOWS\
It does not have an extension — it is just called hosts
. The purpose of the HOSTS file is to allow you to manually enter IP addresses associated with websites, so the DNS server can quickly resolve an address. Say you know that google.com
is the IP address 64.233.187.99
— you could enter that into the HOSTS file so when your machine requests google.com, it will immediatly know to go to http://64.233.187.99/
. Instead, we can take known ad servers, and tell them their IP addresses are 127.0.0.1
. For those of you that don’t know, 127.0.0.1 is your local machine, if you were running a server on it. So say, some ad server hosts a banner ad at http://www.adsite.com/ads/23bh3.jpg
. If you redirect this server to your lcoal machine in the HOSTS file, when a website calls that hosted image from the ad server, it will try to load http://127.0.0.1/ads/23bh3.jpg
. Since that folder and that image don’t exist on your computer, the image won’t show, and you’ve blocked the ad from showing on that website.
Putting it together
This first line of the HOSTS file should list the local IP address:
127.0.0.1Â Â Â Â Â Â localhost
That tells the rest of the file, 127.0.0.1
is your local machine, like I explained above. You could also use 0.0.0.0
instead of 127.0.0.1
— either will work, but whatever you use for localhost, use below. After that, enter known ad servers and use your local IP (whichever you chose at the top). You can find maintained HOSTS files online or start to build your own. Here’s a little snippit of what my HOSTS file looks like:
127.0.0.1Â Â Â Â Â Â localhost
127.0.0.1Â Â Â Â Â Â 92.132.206.rev.adknowledge.com
127.0.0.1Â Â Â Â Â Â a-con1.adknowledge.com
127.0.0.1Â Â Â Â Â Â a-lbs.adknowledge.com
127.0.0.1Â Â Â Â Â Â a-pwr.adknowledge.com
127.0.0.1Â Â Â Â Â Â a-sw1.adknowledge.com
127.0.0.1Â Â Â Â Â Â aa1-1.adknowledge.com
127.0.0.1Â Â Â Â Â Â aa1.adknowledge.com
127.0.0.1Â Â Â Â Â Â aa2-1.adknowledge.com
127.0.0.1Â Â Â Â Â Â aa2.adknowledge.com
127.0.0.1Â Â Â Â Â Â aa3-1.adknowledge.com
Extra step: Windows XP/2000 only
In XP and 2000, the DNS Client (a system service), will make your machine come to a grinding hault if your HOSTS file is too large. This service is unnecessary and can be stopped and disabled. Go to Start > Run > enter “services.msc” then hit [Enter]
Navigate to DNS Client, right-click it, select Properties, under Start-up Type, select Manual. Click Apply. Then below that, click the Stop button. You should do this before you save a large list of servers to your HOSTS file.
Disabling/Enabling the HOSTS blocking
If you ever need to disable the blocking, just rename the hosts file to anything. I usually rename it to hosts.disable
. After you do that, you need to restart your browser to see the changes. To enable it again, just rename it back to hosts
.
You could also write a script to do this for you. An example called disable.bat
:
cd C:\WINDOWS\system32\drivers\etc && ren hosts hosts.disable
And another example called enable.bat
:
cd C:\WINDOWS\system32\drivers\etc && ren hosts.disable hosts
More info about HOSTS
To get a HOSTS file already full of servers, you may go to MVPs.org. To learn more about the HOSTS file, check this site out; it’s where I learned about it. Also, I posted this tip a while back, at Of Zen and Computing.
about the web blocking, i tried it, but what if the ip chages? is there any solution to that?
thank you
plz u block web site
I like it! I will try on my ccomputer now!
hi, is it possible to use wildcards, or create on that has anything to do with bingo(trying to block it for a friend)
works great for but fails to block sites accessed through IE, am I missing something.
hands,
Make sure you close all instances of IE and start it again.
hi, ive tried doing it as followed to the instructions that you gave but nothing seems to be working. Im just wanting to block all this social sites like http://www.hi5.com, http://www.wayn.com, http://www.friendster.com, myspace and many more. To basically keep my kids from spending too much time on them and that i dont trust the friends that they are keeping in contact with. Ive done them according to the steps as provided but nothing seems to be working. Even after closing and restarting the IE or firefox again.
ive tried doing and following the steps given above as stated…if there something that im doing wrong?
still not working…ive tried it several times, i guess im not really much of a computer freak. please do guide me through…i have gone into the windows/system32/drivers/etc and into the hosts file to change it
127.0.0.1 localhost
127.0.0.1 http://www.hi5.com
127.0.0.1 http://www.friendster.com
127.0.0.1 http://www.skyblog.com
127.0.0.1 hi5.com
done and followed the whole entire steps of what was being taught if you wanted to add more
Go to Start > Run > enter “services.msc” then hit [Enter]
Navigate to DNS Client, right-click it, select Properties, under Start-up Type, select Manual. Click Apply. Then below that, click the Stop button. You should do this before you save a large list of servers to your HOSTS file. ( did all that as well) but somehow nothing seems to be working even though after i have closed and reopened the window.
Guide me please..
i just realise and forgot to ask, is there a way to enable and disable the way of using it? or do i just save it as it is and run from where i am. Do i have to go back into the dns client and click on start or change under the start-up type to automatic again and than click apply? i think ive basically tried everything i can…
desperately need help..
Thank u and sorry for being such a pain as im still learning…
I have tried with with success for www. based sites, but how do I block a non-www site?
Roger,
Don’t you mean http, not www? Can you give an example?
Roger,
Don’t you mean http, not www? Can you give an example?
ext.name.com/name.com
127.0.0.1 ext.name.com
127.0.0.1 name.com
Instead of blocking certain sites, can a hosts file be configured to allow certain sites only……say I only want my kid to be able to see a handfull of sites and want the rest of the WWW cut off….can I do that?
to tony,
what you’ll need to do is this
127.0.0.1 localhost
127.0.0.2 hi5.com
127.0.0.3 friendster.com
127.0.0.4 skyblog.com
127.0.0.5 enter another site.
this will block entire websites.
Hey there,
I found the hosts file but cannot open it can you please help!
John,
Right-click the hosts file and choose Open. A box should pop up with a list of programs. Scroll down to Notepad or Wordpad and open with one of those.
How can i block other my co-friendster.com
It is not working still, just like terry said, i did everything. But still not blocking the website that i dont want : (
Help!
right click hosts file and open with, select from list and use notepad, noot scroll to 127.0.0.1 localhost, hit enter twice there must be a space between each entry. now to add myspace.
127.0.0.1 l localhost
127.0.0.1 http://www.myspace.com
close web browser, and re-open, myspace is now blocked.
sorry, should have added that to the above comment.
You also have to make sure that you don’t save the hosts file as a .txt file. It can’t have any extension. If you don’t have Windows showing file extensions on your system, you can still change them by right-clicking, choosing Properties, and checking for and removing the extension there.
I found a site that holds your hand through the process. http://www.theparentsedge.com/Block_Myspace.html
it worked for me.
The hosts file is really simple once you get the hang of it. One thing I am noticing is that there does not look like there are any spaces in the ip domain combo. So try this.
A quick way to open it is this.
click Start->Run
in the blank type: notepad C:\WINDOWS\system32\drivers\etc
This will open it in notepad.
copy the following:
127.0.0.5 myspace.com
127.0.0.5 facebook.com
127.0.0.5 anothersite.com
127.0.0.5 hi5.com
keep adding domains as you need. in notepad I use a tab between them not spacebars. Hosts files do not allow wildcard characters. To get into that level of blocking you need to have a router with a custom DNS table.
hmmmmmmm it removed my spaces too… lets try spacebars here instead of tabs…
127.0.0.5 site1.com
127.0.0.5 site2.com
point being….. put more space between the IP and the domain name
Can I block by TLD, for example all .info sites?
Hi Dan,
The HOSTS file doesn’t support wildcards, so the answer is No. It would be nice to block something like *.myspace.com or *.info, etc, but it cannot be done.
Thanks for the advice, Mark. At least now I can stop searching 🙂
i did all the steps needed to block a website but i had a problem in saving it. it says “make sure that the path and file name is correct”
Use the download Hostman from http://www.abelhadigital.com/2007/06/hostsman-3040-released.html
This comes with all the tools that you will need.
I just updated my HOSTS file thanks to http://www.mvps.org. Wow, I sound like a commercial. heh..
Whatever. So anyway, they have a HOST file you may download which has hundreds upon hundreds of hosts to be blocked not only for the purpose of blocking ads, but for security. Visit the following page for the wisdom! http://www.mvps.org/winhelp2002/hosts.htm
Take your time there. There’s good knowledge on this page! It’s well worth the time you decide to spend. Their HOSTS file for download is inside of a ZIP file which has a batch file (.bat for those of you who don’t know yet) that, when opened, will backup and replace your existing HOSTS file for you.
But for those of you who don’t want to lose what you already have in your HOSTS file, then check this out: I Copy/Pasted the content of their HOSTS file anyway because I had stuff in mine that wasn’t in theirs, and thus it would have been lost. And it was really easy. I put the cursor in front of the first entry (literally in front, on it’s far left side) in the really long list, then I pressed Shift+Ctrl+End in order to select everything from that point forward to the end so I could then go ahead and copy it. So then I pressed Ctrl+C to copy (if I pressed Ctrl+X, I would have cut the text, thus made a change, and I would have had to be bothered with the “Would you like the save the changes?” dialog box. No, thanks! heh).
Then I did Alt+F4, pressed Enter for “Ok” to save changes, and I was done. I went back to surfing, and suddenly, I was ad-free. Whatta wonderful thing.
Now to answer Ramjit, it’s simple: If their IP changes, the solution is simple: just add it to your HOSTS file (or replace the one which changed).
Always remember that you’re the one in control. You’re the user. To the computer, you’re God. This perspective should help reduce such questions with obvious answers. 🙂 No offense intended here. I’m doing my personal best to help save you time.
Enjoy your ad-free web-surfing! (although, it won’t be 100% ad-free. Some sites are clever like that).
Hello sir,
I opened host file in the following way in notepad
c:\windows\system32\drivers\etc\host
I entered as
127.0.0.1 local host
127.0.0.1 http://www.yahoomail.com.
127.0.0.1 http://www.orkut.com.
even though is not blocking the entered websites
please help me.
thank you
meher
Meher,
localhost is one word. Also, make sure you don’t have periods at the end of each line. Enter root domains as well as www. sub-domains. For example, 127.0.0.1 yahoomail.com and 127.0.0.1 http://www.yahoomail.com
Don’t put www in front of anything. Just whatever.TLD
Hi,
I was using Vim in WindowsXP to edit the host file. It was screwing up the new line or tab characters. Anyway, after nearly giving up, I tried Notepad and it worked. An example follows
127.0.0.1 orkut.com
127.0.0.1 http://www.orkut.com
There is a tab between the host address and host name. Also, I used two newlines after each address, name pair.
Hope it helps.
Guys, try using 0.0.0.0 instead of 127.0.0.1
For some odd reason, on some computers if you put 127.0.0.1 (local) it somehow resolves the proper i.p and goes out.
If you set the website to 0.0.0.0 there is NO WAY it is going to resolve.
Hiya,when I open the host file it says that its a sample host file???How do I get to an active one??I’ve searched and it comes up with two sample hosts???any help will be greatley appreciated…….
I have Windows XP and Office 2000. There is one website that I can never connect to. Internet Explorer (7), shuts down as soon as I click on the site. I have tried doing this with the pop up blocker off but it makes no difference. I can never access this website. What do you think the reason might be please?
Keeps saying “cannot create…..make sure path & filename is correct” & “not enough memory available to complete this operation. quit one of more applications to increase availabel memory and then try again.”
i even tried the “extra step” for the DNS Client but keeps saying “unable to open DNScache for writing on Local Computer…Error5:Access Denied”
PLEASE HELP!
Just want to say Thanks! I been wanting to do this on my son’s computer for a while. It worked perfect!
Hi,
I’m using vista home premium, i go to system32/drivers/etc and then there is a ImHosts.sam file, a HOSTS file and a HOSTS backup file made by spybot search and destroy.
Anyway my problem is that when i open the HOSTS file in notepad and put in
127.0.0.1 (website)
it wont let me save it..it says cannot create (path file name) make sure path and filename are correct
this is all that is in the HOSTS file at the moment
127.0.0.1 localhost
::1 localhost
so basically it wont let me save the file. It works perfectly on XP when i do this so im really curious as to know why it aint working.
Any of you pro’s know how to fix this?..the same question has been asked twice before but no one seems to have answered it!
Thanks and i hope for a reply!
Star, that’s an excellent question worthy of its own post. But before I write a post on it, let me explain. Vista’a UAC blocks your access to the HOSTS file since it’s a system file. To get around it, you can either completely turn off UAC and edit it normally, or… copy the HOSTS file to your desktop and edit the copy normally. Then rename the copied file on your desktop to HOSTS and drag it into the etc folder. It will ask if you want to overwrite the existing hosts file; say yes.
If you cannot get it to work it is probably because that webpage is cached…
In IE;
Go to “Tools”
“Internet Options”
and remove the temporary files, close/reopen IE…
Make sure you turn off you “DNS Client” in the services…
Hi Mark
I done what you said but drag and dropped it on the desktop..added in a random website and it worked perfectly. Good way of getting around the problem.
How do you turn off the UAC?
and what is the DNS client? not in really technical terms tho!
i’ve seen a few people write about it..what happens when you turn it off or on etc
i only came across this site by accident on google, searching for a way around that hosts problem. It’s great to learn new stuff about computers everyday!
Thanks for your tips
nevermind i know how to turn the UAC on/off now!
I want to give access to only a small hand full of sites and restrict everything else. How do I do that?
Hi Mark !
i need to block an intranet site,that uses IP addr. , no name.
i tried to block the site by editing host file as follows
127.0.0.1 local host
127.0.0.1 10.101.0.5 # this is the intranet site i need to block.
But it does not working… ;( Can u give me a solution… plz…..
Hey ..
i need to block all the sites through Host file except our company site(for e.g: http://www.company.com). If any one could help me please reply for this comment
Hey Shijin,
You can’t do that with the HOSTS file. You’ll need to find some software (or hardware) alternative to content blocking.
Hey Mark,
yes i has implemented an IPCop Firewall in my office. This is perfect in blocking sites, getting logs ….etc.
Anyway thanks for your reply
A large hosts file only “bogs down” your Windows computer while it initially caches or periodically re-caches the records into memory. The last time I used hosts file for domain name blocking was on Windows 2000 and it’s default hosts file re-cache period was every 15 minutes (if I remember right). The machine would be very unresponsive for about 5 – 10 seconds every 15 mins. while it re-cached. I’m using XP Pro now and it crawled for about a minute when I first added your hosts file but has been running normally for at least 30 mins. now so maybe XP has a different hosts re-cache algorithm than 2000.
I’m going to run this hosts file on my machine for a week and if it doesn’t affect performance then I’m pushing it out to all of my Active Directory workstations.
Hi Larry,
You might need to turn off the DNS Client — like I said above — in order to not deal with the “bog down” from the system. Also, I don’t know where your re-cache data is from, but from my experience, you just need to close your browser windows and re-open them.
thx for this now i can get past my schools filter well disable it lol and it works lol my schools so dumb.
Can i enable only some specific website?Please reply its urgent.
i blocked a website for a while, using this method… and i would really like to unblock it now…
if it’s possible can i delete the IP address and the page will be unblocked?
i’ve tried deleteing and it tells me i don’t have access to do such task.
help!
i can block the site hi5.com. it only block hi5.com home page but the users can still access their account in hi5.com…when they type it opens…how can block the individual account on hi5.com
Dear friend,
i am using windows 2000 server (DHCP) and 25 clients
please let me know,
how i can alow few website access only.
(means http://www.gmail.com, http://www.rediffmail.com) only two sites clients can access, rest of all sites need block.
please help me.
regards
mohib
Hey guys..don’t worry there is way to block internet…i my self tried at 127.0.0.1 and failed….try this method and will work!
1) Go to LAN connection
2) click it and go to properties
3) double click Internet protocols(TCP/IP)
4) Click “Use the following DNS sever”.Then enter this numbers:
5) Prefered DNS SERVER: 127.0.0.1
Alternet DNS server: 126.0.0.1
Thats all and u will block internet.u want internet connection back just deleted these numbers and click obtain DNS server adress automatically!….have fun…..
How can I disable all websites exept for websites that are needed at work? For example, if I need only gmail.com and verizonwireless.com, how can I get these to be the only ones that can be viewed by employees? Thank you. Your help is greatly appreciated.
allthingsmarked says “Extra step: Windows XP/2000 only.
In XP and 2000, the DNS Client (a system service), will make your machine come to a grinding hault if your HOSTS file is too large. This service is unnecessary and can be stopped and disabled. Go to Start > Run > enter “services.msc” then hit [Enter]”
My question is: Won’t disabling the DNS Client affect P2P apps like uTorrent?
Is there a way to use hosts file to block craigslist personals but not the rest of the site?? Just want access to the raunchy personals….
hosts can’t block ips. if you put ip into browser, browser won’t even lookup dns, doesn’t check hosts.
instead, use Proxomitron killfile.
adblock might also work.
urls, or pages:
proxomitron for sure will block pages on a site (eg, cl personals search, but cl urls for actual ads aren’t differentiable, so you need to write content filter. likely a bit of the actual ad will appear (top line only))
adblocker should be able to block cl search urls, but couldn’t block certain cl ads.
iirc, uTorrent uses ips, but that “(show country flag)” option i think must do reverse lookup. don’t know if that uses windows “dns client” service, but you could shutoff utorrent “flag” option. (that may not be the name of the option!)
“can I disable all websites exept for websites that are needed at work?”
that’s a “whitelist”.
proxomitron will do that.
appears adblock can. http://en.wikipedia.org/wiki/Adblock#History
Okay when i 1st added the 2 sites i want to block under the localhost, it worked.
2 days later i could open the pages without touching anything in the hosts.
Help?
can someone change my diaper!
The furbie is out of the box!
Crusty the Clown said hi!
Sir! Can you help me? My Hosts file is broken!
loony bill is in the house!
The poop in my pants is wet!
After you edit or modify your HOST File “block website” what you need to do is to clear all cache saved on your web browser then try again… 🙂
can any one help me out, how to block the usb ports.
there are 2 usb ports in my computer, and i want to block 2 outof 3
pl help
sorry, i mean there total no of usb ports are 3, from which i want to block 2 usb ports
pl help
Mark says:
Below is your answer to star a while back…the problem is that I cannot save the notebook edits as a “file.” It will only save them as a “txt.” How can I change that?
Star, that’s an excellent question worthy of its own post. But before I write a post on it, let me explain. Vista’a UAC blocks your access to the HOSTS file since it’s a system file. To get around it, you can either completely turn off UAC and edit it normally, or… copy the HOSTS file to your desktop and edit the copy normally. Then rename the copied file on your desktop to HOSTS and drag it into the etc folder. It will ask if you want to overwrite the existing hosts file; say yes.
Tried savings it choosing the option of “All Files” and it still saved it as a .txt.
Use free Peer Block instead – have many free blocklists.
http://www.peerblock.com
http://iblocklist.com/lists.php
You are an !d!ot:
1. DNS service is Necessary to be on AUTO and activated.
2. the HOSTS file, once saved, will translate “letter address” to “IP address”, using the DNS service it contacts your ISP (like aol) on port 53, in the background and finds out the real IP.
this is May 2010, not 1998:
you should use 0.0.0.0 as the ip not 127.0.0.1, because it conflicts with legitimate connections from Firefox, Chrome, Chromium, Opera and SeaMonkey Browsers, all of those hook up to the 127.0.0.1 for secondary connections and act as servers, to the localhost (whose IP is 127.0.0.1).
to sum things up:
use:
0.0.0.0 ad.website.com
which gives you immediately page-not-found internal error (GOOD!)
and never stop the windows-DNS Service.
==============================================
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
[3] this step is important to prevent DNS errors, do it every time you’ve modified and saved the HOSTS file:
on XP right click the Icon of the Network-Card used for the internet, and select REPAIR this will clear old DNS table and reRegister the new ones, including the HOSTS file values.
••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
==============================================
tnx for the info..i already make changes in my settings on windows system 32…but….when i tried to type the website “farmville.com” in the URL for instance… it automatically loads up to the site itself..is there another way i can make changes for this please help me..tnx..
Hi,
I’am trying to block http://www.google.com and all other sites of google. But when i change the hosts file to:
127.0.0.1 google.com
It is still possible to go to the site maps.google.com and news.google.com.
Is there a way to block everything before .google.com???
Thnx
Dear Friends,
if i want to block all the internet execpt one website
suppose i just use only google home page and i want to block al other websites and internet from my computer what can i do for it ???
Regards,
Baiiii
is it possible to block an IP address using the hosts file?
using AdBlock I discovered some annoying ads that use “http://#.#.#.#/” format… this is the example link:
http://88.208.23.7/html/bottom_spot_0.a1.html?111
I tried using:
127.0.0.1 88.208.23.7
0.0.0.0 88.208.23.7
0 88.208.23.7
but none had succes. Please help me blocking this kind of address
How block ip addresses?
127.0.0.1 XXX.XXX.XXX.XXX
in this format? or …??
Whatever your version of Windows, it is always in %windir%\system32\drivers\etc\
i need block all internet sites
and allow only one site
hi i want both batch file which allow all certain websites & block i get the block websites but allow i didnt get is it possible to create batch file which allow also