Hosts File Enlightenment Needed Please
Links: home · search · speed test · login · more ·
Links: Reply New Topic
Forums » Security » Security » Hosts File Enlightenment Needed Please
CJ @ 5th Nov 12:58PM:
Hosts File Enlightenment Needed Please
Ok. I was reading some threads here about hosts files and decided that I would take a look at mine since it has been a ages.
I know that "127.0.0.1 localhost" is always in the hosts file, but how are bad sites and good sites added?
I have a few entries in the file that I am not sure are supposed to be there as I didn't put them there, but I can't be sure that none of my AV/AM/AS software did it either.
How can you tell between trusted and untrusted sites in the hosts file?
reply
siljaline @ 5th Nov 03:07PM:
Re: Hosts File Enlightenment Needed Please
Assuming: MVPS HOSTS File ? Entries verified as such
If no joy: »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance
reply
redwolfe_98 @ 5th Nov 11:12PM:
Re: Hosts File Enlightenment Needed Please
i would think that you shouldn't see any entries in your HOSTS file other than ones that look like:
127.0.0.1 www.badwebsite.com
if you see something like
"213.111.222.333 www.badwebsite.com", ones that do not begin with a "127.0.0.1", you should remove those, unless you deliberately added them to your HOSTS file, yourself..
working with the HOSTS file is not very complicated..
if you use "hijackthis", it should flag any websites in your HOSTS file that are unusual, and you probably could use "hijackthis" to remove them..
you also could use the "hostsxpert" program to remove entries from your HOSTS file, or to restore the "default" HOSTS file.. here is a link to the "hostsxpert" program:
»www.funkytoad.com/index.php?opti···b1b42f70
if you want more information about using a HOSTS file, you can find some at these websites:
»www.mvps.org/winhelp2002/hosts.htm
»hosts-file.net/
reply
CJ @ 6th Nov 06:21AM:
Re: Hosts File Enlightenment Needed Please
Thanks redwolfe_98
I did have entries in there that started with an external IP and I removed them. I think they were left over from the AV2009 infection I had a while back. I had cleaned my PC but evidently the AV/AM/AS software I used to clean it does not scan the hosts file.
One of the entries was like "111.111.111.111 www.antivirus2009.com"
What is the downside to that being in the hosts file? I mean, will it make my PC go there automatically or anything else?
Thanks for your help.
reply
norwegian @ 6th Nov 08:14AM:
Re: Hosts File Enlightenment Needed Please
Try reading these links CJ
»Security »How do I recover from Hosts file hijacking?
»www.anti-phishing.info/what-is-h···ile.html
reply
CJ @ 6th Nov 09:07AM:
Re: Hosts File Enlightenment Needed Please
Thanks. The first one answered all of the questions I had and I learned something today, so today is a good day.
Thanks again all.
reply
siljaline @ 6th Nov 01:35PM:
Re: Hosts File Enlightenment Needed Please
Any day is a good day when you get the information that you need that benefits your security concerns CJ :)
reply
altermatt @ 6th Nov 01:56PM:
Re: Hosts File Enlightenment Needed Please
said by siljaline :
Any day is a good day when you get the information that you need that benefits your security concerns CJ :)
Heck, any day I wake up is by definition a good day ;). CJ, don't forget to set your hosts file to "read only" (easy to do with HostsXpert and other such programs, and undo when you want to edit them) so that they can't be changed by a nasty (yes, if they set a site to go to an external IP that isn't really the site, your computer will go to the faker instead). And periodically update your hosts file (using, say, the MVPS host file or others recommended here) since new "bad sites" pop up all the time.
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick
reply
Thank you for using lo-fi dslreports.com - report bugs
© 99-2009 silver matrix LLC