If you like the idea of
- Saving bandwidth
- Removing annoying adds while browsing the web
- Minimising the likelihood of having your privacy compromised, by way of spy-ware, unwanted analytics, Cross-Site Scripting (XSS), and others
- Gaining control over who can download what
- Monitoring what exactly is being downloaded or even attempted
Keep reading, if you’d like to know the process I took to acquire the above.
Most/all Operating Systems have a hosts file.
You can add all the dodgy domains you want blocked, to your hosts file and direct them to localhost.
Providing your hosts file is kept up to date.
This is one alternative to blocking these domains.
Example host files
On some systems if you add the dodgy sites to your hosts file, you may experience the “waiting for the ad server” problem.
As far as your browser is concerned, these URL’s don’t exist (because it’s looking at localhost).
Your browser may wait for a timeout for the blocked server.
In this case you could use eDexter to serve up a local image instead of waiting for a server timeout.
At this time, only OS X and Windows versions are available.
There is an alternative.
JavaDog will apparently run on all platforms that have the Java VM.
This doesn’t appear to be in the Debian repositories. At least not the ones I’m using.
I read here “As for Edexter, Firefox in Linux doesn’t seem to have the “waiting for the ad server” problem Mozilla in windows had.”
From my experience it does.
I had a quick look at JavaDog for Linux.
Found this site
It can be an administrative pain to keep the hosts file up to date with the additions and removals of domains.
Although Linux users could use the script here to do the updating.
This could be added to a Cron job in Linux.
If your on a windows box you may run into another type of slow down every 25 minutes for 5 minutes with apparently 100% CPU usage resulting in the described DNS cache timeout error.
There is a workaround, but I wouldn’t be very happy with it. Disabling the DNS client service.
If you rely on Network Discovery (enables you to see other computers on your network and for them to see you), this is not going to be a solution.
As stated here
A better Win7/Vista workaround would be to add two Registry entries to control the amount of time the DNS cache is saved.
- Flush the existing DNS cache (see above)
- Start > Run (type) regedit
- Navigate to the following location:
- Click Edit > New > DWORD Value (type) MaxCacheTtl
- Click Edit > New > DWORD Value (type) MaxNegativeCacheTtl
- Next right-click on the MaxCacheTtl entry (right pane) and select: Modify and change the value to 1
- The MaxNegativeCacheTtl entry should already have a value of 0 (leave it that way – see screenshot)
- Close Regedit and reboot …
- As usual you should always backup your Registry before editing … see Regedit Help under “Exporting Registry files”
If you decide to give the hosts file a go
On Linux it’s found in /etc
On Windows it’s location is defined by the following registry key
Windows 7/Vista/XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Make sure you backup the hosts file in case anything goes wrong.
Make sure you don’t remove what’s already in your default hosts file. especially the first line that has the loop back address
127.0.0.1 localhost 127.0.1.1 [MyComputerName].local [MyComputerName]
Just add the new entries at the bottom of the hosts file.
Remove any duplicate entries.
You will then have to flush your DNS cache if you have one.
If your on windows
Clear your browsers cache.
Close all browsers.
From a cmd prompt run the following
or reboot the machine.
If your on Linux (Debian)
Clear your browsers cache.
That may be all you need to do.
At the command prompt (as root) try
or for other Linux distros
“killall -hup inetd” (without the quotes) which will restart the inetd process and should not require a reboot.
I found that just updating the file was enough to see the changes,
as my default Debian Lenny install doesn’t have a DNS cache.
I decided to just give the Firefox add-on Adblock Plus a try
as I thought it would be allot easier and less (zero) administrative overhead.
Just make sure you’ve got a good filter subscription selected. I used EasyList (English).
As I was on Lenny. Adblock Plus wasn’t available for Iceweasel (firefox on debian) 3.0.6 unless I installed the later version of Iceweasel from the backports.debian.org repository.
I looked in the Tools->Add-ons->Get Add-ons and searched for Adblock Plus.
I was planning on performing a re-install of Debian testing soon anyway, but was keen on giving Adblock Plus a try now.
Installing Iceweasel (firefox) from backports
Most won’t have to do this, but I’m still on old stable.
This site is quite helpful
For most people they will just have to make a change to their /etc/apt/sources.list
If you are running Debian Lenny you would have to add the following line:
deb http://backports.debian.org/debian-backports lenny-backports main contrib non-free
For later versions of Debian substitute the version specific part with your versions code name.
As I’m using apt-proxy to cache my packages network wide, I had to make sure I had the following section in the /etc/apt-proxy/apt-proxy-v2.conf file
[backports] ;; backports backends = http://backports.debian.org/debian-backports min_refresh_delay = 1d
and the following in the client pc’s /etc/apt/sources.list
deb http://[MyAptProxyServer]:[MyAptProxyServersListeningPort]/backports lenny-backports main contrib non-free
You can see how the directory structure works for the repositories.
In this case have a look at http://backports.debian.org/debian-backports/
in dists you will see lenny-backports as a subdirectory.
Within lenny-backports you’ll see main, contrib and non-free
Now just add the below section to the client pc’s /etc/apt/preferences file
In my case I didn’t have this file, so created it.
What’s this for?
If a package was installed from Backports and there is a newer version there,
it will be upgraded from there.
Other packages that are also available from Backports will not be upgraded to the Backports version unless explicitly stated with
Check the apt_preferences man page as usual for in depth details.
# APT PINNING PREFERENCES Package: * Pin: release a=lenny-backports Pin-Priority: 200
Now as root
apt-get update apt-get -t lenny-backports install iceweasel
Now because we’ve added the /etc/apt/preferences file,
when ever there are updates to the backported version of iceweasel,
we’ll get them for Iceweasel when we do a
Now through iceweasel’s Tools->Add-ons->Get Add-ons
and a search for Adblock Plus now revealed the plugin.
Installed it and selected the EasyList (English) filter subscription.
Browsed some sites I knew there were popups and ads I didn’t want and it worked great!
Adblock Plus gives good visibility for each request made,
as to what it’s blocking, could possibly block etc, through it’s Close blockable items menu Ctrl+Shift+V
So personally I think I’d stick with the add-on (for firefox users that is) going forward, as it seemed like it just worked.
Not sure about other browser platforms.
Now I use this with the NoScript pluggin also,
I’m also using OpenDNS as name servers.
They provide allot of control over what can be accessed by way of domain.
You can also provide custom images and messages to be displayed for requested sites that you don’t want to allow.
Statistics of who on your network is accessing which sites and which sites they are attempting to access.
Plus allot more.
There is also a good pod-cast on the hosts file by Xoke here.