Hosts-file hosts check

Discussion in 'Spyware' started by Giel, Nov 26, 2003.

  1. Giel

    Giel Guest

    Hello, im updating my hosts file for some time now (oa thanks to hpguru and
    http://accs-net.com/hostess/).
    It really grows out of proportion and i've noticed some hosts don't exists
    anymore.
    So some cleaning would be nice.
    But im too lazy to manually check every host.
    So before i start making weird macro's;
    Does anyone know of such a program or script that connects every host in the
    file to see if it's there?

    friendly greetings from giel
    __________________________________________________

    Try my ADBlocker at http://nina.xs4all.nl/pac/
     
    Giel, Nov 26, 2003
    #1
    1. Advertisements

  2. Giel

    Russbucket Guest

    I have been using AM Deadlink (Free) available at
    http://www.aignes.com/products.htm It seems to work OK.

    Hope this helps, I'm lazy too!
     
    Russbucket, Nov 26, 2003
    #2
    1. Advertisements

  3. Giel

    Giel Guest

    nope, its a nifty program, but it will not open my (hosts)txt-file and i
    don't think it can handle the syntax, but i'll keep trying though....
     
    Giel, Nov 26, 2003
    #3
  4. Giel

    data64 Guest

    That script is quite nifty, thanks. I have one question though.
    The script seems to assume that each address in the hosts file is tied
    to a webserver. I thought that hosts file might also have entries for
    servers which maybe spyware call-home sites which could be listening on a
    different port than 80 used by http. In fact they could be using UDP
    instead of http or tcp. The script would assume that such entries are not
    valid and remove them.

    Am I making sense here or did I completely miss something as usual.

    thanks,
    data64
     
    data64, Nov 27, 2003
    #4
  5. Giel

    YoKenny Guest

    The use of PING to test if a site is available is good for that instant but
    as the Internet is dynamic it is not a reliable test.

    Also, the spammer, scammer and p0rn sites have learned to hide themselves
    from PING probes.
    This invalidates this test and only an application that attempts to retrieve
    active information from the site can be trusted.

    eg: wxw.the-huns-yellow-pages.com substitute www for wxw
    A browser hijacker site.
    === partial===================
    11/26/03 23:53:40 Browsing http://wxw.the-huns-yellow-pages.com/
    Fetching http://wxw.the-huns-yellow-pages.com/ ...
    GET / HTTP/1.1
    Host: wxw.the-huns-yellow-pages.com
    Connection: close
    User-Agent: Sam Spade 1.14
    HTTP/1.1 200 OK
    Server: Microsoft-IIS/5.0
    Date: Thu, 27 Nov 2003 04:54:30 GMT
    P3P:CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
    X-Powered-By: ASP.NET
    Connection: close
    X-AspNet-Version: 1.1.4322
    Set-Cookie: mh=MSFT; domain=.msn.com; expires=Wed, 27-Nov-2013 04:54:30 GMT;
    path=/
    Set-Cookie: MSNADS=UM=; domain=.the-huns-yellow-pages.com; expires=Tue,
    26-Apr-2022 19:00:00 GMT; path=/
    Cache-Control: no-cache
    Pragma: no-cache
    Expires: -1
    Content-Type: text/html; charse
    ==========
     
    YoKenny, Nov 27, 2003
    #5
  6. Giel

    Jim Byrd Guest

    Hi Data - I can't provide any more information than is given in the script
    itself. It will have to speak for itself - it does what it does, and you'll
    just have to experiment and see if that's useful to your needs.

    --
    Please respond in the same thread.
    Regards, Jim Byrd, MS-MVP



    In
     
    Jim Byrd, Nov 27, 2003
    #6
  7. Giel

    Jim Byrd Guest

    Hi YoKenny - You're correct about that; however, I suspect from my
    experience that there aren't that many "hidders" by comparison with the rest
    of most block lists. As I posted to Data, the script speaks for itself,
    does what it does, and it's utility lies in whether what that is is useful
    to you as an individual. It's not my script; it dates from 2002; it's not
    maintained; YMMV. I merely provided it in an effort to be (at least
    partially) helpful with a particular problem that no one else appeared to be
    able to address.

    --
    Please respond in the same thread.
    Regards, Jim Byrd, MS-MVP



    In
     
    Jim Byrd, Nov 27, 2003
    #7
  8. Giel

    YoKenny Guest

    Jim, I do not want to belittle your advice but nowadays with the Internet
    being what it is we must be careful what we use.

    I just wanted to make people aware of what the spammers, scammers and p0rn
    artists are doing now. I think that the sites that are the worst know that
    something is up(1) and the more they can hide the longer they can do their
    dirty stuff.

    Identifying invalid sites in a HOSTS file is a very time consuming process.
    I have not found an easy way to do this and I am sure that the maintainers
    of their HOSTS files have not either.

    It has become a constant battle of them trying to get in without permission
    and us trying to keep them from corrupting our systems.

    (1) Ad-aware, SpyBot S&D, CWShredder and the like.
     
    YoKenny, Nov 27, 2003
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.