APK HOSTS FILE UPDATE (2/1/2009 - 644,842++ entries (5,524 new entries added))

UnaSalusVictus

  • Bibliophile, Autodidact
  • Administrator
  • Posts: 4,646
but apk your missing our point, one of your sorce(the one u mentioned) dosnt just block the offending url, but every url in the same domain, so say www.fish.techfiles.com is bad it will also block anything else in the .techfiles.com list including any usefull/safe sites.

and out of those 5500 you have added howmany are legit sites that have zero malware/adds on them? 
"It's funny that Christians want people to believe Muslims are evil due to what's in their holy book, their history, and the actions of their extremists, while telling people to ignore what's in their own holy book, their history, and the actions of their extremists."
http://www.pirate-party.us
“Fear is the path to the dark side. Fear leads to anger. Anger leads to hate. Hate leads to suffering.”

APK

  • 43yo who acts like a 3yo
  • Child
  • APK
  • Posts: 333
Re: APK HOSTS FILE UPDATE (1/31/2009 - 644,839++ entries (5,520 new entries added))
« Reply #61, on February 1st, 2009, 06:19 AM »Last edited on February 1st, 2009, 08:02 PM by APK
Quote from Ashen on February 1st, 2009, 05:51 AM
but apk your missing our point, one of your sorce(the one u mentioned) dosnt just block the offending url, but every url in the same domain, so say www.fish.techfiles.com is bad it will also block anything else in the .techfiles.com list including any usefull/safe sites.
That's not true.

Blocking www.fish.techfiles.com will NOT block out the entire domain of

techfiles.com...

(Ash, the DOMAIN-to-SUBDOMAIN networking HOSTS name model works in REVERSE of that!)

:(

www.fish.techfiles.com is a SUBDOMAIN of techfiles.com ...

Thus, I.E. -> www.fish.techfiles.com can't block-out ALL of techfiles.com & its OTHER Sub-DOMAINS, afaik, via an entry like:

0 www.techfiles.com

OR

0.0.0.0 www.techfiles.com

OR

127.0.0.1 www.techfiles.com

----
Quote from Ashen on February 1st, 2009, 05:51 AM
and out of those 5500 you have added howmany are legit sites that have zero malware/adds on them?
These are my sources for my daily security updates, they do the research:

    Stopbadware.org (GOOGLE affiliate/partner in this)
    SECURITY FOCUS (Symantec affiliate/partner/subdivision)
    SpyBot "Search & Destroy" (Respected AntiSpyware program)
    ZDNet Dancho Danchev (Security Researcher + Professional Consultant)

... I merely add it to my custom HOSTS file here for better security & absolutely up-to-date as possible security (because if you can't go into the kitchen, you can't get burned)

APK

P.S.=> You guys are missing the point here, from MY end, in regards to this HOSTS' file's current content:

... & that is that I "clean up" this file's interior vs. the AIRELLE "nanny approach" as you called it, & so far? It's working... I can't help if 2 guys don't use it here anymore is all. I know of 2 more here that do, NOT including myself.

E.G.-> You guys here found, what?? 62 domains thusfar to unblock, & my other folks helping me trim this in summation from 2 other places have found roughly 1,000 in combination with myself helping to do this as well... &, in that same timeframe, I've added ALMOST 5,500 KNOWN BAD SITES (vs. the ones found to be unblocked)

That's roughly a 5:1 ratio (of adding KNOWN BAD SITES vs. removing LEGIT GOOD SITES)... &, nearly 100:1 ratio, vs. what was found here on this site alone.

See, & I have stated this here before:

For a little while, it's going to be a "work-in-process", making the data solid (i.e.-> The HOSTS file content)...

Nothing I can do about that, but "grind it out" & be patient... & then, lastly, I will finish the FTP download portion of the app & distribute it! apk
"There must be security for all, or no one is secure. NOW - This does not mean giving up any freedom, except the freedom to act irresponsibly. We do not pretend to have achieved perfection, but we do have a system - and it works. Your choice is simple:  Join us, & live in peace... or pursue your present course, & face obliteration. We shall be waiting for your answer (The decision rests with you)..." - Klaatu, "The Day the Earth Stood Still"

UnaSalusVictus

  • Bibliophile, Autodidact
  • Administrator
  • Posts: 4,646
no u dont understand what i was saying apk, your sorce takes the "block them all" approch so they would block every url that was related to techfiles, like they had every sorce they could blocked from wordpress, many that where in no way harmfull/dangrous.

example (making up names)

fishman.wordpress.com has a gif thats detected as malware(positive or false positive) it gets blocked so their system is to block all *.wordpress.com entrys they can find so ashen.wordpress.com and wilee.wordpress.com and darknova.wordpress.com would all be added to the list dispite none of them having any malware or adds on them.

so your the one with things reverced, i know exectly how the hosts file works, you just dont understand/dont want to understand what im saying.

the fact that one of your sorces takes the scatter shot approch is why i get annoyed, they dont just block stuff thats malitious, they block everthing in the same domain range.

wordpress is a great example, i checked a bunch of the entrys that where blocked NONE WHERE BAD they where ALL SAFE yet the file had a stack of them in it........

need an app to let me put in wildcards like *.wordpress.com and have all those entrys removed at once and saved to a log, would speed things up drastickly since i could happly deal with a few adds if it ment i didnt have to edit the damn hosts file 20times a day to remove blocks so i can download software/drivers without spending alot of time looking for alt downloads.

Im not saying remove known bad url's but the best example is the ATI/AMD driver downloads that are blocked by this hosts file currently, that server may have hosted adds, of could even host them now, but unless they are malitous in some way, removing htem has no real down side as it allows people to download their drivers without spending alot of time editing a hosts file.

blah, im gonna watch a movie or something....
"It's funny that Christians want people to believe Muslims are evil due to what's in their holy book, their history, and the actions of their extremists, while telling people to ignore what's in their own holy book, their history, and the actions of their extremists."
http://www.pirate-party.us
“Fear is the path to the dark side. Fear leads to anger. Anger leads to hate. Hate leads to suffering.”

Wile E

  • #1 Hardware Killa!
  • Administrator
  • I like boobs!
  • Posts: 2,214
Quote from APK on January 31st, 2009, 03:44 PM
Thanks!

----

If opening up notepad.exe to remove sites being blocked in a HOSTS file (1 line @ a time) is "too much" for anyone? Then, perhaps not using HOSTS files is the way to go for anyone of that nature really... just like I said to Ashen up above, as did JDW pretty much as well.

----

Suit yourself - I realized 1 thing in this art & science, long ago (in the mid 1990's-2002 or so, during my shareware-freeware development highpoint really): That is that you CANNOT please everyone...

Like I said above in this & other threads earlier:  I can lead a horse to water - but, I cannot MAKE him drink it...

APK

P.S.=> You guys are missing the point here, from MY end, in regards to this HOSTS' file's current content:

... & that is that I "clean up" this file's interior vs. the AIRELLE "nanny approach" as you called it, & so far? It's working... I can't help if 2 guys don't use it here anymore is all. I know of 2 more here that do, NOT including myself.

E.G.-> You guys here found, what?? 62 domains thusfar to unblock, & my other folks helping me trim this in summation from 2 other places have found roughly 1,000 in combination with myself helping to do this as well... &, in that same timeframe, I've added ALMOST 5,500 KNOWN BAD SITES (vs. the ones found to be unblocked)

That's roughly a 5:1 ratio (of adding KNOWN BAD SITES vs. removing LEGIT GOOD SITES)... &, nearly 100:1 ratio, vs. what was found here on this site alone.

See, & I have stated this here before:

For a little while, it's going to be a "work-in-process", making the data solid (i.e.-> The HOSTS file content)...

Nothing I can do about that, but "grind it out" & be patient... & then, lastly, I will finish the FTP download portion of the app & distribute it! apk
It wasn't the need to open notepad, it was the need to hunt down the urls (in the cases of embedded content) to remove from the hosts file.

But seriously, I didn't mean offense by my comments. My statements were purely to give insight as to why someone may choose not to use your file.

I love the idea of hosts based blocking. But to be more useful to my needs, how could I build this list without the airelle source? It would be about perfect for me then.

UnaSalusVictus

  • Bibliophile, Autodidact
  • Administrator
  • Posts: 4,646
"It's funny that Christians want people to believe Muslims are evil due to what's in their holy book, their history, and the actions of their extremists, while telling people to ignore what's in their own holy book, their history, and the actions of their extremists."
http://www.pirate-party.us
“Fear is the path to the dark side. Fear leads to anger. Anger leads to hate. Hate leads to suffering.”

APK

  • 43yo who acts like a 3yo
  • Child
  • APK
  • Posts: 333
Re: APK HOSTS FILE UPDATE (1/31/2009 - 644,839++ entries (5,520 new entries added))
« Reply #65, on February 1st, 2009, 04:52 PM »Last edited on February 1st, 2009, 11:19 PM by APK
Quote from Ashen on February 1st, 2009, 06:35 AM
Im not saying remove known bad url's but the best example is the ATI/AMD driver downloads that are blocked by this hosts file currently, that server may have hosted adds, of could even host them now, but unless they are malitous in some way, removing htem has no real down side as it allows people to download their drivers without spending alot of time editing a hosts file.
Tell you what:

I can remove -> a248.e.akamai.net

BUT, not ALL of the rest of the akamai.net servers, such as via an entry like:

0 akamai.net

... &, for the the EXACT + INSIGHTFUL reasons (good ones) that mckenak stated... he did make an EXCELLENT point.

(That's ALL I ever stated, because mckenak was correct, that most akamai.net entries ARE adbanner servers).

----
Quote from Ashen on February 1st, 2009, 06:35 AM
wordpress is a great example
First off:

I don't BLOCKOUT all of wordpress, via the root domain name, via an entry like this:

0 wordpress.com

That'd be the ONLY way to do a blocking of its other "sub-domains" or parts of them, like www.wordpress.com OR ashen.wordpress.com... via a HOSTS file.

----
Quote from Ashen on February 1st, 2009, 06:35 AM
i checked a bunch of the entrys that where blocked NONE WHERE BAD they where ALL SAFE yet the file had a stack of them in it........
Secondly:

What made you think they are safe, ASH? Did you check the script tags yourself??

If you're relyng on AntiVirus &/or AntiSpyware ALONE, to do THAT, for YOU???

----

Top security suites fail exploit tests

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117042&intsrc=news_ts_head

PERTINENT EXCERPT:

"They don't focus on detecting vulnerabilities, they focus on detecting the payload," Kristensen said. "But the problem with detecting the payload is that you're always behind [the hackers]. It's easy for the bad guys to create a new payload that's not detected by the scanning mechanisms and current signatures."

----

Why popular antivirus apps 'do not work':

http://www.zdnet.com.au/blogs/securifythis/soa/Why-popular-antivirus-apps-do-not-work-/0,139033343,139264249,00.htm

PERTINENT EXCERPT:

"AV companies continue to refine their products and most will tell you they stopped relying on purely signature-based systems many years ago. These days they use all sorts of clever methods to try and detect suspicious behaviour but the problem is that malware authors are also very clever. Very, very clever."

----

Take a GOOD read from the URL(s) above (& it's part of the WHY of why being "script kiddie tool reliant" solely, can be a downfall & sense of false security - also, additionally help prove that "layered security" is the way, & not only for 'trendy/fad' reasons either)...

----
Quote from Ashen on February 1st, 2009, 06:35 AM
fishman.wordpress.com has a gif thats detected as malware(positive or false
positive) it gets blocked so their system is to block all *.wordpress.com entrys they can find so ashen.wordpress.com and wilee.wordpress.com and darknova.wordpress.com would all be added to the list dispite none of them having any malware or adds on them.
How does or would an entry like:

fishman.wordpress.com

Do a blockout of:

ashen.wordpress.com

(From a HOSTS file entry)

?

----
Quote from Ashen on February 1st, 2009, 06:35 AM
fso your the one with things reverced
Answer the question above... & tell me that, vs. your example NOW, and your last one from techfiles.com above also...

----
Quote from Ashen on February 1st, 2009, 06:35 AM
, you just dont understand/dont want to understand what im saying.
Your examples are what I am operating on...

I.E.-> You said "I meant" but, Do you KNOW what you're trying to say/are you expressing yourself well in this exchange on this note, today?

See - @ times, I know you don't spell well, so giving you the benefit of the doubt here on this one as well (albeit, this is a case of DICTION & PROSE, not spellng, this time from you, possibly)...

----
Quote from Ashen on February 1st, 2009, 06:35 AM
the fact that one of your sorces takes the scatter shot approch is why i get annoyed, they dont just block stuff thats malitious, they block everthing in the same domain range.
Again: HOW SO?

E.G.-> Blocking www.techfiles.com DOES NOT BLOCK OUT EVERYTHING FROM THE PARENT ROOT DOMAIN OF techfiles.com... period!

----
Quote from Ashen on February 1st, 2009, 08:55 AM
is airelle the one blocking ati driver downloads?
NOT sure in THIS case, but most of the time? It's been a REAL "problem child"...

----
Quote from Ashen on February 1st, 2009, 06:35 AM
i know exectly how the hosts file works
You do?

Is that WHY I had to tell you how to structure/restructure the 1st HOSTS file of yours that you posted here, & sent me also as an attachment, & I had to then tell you to remove the leading # symbols you had in yours that invalidated ALL of its internal entries??

See below in my P.S. too... you're making ANOTHER mistake in regards to how HOSTS files work there below, also...

APK

P.S.=> Ash - per the above? You DON'T understand how HOSTS files work, @ least, in part it seems... because, this next statement of YOURS, evidences my statement for me, just based on what you said:
Quote from Ashen on February 1st, 2009, 06:35 AM
need an app to let me put in wildcards like *.wordpress.com
HOSTS files don't use WILDCARDS... IE restricted zones, Opera FILTER.INI, & IP Security Policies can though... apk
Re: APK HOSTS FILE UPDATE (1/31/2009 - 644,839++ entries (5,520 new entries added))
« Reply #66, on February 1st, 2009, 08:07 PM »Last edited on February 1st, 2009, 08:22 PM by APK
Quote from Wile E on February 1st, 2009, 08:47 AM
It wasn't the need to open notepad, it was the need to hunt down the urls (in the cases of embedded content) to remove from the hosts file.
EDIT menu, FIND submenu... only takes 1 second or so, tops!

:)

(Especially on a Quad Core 9650 Intel Extreme Edition CPU like YOU have man... very, Very, VERY fast!)

----
Quote from Wile E on February 1st, 2009, 08:47 AM
But seriously, I didn't mean offense by my comments.
Oh, hey: Trust me - NO OFFENSE was taken here, whatsoever... it's JUST computers &, nerdy debate around them (always happens, as there are always outliers &/or exceptions to most every rule, even situationally etc.)

----
Quote from Wile E on February 1st, 2009, 08:47 AM
My statements were purely to give insight as to why someone may choose not to use your file.
Sure, it's a possible... I can concede it: To folks who don't, no biggie, that's all - as again, I can lead a horse to water (that gives him absolutely current security AND more speed via adbanner blocks + adding your fav. sites hardcoded into it), but, I cannot make them drink it.

:)

* Again - I realized LONG ago in this field, that you CANNOT please everyone...
Quote from Wile E on February 1st, 2009, 08:47 AM
I love the idea of hosts based blocking. But to be more useful to my needs, how could I build this list without the airelle source? It would be about perfect for me then.
There is still going to be SOME entries, that SOME folks will edit out (of THEIR personal copy of a HOSTS file, nothing wrong w/ this, by ANY means either)...

E.G. -> I have pals that "trim out" a LOT of Pr0n sites from MINE for instance (around a dozen++ entries, in fact)...

Some folks even want Pr0n sites taken out of the publicly distributed HOSTS files out there period (even though they are a KNOWN major source of infestation & malware no less in bad scripts and bad downloads in .exe's mainly on the latter), of most anykind from any source for them...

(Especially IF the maintainers of them may not... this is a fact of life w/ HOSTS files, on occasion!)

Updates AND Edits, as regards HOSTS files? They happen...

I.E.-> Same reason AntiVirus signatures databases not only have things ADDED to them (but, ALSO REMOVED from them too - "false positives" DO indeed, happen on them, also!)

APK
2/1/2009 - UPDATED!

APK HOSTS FILE 4 Windows 2000/XP/Server 2003 (Updated 2/1/2009 - 644,842++ entries (5,524 new entries) + uses 0 as blocking IP address (most efficient type))

----

http://ashentech.com/index.php?action=downloads;sa=view;down=2

----

OR

APK HOSTS FILE 4 VISTA/Server 2008 (Updated 2/1/2009 - 644,842++ entries (5,524 new entries) + uses 0.0.0.0 as blocking IP address (2nd most efficient type)):

----

http://ashentech.com/index.php?action=downloads;sa=view;down=1

----

:)

* 644,842++ total entries of KNOWN bad servers &/or sites, + 5,524 new bad server/site entries

(Added on 02/01/2009 - From reputable & reliable security information sources like StopBadWare.org & Dancho Danchev's blogspot (ZDNet security research analyst) + Spybot "Search and Destroy's" IMMUNIZE feature, + SECURITY FOCUS own lists of bad sites/servers, updating)



... The attached HOSTS files (& the ones in the download url's above) are FULLY "normalized" (repeat entries removed) & internally alphabetized (for easier manual mgt. via a text editor, like notepad.exe) as well as put into the MOST efficient possible blocking IP addresses possible (either 0, or 0.0.0.0, vs. 127.0.0.1) for modern Windows NT-based OS, via the program pictured above...

APK

P.S.=> ALSO IMPORTANT: If you folks run into ANY legitimate sites which are blocked by this HOSTS file, let us know here in this thread -> http://ashentech.com/index.php?topic=1456.0 (this very thread, in fact)...

... &, above all else? Hey -Thanks for that kind of feedback/pushback, by-the-by:

I.E.-> As it's truly a case of "1 oz. of criticism > = 1,000 lbs. of praise"


... & keeps helping to make this file better & better...

E.G.-> I, & others here who have contributed (such as Ash, DarkNova, Wile E, RITL337, & others here + elsewhere from diff. forums online), have run into 63 domains to remove, of 644,842++ bad servers blocked, on 2/1/2009 thusfar (a mere .006% of total ONLY in fact), in:

    tvsquad.com
    keznews.com
    myspace.com
    imdb.com
    google.co.uk
    latimes.com
    nytimes.com
    pcworld.com
    experts-exchange.com
    bbc.com
    wired.com
    simplemachines.org
    g.live.com
    usps.com
    comodo.com
    cubs.com
    wwe.com
    espn.com
    sandboxie.com
    comcast.net
    tech-recipes.com
    wordpress.com
    dealtime.com
    vso-software.fr
    joost.com
    brothersoft.com
    msgplus.net
    xroxy.info
    xroxy.com
    images.anandtech.com
    slysoft.com
    gamesites200.com
    a248.e.akamai.net
    thedailyshow.com

FILE-SHARING ORIENTED LIST BELOW:

    dailymotion.com
    metacafe.com
    ign.com
    freedownloadmanager.org
    distrowatch.com
    mydigitallife.info
    free-codecs.com
    generationmp3.com
    twitchfilm.net
    ghacks.net
    garagegames.com
    gamecopyworld.com
    mediafire.com
    piratebay.com
    demonoid.com
    btjunkie.org
    isohunt.com
    files.filefront.com
    filekicker.com
    filefront.com
    speakeasy.net
    lifehacker.com
    mininova.org
    torrentfreak.com
    thepiratebay.org
    easy-share.com
    boingboing.net
    ngohq.com
    torrentbox
    torrentbytes

... they are removed as of 12/14/2008 - 1/31/2009 updates...

(This happens because I used others' sources, in HOSTS files, & people make mistakes!)

* Now - When I get that information from you, in regards to VALID & LEGITIMATE websites being blocked accidentally in this HOSTS file, then, I can edit the sites you note out, & re-upload the file afterwards quickly enough...

(Thus - we ALL can gain by this being done here to/for this file!)... apk
"There must be security for all, or no one is secure. NOW - This does not mean giving up any freedom, except the freedom to act irresponsibly. We do not pretend to have achieved perfection, but we do have a system - and it works. Your choice is simple:  Join us, & live in peace... or pursue your present course, & face obliteration. We shall be waiting for your answer (The decision rests with you)..." - Klaatu, "The Day the Earth Stood Still"

UnaSalusVictus

  • Bibliophile, Autodidact
  • Administrator
  • Posts: 4,646
apk, your still failing to understand what im saying.

Ok let me try this again.

one of your sorces dosnt just block offending URL's if fishman.wordpress.com has a bad addbanner or something on it they take it to the extream and add every wordpress.com url they can find to the list as well, so innocent sites like ashen.wordpress.com would be added on top of fishman.wordpress.com.

they take the scatter shot approch to blocking.

say fishman.wordpress.com has a java based exploit so blocking it is a good idea, your lists takes any and all wordpress.com url's they can find are also blocked
so bad site fishman.wordpress.com gets
0 fishman.wordpress.com
but they dont leave it at that they also add
0 wordpress.com
and
0 ashen.wordpress.com
and
darknova.wordpress.com
and
0 wilee.wordpress.com

even if fishman.wordpress.com is the only offending page.

I do fully understand how the hosts file works and that each uniq url must be added, but check at least the older version of your file(dont got current version to check for you) there where a huge number of wordpress addys blocked dispite the fact that after checking a bunch of them none had anything malitious, sure some had objectionable content such as comments alot of people wouldnt agree with, but thats blog for you.

do i need to explain this again?

its all good and well to block offending site fishman.wordpress.com but auto blocking every other *.wordpress.com addy you can find as well just because fishman.wordpress.com is bad isnt kool, yet thats what one of your sources has done.
"It's funny that Christians want people to believe Muslims are evil due to what's in their holy book, their history, and the actions of their extremists, while telling people to ignore what's in their own holy book, their history, and the actions of their extremists."
http://www.pirate-party.us
“Fear is the path to the dark side. Fear leads to anger. Anger leads to hate. Hate leads to suffering.”