Many ordinary and slightly advanced computer users have been using them for many years and were unaware of the existence of some file named hosts without a last name (i.e. extension).
But thanks to viruses and imperfect operating systems of the Windows family, users had to get to know this "host" rather closely.
What is the hosts file for?
In the Windows operating system (XP, Vista, 7, etc.) the file hosts is used to associate (match) host names (nodes, servers, domains) with their IP addresses (name resolution). hosts is a simple text file that has no extension (it doesn't even have a dot :)).
File hosts physically located in the directory:
- \ Windows \ System32 \ drivers \ etc \- for Windows 2000 / NT / XP / Vista \ 7
- \ Windows \- for old Windows 95/98 / ME
Most often, this directory is located on the C drive, so in this case the full path to the file is obtained. hosts represents by sosboy:
By default, only one IP address should be specified in a normal hosts file, this is - 127.0.0.1 ... This IP schnick is reserved for localhost, that is, for your local PC. No other addresses should be there!
File contents hosts for Windows XP (Russian version of OS):
In text form, the contents of the hosts file for Windows XP can be copied from here:
# (C) Microsoft Corp. 1993-1999
#
# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#
# This file contains mappings of IP addresses to host names.
# Each element must be on a separate line. The IP address must
# is in the first column, followed by the corresponding name.
# IP address and hostname must be separated by at least one space.
#
# In addition, comments may be inserted on some lines
# (such as this line), they must follow the hostname and be separated
# from it with "#".
#
# For instance:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # client x host127.0.0.1 localhost
File contents hosts for Windows Vista (English OS):
In text form, the contents of the hosts file for Windows Vista can be copied from here:
# Copyright (c) 1993-2006 Microsoft Corp.
#
#
# space.
#
#
# For example:
#
127.0.0.1 localhost
:: 1 localhost
File contents hosts for Windows 7 (English OS):
In text form, the contents of the hosts file for Windows 7 can be copied from here:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# :: 1 localhost
Using the hosts file
File hosts theoretically it can be used to speed up Internet browsing and reduce traffic. This is accomplished by reducing queries to the DNS server for resources frequently visited by the user. For example, if you use Yandex and Google search engines every day (sites http://yandex.ru and http://google.ru respectively), then it makes sense in the file hosts after the line " 127.0.0.1 localhost"write the following lines:
93.158.134.11 yandex.ru
209.85.229.104 google.ru
This will allow your Internet browser not to contact the DNS server, but to immediately establish a connection to the sites yandex.ru and google.ru... Of course, very few people do such tricks nowadays, if only because of the good modern access speeds.
Limitations using the hosts file
Some advanced comrades sometimes use the hosts file to block unwanted web resources (for example, erotic content - for children, until they grow up and become smarter than you in a computer sense). To do this, after the line 127.0.0.1 localhost also add a bnm line or multiple lines:
127.0.0.1 address of the blocked resource-1
127.0.0.1 the addressblocked resource-2
127.0.0.1 the addressblocked resource-3
for instance:
The essence of this entry is that the specified blocking resource will now be matched by the browser to the IP address 127.0.0.1 , which is the address of the local computer - accordingly, the forbidden site will simply not be loaded.
This function is often used by computer viruses that add redirects for browsers that cybercriminals need to the hosts file:
Most often, the redirection is done to the "left" site, which does not visually differ from the real resource, while the username and password are stolen from the user (he himself enters them into the supposedly real fields of the site) or simply write that your account is blocked (allegedly for spam, etc. ), pay money or send SMS (also very paid) to unlock. Along with the redirection to their website from social networking sites, the attackers block using the file hosts access to the sites of anti-virus programs.
Attention! Never pay for it! And don't send SMS!
A cell phone can only be used as a means of obtaining a password, an unlock code. Those. messages should come to you, not come from you.
Although, if you don’t feel sorry for the money, first check with your mobile operator the cost of sending SMS to this number in order to decide for sure that you really don’t feel sorry for just giving this amount to someone.
How to edit the hosts file
- Each element should be written in its own (separate) line.
- The site's IP address must start at the first position of the line, followed by its corresponding hostname (in the same line), separated by a space.
- The IP address and hostname must be separated by at least one space.
- The comment line must start with a # character.
- If comments are used in matching strings of domain names, they must follow the hostname and be separated from it also with the symbol # .
Viruses and the hosts file
Attackers, so that their actions are not immediately detected, edit the file hosts in a sly way. Several options are possible:
1. To the end of the file hosts added VERY many lines (several thousand), and redirection addresses (most often at the end) are difficult to notice, especially if you look at the contents of the file hosts using the Windows built-in notepad - a very poor editor.
To view the content and edit the file hosts it is best to use a text editor that shows the number of lines in the document, such as Notepad ++.
Also, you should be alarmed by the rather large size of the hosts file, well, in its normal state it cannot be more than a few kilobytes in size!
2. The original hosts file is edited, after which the " Hidden" or " Systemic", because by default hidden files and folders are not displayed in Windows operating systems. C: \ WINDOWS \ system32 \ drivers \ etc file is created hosts.txt(by default, for registered file types, extensions are not displayed, and the system does not accept the file hosts.txt, she only needs hosts), which is either completely empty, or everything is written as it should be in a real file hosts.
3. Similarly, as in the second option, only here the cybercriminals have provided for the option that extensions for registered file types are displayed in the operating system (the user has enabled it on his own). Therefore, instead of the file hosts.txt the virus creates a file hosts, which has the letter " O"Russian, not English. Visually, the file looks like a real one, but it is also not perceived by the system.
In this picture, the first file hosts- hidden, the virus has made changes to it. Second file hosts- not real, it contains a Russian letter " O"in the name, most often this file hosts empty, viruses don't bother copying content from a real file.
Restoring the hosts file
If you have identified similar changes to your file host, you need to restore everything to its original state. To do this, you need to do the following:
- Disable real-time protection for your antivirus program, because many normal modern antivirus programs (for example, Avira) do not allow changes to the file hosts.
- Open directory C: \ WINDOWS \ system32 \ drivers \ etc
- Turn on the display of extensions for registered file types, hidden and system files.
- Click on the file hosts right-click and select the line " Edit with Notepad ++":
If you do not have the text editor Notepad ++ installed, then I recommend installing it first, and not using Notepad. If you do not have the Internet at the moment or are just too lazy to download Notepad ++, then you can use a poor notepad to edit the file hosts.
To open a file hosts notepad, you need to click on it with the left mouse button, a Windows window will appear with the message “ Failed to open next file ...". Set the switch to " Selecting a program from the list manually". Click OK... In the window " Program selection"find in the list Notebook and press OK.
- Edit the contents of the hosts file so that it becomes as indicated at the beginning of this article.
- Save changes.
- Activate the protection of the antivirus program (if disabled).
- Launch a browser and check the ability to view the desired sites.
How the hosts file works
When the user types the address (URL) of a site in the browser and presses Enter, the user's browser:
- Checks in the hosts file to see if the entered name is a proper computer name (localhost).
- If not, then the browser looks for the requested address (hostname) in the hosts file.
- If a hostname is found, the browser accesses the corresponding IP address specified in the hosts file.
- If the hostname is not found in the hosts file, then the browser accesses the DNS resolver cache (DNS cache).
- If a hostname is found in the cache, the browser accesses the corresponding IP address for that host, stored in the DNS cache;
- If the hostname is not found in the DNS resolver cache, the browser contacts the DNS server;
- If the requested web page (site) exists, then the DNS server translates the user-specified URL into an IP address;
- The web browser downloads the requested resource.
After entering the required site in the browser, let's say Google.com , the browser sequentially (according to priority) searches for a mapping of this domain name to an IP address (because it is with IP addresses that network devices work).
a) the specified site is checked in the hosts file, if it finds a match (suppose 1.1.1.1 Google.com is written in the hosts file), then the contents of IP - 1.1.1.1 will be opened accordingly, if there is no specified domain name, proceed to the next step;
b) the cache dns is checked (if you have opened Google.com before, then most likely the IP of this site has been saved in the DNS cache of your computer / laptop), if the IP of the site is indicated there, then the page opens to you, if not, it proceeds to the last stage;
v) the request goes to the DNS server (it is written manually in the network connection settings or is issued via DHCP), if there is no specified site in the DNS server, it will "ask" another DNS server until it finds it (if, of course, it exists at all) and the site is successful will open.
The hosts file is located at the path C: \ Windows \ System32 \ Drivers \ etc \ hosts (if C is the system drive). You can open it with a regular notepad. If you did not make changes to the hosts file, then the following will be written there:
|
The hosts file in Windows XP: 127.0.0.1 localhost |
Hosts file in Windows Vista: 127.0.0.1 localhost |
|
Hosts file in Windows 7: # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. |
Hosts file in Windows 8 # Copyright (c) 1993-2009 Microsoft Corp. # localhost name resolution is handled within DNS itself. |
As you can see, regardless of the version, the host file is not very different, but if the virus "worked" on the hosts file, various sites and IP-schnicks can be added there. For instance:
127.0.0.1 ftp.kаspеrskylab.ru
127.0.0.1 ids.kаspеrsky-labs.com
127.0.0.1 vk.com
127.0.0.1 drweb.com
Such additions in the file prevent you from accessing the specified sites.
1.2.3.4 ftp.kаspеrskylab.ru
1.2.3.4 ids.kaspersky-labs.com
1.2.3.4 vk.com
1.2.3.4 drweb.com
Such additions in the file when opening the specified sites will redirect you to other sites, possibly infected with viruses (IP 1.2.3.4 are fictitious).
If you find out that the hosts-file has changed, you need to fix it. In Windows XP, the file is simply opened with notepad, the necessary changes are made and saved (you must log in as an administrator). On other versions (Windows Vista, 7, 8), it is necessary to give the rights to modify the file. To do this, open the folder in which the hosts is located C: \ Windows \ System32 \ Drivers \ etc(if the C drive is system). Right click on hosts and choose "Properties".
Choose a tab "Safety", then select the user under which you are working on the computer / laptop (in this example, this is the site) and press the button "Change"... A window will open "Permissions for the hosts group", again select the user and assign full rights to the file, click "OK", in the window "Properties: hosts", too "OK".
After that, open hosts with Notepad and return the file to its original state, when finished, save the changes.
The hosts file is a rather vulnerable spot in the Windows operating system. This file becomes the number one target for almost all viruses and Trojans that manage to infect a computer. In this article we will tell you about what the hosts file is, where it is located, what it is used for and how to restore it after a computer has been infected with viruses.
The task of this file is to store a list of domains and their corresponding ip-addresses. The operating system uses this list to translate domains to ip addresses and vice versa.
Every time you enter the address you need a site into the address bar of your browser, a request is made to convert the domain to an ip-address. This translation is currently performed by a service called DNS. But, at the dawn of the development of the Internet, the hosts file was the only way to associate a symbolic name (domain) with a specific ip-address.
Even now, this file has a direct impact on the conversion of symbolic names. If you add an entry in the hosts file that will associate an ip-address with a domain, then such an entry will work fine. This is exactly what the developers of viruses, Trojans and other malicious programs use.
As far as the file structure is concerned, the hosts file is a regular text file with a buse extension. That is, this file is not called hosts.txt, but simply hosts. To edit it, you can use the usual Notepad text editor.
The standard hosts file consists of several lines that begin with a "#" character. Such lines are ignored by the operating system and are simply comments.
Also in the standard hosts file there is an entry "127.0.0.1 localhost". This entry means that when you access the symbolic name localhost, you will be accessing your own computer.
Hosts file fraud
There are two classic ways to benefit from making changes to the hosts file. First, it can be used to block access to websites and servers of anti-virus programs.
For example, after infecting a computer, the virus adds in the hosts file the following entry: "127.0.0.1 kaspersky.com". When you try to open the kaspersky.com website, the operating system will connect to the ip-address 127.0.0.1. Naturally, this is the wrong ip address. This leads toaccess to this site is completely blocked.As a result, the user of the infected computer cannot download the anti-virus or anti-virus database updates.
In addition, developers can use another technique. By adding entries to the hosts file, they can redirect users to a fake site.
For example, after infecting a computer, the virus adds the following entry to the hosts file: “90.80.70.60 vkontakte.ru”. Where "90.80.70.60" is the ip-address of the attacker's server. As a result, when trying to go to a well-known site, the user ends up on a site that looks exactly the same, but is located on someone else's server. As a result of such actions, fraudsters can obtain usernames, passwords and other personal information of the user.
So in case of any suspicion of a virus infection or site spoofing, the first thing to do is to check the HOSTS file.
Where is the hosts file
Depending on the version of the Windows operating system, the hosts file may be located in different folders. For example, if you use Windows XP, Windows Vista, Windows 7, or Windows 8, the file is located in the WINDOWS \ system32 \ drivers \ etc \ folder.
In Windows NT and Windows 2000 operating systems, this file is located in the WINNT \ system32 \ drivers \ etc \ folder.
In very ancient versions of the operating system, for example, in Windows 95, Windows 98 and Windows ME, this file can be found simply in the WINDOWS folder.
Restoring the hosts file
Many hacked users are interested in where you can download the hosts file. However, there is no need to search and download the original hosts file. You can fix it yourself, for this you need to open it with a text editor and delete everything except the line except "127.0.0.1 localhost". This will unblock access to all sites and update your antivirus.
Let's take a closer look at the process of restoring the hosts file:
- Open the folder where the file is located. In order not to wander through the directories for a long time in search of the desired folder, you can use a little trick. Press the Windows key + R key combination to open the Run menu". In the window that opens, enter the command "% Systemroot% \ system32 \ drivers \ etc" and click OK.
- After the folder in which the hosts file is located opens in front of you, make a backup copy of the current file. In case something goes wrong. If the hosts file exists, then simply rename it hosts.old. If the hosts file does not exist at all in this folder, then you can skip this item.
- Create a new empty hosts file. To do this, right-click in the etc folder and select the item "Create text document".
- When the file is created, it must be renamed to hosts. When renaming, a window will appear in which there will be a warning that the file will be saved without the extension. Close the warning window by clicking OK.
- After the new hosts file is created, you can edit it. To do this, open the file with Notepad.
- Depending on the version of the operating system, the contents of the standard hosts file may differ.
- For Windows XP and Windows Server 2003 add "127.0.0.1 localhost".
- Windows Vista, Windows Server 2008, Windows 7 and Windows 8 need to add two lines: "127.0.0.1 localhost" and ":: 1 localhost".
In this article I will try to tell you absolutely everything related to the Hosts file in Windows.
What is a Hosts file and why is it needed in Windows:
The Hosts file is a Windows system file that is used to redirect from one site to another, or to block access to certain sites from your computer, and for some other purposes.
Where is the Hosts file located:
For absolutely all operating systems - Windows XP, Windows 7, Windows 8.1 and Windows 10, the location of the Hosts file is unchanged. It is located in the following directory:
How to change the Hosts file:
The Hosts file can be edited with any text editor such as notepad. To open the Hosts file simply right-click on it and select "Open with Help" -> "Notepad". Or just double-click on the file and you will be prompted to choose with which to open it.
How the Hosts file should look like:
By default, the contents of the Hosts file are as follows:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP / IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# :: 1 localhost
This content is just a short guide in English on how to work with the Hosts file. Each line is preceded by a "#" sign, which means that this line is not executable, what is written in this line is ignored by the system. As you can see, by default all lines contain the "#" sign, that is, all these lines are not executed - you can safely delete them if you want and nothing will change.
If you completely deleted the Hosts file and want to restore it, you can download mine:
(Downloads: 36)
Extract the file from the archive and place it in the folder:
C: \ Windows \ System32 \ drivers \ etc
How to block access to the site through hosts:
It is enough to write the following line at the very end of the file.
Which we publish on the site. This file is an important element of the operating system, so it is not surprising that users so often ask questions related to the hosts file. One of the typical questions is how the hosts file should look like.
The fact is that many viruses damage the hosts file when they enter the computer. They add their entries to it, the purpose of which is to block access to antivirus updates or to replace real sites with fraudulent ones. It is very easy to detect the occurrence of such alien recordings. It is enough to open the file with Notepad.
If the hosts file contains many lines like this:
- 127.0.0.1 kaspersky.com
- 127.0.0.1 kaspersky-labs.com
- 127.0.0.1 liveupdate.symantec.com
- 127.0.0.1 liveupdate.symantecliveupdate.com
This is the work of viruses. After removing such viruses, the hosts file remains corrupted and users wonder how to recover it.
What the hosts file should look like in Windows XP
In the picture you can see how the hosts file should look in the Windows XP operating system. If you want to restore the hosts file in this form, then you need to download the text file and its contents to your hosts file.
What the hosts file should look like in Windows Vista, Windows 7 and Windows 8
In the picture you can see how the hosts file should look in Windows Vista, Windows 7 and Windows 8. If you want to restore the hosts file in this form, then you need to download a text file and copy its contents to your hosts file.
How to restore the hosts file. It is not necessary to restore the hosts file in its original form. The "#" character in the hosts file means that any text after this character is a comment and should be ignored by the operating system. Thus, all lines of the hosts file that begin with the "#" character do not affect the system operation in any way and can be safely deleted.
How to open the hosts file. The hosts file has no extension, but it is nevertheless a regular text file. Therefore, you need to open it with the standard Notepad program.
What to do if the hosts file is deleted. If the file is deleted, then you can restore it by creating a regular text file and.
