PowerShell script to handle HOSTS file
Page 1 of 1
PowerShell script to handle HOSTS file
I mentioned this script a long time ago at Wilders Security Forum. I figured I could make a mention to it at this forum as well. It works almost perfectly. It has some issues properly removing some garbage from one or another source, that are not in a non hosts file format.
-http://www.sans.org/windows-security/2010/09/14/hosts-file-block-domains/comment-page-1/
To be able to run it, you need administrator privileges, for two reasons: You need privileges to change PowerShell execution policy. You also need them to change the hosts file.
I'd advise creating a batch file that would automatically do it for you, like so:
In this example, it will set the execution policy to RemoteSigned. Then, it will call the PowerShell script and will reset the hosts file, using the parameter ResetToDefaultHostsFile.
Then, it will count the number of hostnames. And for last, it will reset the security policy back to the default value - no script will be able to execute.
The URL has lots of info on how to work with the script. The script itself has information as well.
The script seems to be have difficulties dealing with any of the Phishtank files here: -https://www.phishtank.com/developer_info.php
There are a few lists you could find useful to use with your hosts file, from ads and trackers to malicious domains:
-http://www.malwaredomains.com/wordpress/ (malicious domains)
-http://hosts-file.net/?s=Download (unfortunately, at the moment the script can't handle zipped files, but there are plain text files)
-http://malc0de.com/database/ (malicious domains)
-http://support.clean-mx.de/clean-mx/rss?mode=TPL (This is an IE9 Tracking Protection List, but the script can handle any type of file, and will do its best to clean the garbage. It's more successful at some, while at others not so great.) (malicious domains)
-http://amada.abuse.ch/blocklist.php?download=domainblocklist (malicious domains)
-http://amada.abuse.ch/blocklist.php?download=proactivelistings (malicious domains)
-http://www.malware.com.br/cgi/submit?action=list_hosts_win_0000 (malicious domains)
-https://spyeyetracker.abuse.ch/ (certificate is expired and Chromium is not letting me in A download manager such as wget should allow the download. You can also download with the script, by the way. I'd advise to download the files with wget, for example.) (malicious domains)
-https://zeustracker.abuse.ch/blocklist.php (same deal... certificate is also expired. I hope the guy buys a new one... ) (malicious domains)
-http://www.malwaredomainlist.com/hostslist/hosts.txt (malicious domains)
-http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext (ads/trackers)
-http://sysctl.org/cameleon/hosts.win (I think this one just blocks ads/trackers)
-http://someonewhocares.org/hosts/zero/hosts (both I think)
-http://winhelp2002.mvps.org/hosts.txt (both)
There are more, but they're not so well maintained at those are. I mixed them all: ads/trackers and malicious domains. Some of them block both kind of domains, though.
You could also call the program HostsMan, so that it opens automatically when the script finishes doing its work, and then clean any garbage and also to maintain your Whitelist.
In my testing HostsMan command line parameters were flawed and didn't work. Maybe someone could test with another type of hosts editor?
-http://www.sans.org/windows-security/2010/09/14/hosts-file-block-domains/comment-page-1/
To be able to run it, you need administrator privileges, for two reasons: You need privileges to change PowerShell execution policy. You also need them to change the hosts file.
I'd advise creating a batch file that would automatically do it for you, like so:
- Code:
"%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -Command "& {Set-ExecutionPolicy Remotesigned}"
"%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -File "C:\Program Files\PSScriptHosts\Update-HostsFile.ps1" -ResetToDefaultHostsFile
"%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -File "C:\Program Files\PSScriptHosts\Update-HostsFile.ps1" -ShowHostnameCount
"%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe" -Command "& {Set-ExecutionPolicy Default}"
In this example, it will set the execution policy to RemoteSigned. Then, it will call the PowerShell script and will reset the hosts file, using the parameter ResetToDefaultHostsFile.
Then, it will count the number of hostnames. And for last, it will reset the security policy back to the default value - no script will be able to execute.
The URL has lots of info on how to work with the script. The script itself has information as well.
The script seems to be have difficulties dealing with any of the Phishtank files here: -https://www.phishtank.com/developer_info.php
There are a few lists you could find useful to use with your hosts file, from ads and trackers to malicious domains:
-http://www.malwaredomains.com/wordpress/ (malicious domains)
-http://hosts-file.net/?s=Download (unfortunately, at the moment the script can't handle zipped files, but there are plain text files)
-http://malc0de.com/database/ (malicious domains)
-http://support.clean-mx.de/clean-mx/rss?mode=TPL (This is an IE9 Tracking Protection List, but the script can handle any type of file, and will do its best to clean the garbage. It's more successful at some, while at others not so great.) (malicious domains)
-http://amada.abuse.ch/blocklist.php?download=domainblocklist (malicious domains)
-http://amada.abuse.ch/blocklist.php?download=proactivelistings (malicious domains)
-http://www.malware.com.br/cgi/submit?action=list_hosts_win_0000 (malicious domains)
-https://spyeyetracker.abuse.ch/ (certificate is expired and Chromium is not letting me in A download manager such as wget should allow the download. You can also download with the script, by the way. I'd advise to download the files with wget, for example.) (malicious domains)
-https://zeustracker.abuse.ch/blocklist.php (same deal... certificate is also expired. I hope the guy buys a new one... ) (malicious domains)
-http://www.malwaredomainlist.com/hostslist/hosts.txt (malicious domains)
-http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext (ads/trackers)
-http://sysctl.org/cameleon/hosts.win (I think this one just blocks ads/trackers)
-http://someonewhocares.org/hosts/zero/hosts (both I think)
-http://winhelp2002.mvps.org/hosts.txt (both)
There are more, but they're not so well maintained at those are. I mixed them all: ads/trackers and malicious domains. Some of them block both kind of domains, though.
You could also call the program HostsMan, so that it opens automatically when the script finishes doing its work, and then clean any garbage and also to maintain your Whitelist.
In my testing HostsMan command line parameters were flawed and didn't work. Maybe someone could test with another type of hosts editor?
Guest- Guest
Similar topics
» hosts file
» Blocking Powershell?
» Zero Day PowerShell Attacks Heading Your Way
» 3rd party Hosts Files?
» Windows 7 hidden file extensions
» Blocking Powershell?
» Zero Day PowerShell Attacks Heading Your Way
» 3rd party Hosts Files?
» Windows 7 hidden file extensions
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum