Here i present the Mother of All Hosts file out there for you to prevent Stupid ADs, Crazy Malware and Spyware and other Nonsense Unwanted Parasites in your SGS2 Baby.
NOTE: This 'hosts' file is compatible with any Android Operating Environment. Everything Is Linux
> What is a 'hosts' file? What it Does? Whats in it for Me?
The 'hosts' file contains the mappings of IP addresses to host names and loaded into memory (cache) at startup. Android OS checks the 'hosts' file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the localhost (127.0.0.1), which is a loopback and traffic is dropped instantly (saving your millions of money used my network traffic 2G/3G/4G). Another feature of the 'hosts' file is its ability to block other applications (bogus applications) from connecting to the Internet, providing the entry exists.
'hosts' file is used to BLOCK ADs, BLOCK Banners, BLOCK 3rd Party Cookies, BLOCK 3rd Party Page Counters, BLOCK Web Bugs, BLOCK Web Hijackers, BLOCK Phishing Sites, BLOCK Malwares, BLOCK Spywares, BLOCK Trackers, BLOCK Unauthorized Application connections to web and BLOCK other Malicious activities...
This is not 100% Protection but atleast it takes care of MOST OF THE SECURITY ISSUES.
For full Security, Use Antivirus or Security Suite from Android Market.
> Performance Issue? Will my device run SLOW?
I am using this 'hosts' file from my chilhood days and never had any performance issue to date, Although you might have a little delay in startup (boot cycle) and then everything will be cool in standby and active mode. I say "Little delay is better than ADs, Malwares and Spywares..."
> Compatibility?
Any Android Release.
> How to install?
You have to be ROOT to copy the 'hosts' file to '/system/etc' and setting the permissions to 'root:root' and '0444' or 'r-r-r'. Reboot SGS2 and That It. ENJOY.
> What is the Updated Cycle?
'hosts' file is updated every 3 months.
> Any Qyeries?
Ok. I am Ready.
Tried it, seems to work fine so far, even blocked an advert in Astro file manager, adfree tends to miss this, so thanks.
Good share. I am going to use it.
How about making a list of all the ip addresses in Google docs and share it. We can update it based on others feedback. A similar approach (in a stone age way ) like adblock plus addon available in browsers.
I think users capable of understanding hosts file, can also modify it
I love this, I didn't expect the banner boxes to disappear too, thought it would just be white.
isn't there a version without adblocking? I don't like removing ads.
virtualflyer said:
isn't there a version without adblocking? I don't like removing ads.
Click to expand...
Click to collapse
A hosts file IS adblocking, so no there won't be
Sent from my ice cream powered Nexus S
About to give this a try, is there an update due as been 4 months since last release?
Is there an Xperia S version?
Oh and an Optimus Me version? I HATE ADS.
Is there any update about this!? Sir?
Bump! [emoji4]
Swiftkeyed from my OPO A0001
Ok, so disclaimer: this isn't the same as Ad Block, some ads will slip through, and there will probably be IE error messages popping up.
However, if you despise adverts and are ready to give feedback, this does block many ads.
So, what we're doing is editing Windows' built-in hosts file to block these addresses at the source.
First, download the hosts file attached here.
Then, browse to "C:\Windows\System32\drivers\etc" and rename "hosts" to "hosts.old"
Then copy and paste the file you downloaded into the folder, making sure there is no file extension (go to View>show/hide file extensions)
Next, open CMD as admin (start>cmd>right click>run as admin)
Type "net stop dnscache" and hit enter.
After a couple minutes that'll finish.
Type "sc config dnscache start= disabled"
Reboot your Surface (or other device)
You're now (mostly) ad-free! Let me know what you think, and what effects this has on page load speed. (negligible to me, but I'm on a high-speed, slow connections would most benefit.) :good:
HOSTS-file ad blocking is nothing new, but it is a nice trick. However, there are a few problems with the way you suggested doing this:
1) the HOSTS file on Win8 and WRT is protected by Windows Defender, and attempts to modify the mapping for a number of known domains (some of which, annoyingly, are advertising domains) will fail. You will want to add \Windows\System32\drivers\etc\HOSTS to the Excluded Files in Defender.
2) Neither disabling DNS caching nor restarting are needed. Just run the following command: "ipconfig /flushdns" (no quotes). This will wipe the current DNS cache. Disabling the caching entirely will actually degrade performance, as your browser (for example) will need to do a DNS lookup every single time it wants to open a connection to a server, which could be dozens of times per click. Windows will use the HOSTS file just fine while the DNS cache is active. I'm not even *sure* you need to flush it, but it won't hurt.
By the way, for web browsing, a somewhat "nicer" approach to ad-blocking is to use the built-in IE feature of Tracking Protection Lists. You can "get a Tracking Protection List online" and then add EasyList (who also make the most popular block list for AdBlock Plus/AdBlock Edge). Most people don't realize that IE effectively has a built-in ad blocker, and has for a few releases now... Of course, that won't help with ads outside of the browser.
GoodDayToDie said:
HOSTS-file ad blocking is nothing new, but it is a nice trick. However, there are a few problems with the way you suggested doing this:
1) the HOSTS file on Win8 and WRT is protected by Windows Defender, and attempts to modify the mapping for a number of known domains (some of which, annoyingly, are advertising domains) will fail. You will want to add \Windows\System32\drivers\etc\HOSTS to the Excluded Files in Defender.
2) Neither disabling DNS caching nor restarting are needed. Just run the following command: "ipconfig /flushdns" (no quotes). This will wipe the current DNS cache. Disabling the caching entirely will actually degrade performance, as your browser (for example) will need to do a DNS lookup every single time it wants to open a connection to a server, which could be dozens of times per click. Windows will use the HOSTS file just fine while the DNS cache is active. I'm not even *sure* you need to flush it, but it won't hurt.
By the way, for web browsing, a somewhat "nicer" approach to ad-blocking is to use the built-in IE feature of Tracking Protection Lists. You can "get a Tracking Protection List online" and then add EasyList (who also make the most popular block list for AdBlock Plus/AdBlock Edge). Most people don't realize that IE effectively has a built-in ad blocker, and has for a few releases now... Of course, that won't help with ads outside of the browser.
Click to expand...
Click to collapse
Ah, very interesting. Thanks for the feedback.
Good tip...
I used the same method as I do on the desktop, I go to :
http://winhelp2002.mvps.org/hosts.htm
Scroll down to folder icon and where it says download, tap and hold or right click and save to local disk.
Then extract and right click or tap and hold the mvps.bat file and run as admin and your done.
It makes a backup of your original hosts file as HOST.MVP.
I have never noticed windows defender 'undoing' this unless it just removes a few entries within it.
nazoraios said:
Good tip...
I used the same method as I do on the desktop, I go to :
http://winhelp2002.mvps.org/hosts.htm
Scroll down to folder icon and where it says download, tap and hold or right click and save to local disk.
Then extract and right click or tap and hold the mvps.bat file and run as admin and your done.
It makes a backup of your original hosts file as HOST.MVP.
I have never noticed windows defender 'undoing' this unless it just removes a few entries within it.
Click to expand...
Click to collapse
In MVPS's specific instructions for Windows 8 they tell you to make an exception in Windows Defender because it will block it.
waraukaeru said:
In MVPS's specific instructions for Windows 8 they tell you to make an exception in Windows Defender because it will block it.
Click to expand...
Click to collapse
Yes.. interesting. My ad blocking worked fine but i bet they did unblock a series of domains that they deem 'necessary' for windows8.
Thanks for the windows defender tip... i'll have to start using that as well.
Hey, I have a couple questions for all of you awesome ad-blocking folk. I'm using the MVPS hosts file on my Surface 2 and it seems to be blocking some of the ad content for me when I have tracking protection turned off or when tracking protection is ineffective. So, I assume it is set up properly. When you find an unblocked ad, (for instance, my ad blocking efforts seem effective against the images on Facebook but not the text ads) what is your process for determining the domain/host for the ad and blocking it? Do you always go and edit your hosts file, or do you add the domain to you restricted list in Internet Explorer? Or add it to your custom Tracking Protection list?
My other question is: have any of you have determined the common hosts for the banner ads in Windows Store apps? I noticed the MVPS hosts file doesn't seem to be blocking these hosts.
Well since your talking about a web page I would say download fiddler (on an x86 box) and run it in the background while you use your web page. It acts as a proxy so all requests go through it. Then once you find the domains you can add them to HOSTS file.
If you x86 box is Windows 8/8.1 it's a little trickier, you need to use fiddler's 'Windows 8 Config' button to add exceptions to the apps your trying to monitor. I think if you are running IE11 (in protected mode only?) you need to add exceptions for win_ie_ac_??? entries. To monitor apps you can try enabling them all or find your app.
If your talking about on device (RT) you might try running netstat -f in the background but that may only work with desktop IE not running in Enhanced Protected Mode.... if its too much data to read you could redirect to a file to skim through later like netstat -f > temp.txt
waraukaeru said:
Hey, I have a couple questions for all of you awesome ad-blocking folk. I'm using the MVPS hosts file on my Surface 2 and it seems to be blocking some of the ad content for me when I have tracking protection turned off or when tracking protection is ineffective. So, I assume it is set up properly. When you find an unblocked ad, (for instance, my ad blocking efforts seem effective against the images on Facebook but not the text ads) what is your process for determining the domain/host for the ad and blocking it? Do you always go and edit your hosts file, or do you add the domain to you restricted list in Internet Explorer? Or add it to your custom Tracking Protection list?
My other question is: have any of you have determined the common hosts for the banner ads in Windows Store apps? I noticed the MVPS hosts file doesn't seem to be blocking these hosts.
Click to expand...
Click to collapse
nazoraios said:
Well since your talking about a web page I would say download fiddler (on an x86 box) and run it in the background while you use your web page. It acts as a proxy so all requests go through it. Then once you find the domains you can add them to HOSTS file.
If you x86 box is Windows 8/8.1 it's a little trickier, you need to use fiddler's 'Windows 8 Config' button to add exceptions to the apps your trying to monitor. I think if you are running IE11 (in protected mode only?) you need to add exceptions for win_ie_ac_??? entries. To monitor apps you can try enabling them all or find your app.
If your talking about on device (RT) you might try running netstat -f in the background but that may only work with desktop IE not running in Enhanced Protected Mode.... if its too much data to read you could redirect to a file to skim through later like netstat -f > temp.txt
Click to expand...
Click to collapse
Those are some great ideas; I'm going to try them out. They're all fairly labor intensive... I wonder... do you go to those lengths to block ads? It matters that much to me. Looking at how much work that will be though, I am missing the ease of using Adblock Plus and Ghostery plugins in Firefox.
I usually go through those measures to determine which domains to 'unblock' so that I can get a site working with my ad blocking.
I forgot the most obvious method for web stuff, hit F12 in IE, go to network tab, start capturing traffic, load page you want to minitor, and examine results.
waraukaeru said:
Those are some great ideas; I'm going to try them out. They're all fairly labor intensive... I wonder... do you go to those lengths to block ads? It matters that much to me. Looking at how much work that will be though, I am missing the ease of using Adblock Plus and Ghostery plugins in Firefox.
Click to expand...
Click to collapse
C-Lang said:
Ok, so disclaimer: this isn't the same as Ad Block, some ads will slip through, and there will probably be IE error messages popping up.
However, if you despise adverts and are ready to give feedback, this does block many ads.
So, what we're doing is editing Windows' built-in hosts file to block these addresses at the source.
First, download the hosts file attached here.
Then, browse to "C:\Windows\System32\drivers\etc" and rename "hosts" to "hosts.old"
Then copy and paste the file you downloaded into the folder, making sure there is no file extension (go to View>show/hide file extensions)
Next, open CMD as admin (start>cmd>right click>run as admin)
Type "net stop dnscache" and hit enter.
After a couple minutes that'll finish.
Type "sc config dnscache start= disabled"
Reboot your Surface (or other device)
You're now (mostly) ad-free! Let me know what you think, and what effects this has on page load speed. (negligible to me, but I'm on a high-speed, slow connections would most benefit.) :good:
Click to expand...
Click to collapse
Why not just enable some tracking protection lists under Internet Explorer add-ons? It seems to block most, if not all ads for me, even on torrent sites and to me, this seems much easier than a host file.
I enabled the following lists: EasyList Standard, EasyPrivacy.
http://www.iegallery.com/en-us/trackingprotectionlists
TPLs only block ads in IE, HOSTS files can block them in everything across the whole system.
GoodDayToDie said:
TPLs only block ads in IE, HOSTS files can block them in everything across the whole system.
Click to expand...
Click to collapse
ohhhh okay I get it.
Anyone else finding themselves unable to have the ads blocked through hostfile blacklisting? Running 8.1, followed the instructions, all ads keep appearing in Metro apps...
TRSHD said:
Anyone else finding themselves unable to have the ads blocked through hostfile blacklisting? Running 8.1, followed the instructions, all ads keep appearing in Metro apps...
Click to expand...
Click to collapse
Really? NOBODY!?!??!
On 8.1 Windows Defender does not allow changes in this file - you must remove it from protected files or disable defender (well, IMO it's nonsense on ARM).
kitor said:
On 8.1 Windows Defender does not allow changes in this file - you must remove it from protected files or disable defender (well, IMO it's nonsense on ARM).
Click to expand...
Click to collapse
Could you expand on how to remote it from the protected files?
http://support.microsoft.com/kb/2764944
kitor said:
http://support.microsoft.com/kb/2764944
Click to expand...
Click to collapse
Excellent, I've done that already... Dumb question: is the host filename case sensitive? Mine's named HOSTS...
No, Win32 is case-insensitive. It's traditional on Windows to use upper-case, but it doesn't matter.
NTFS is actually capable of behaving in a case-sensitive manner, but Win32 is explicitly case-insensitive. This leads to weirdness if you don't use the Win32 subsystem and create a file whose name differs from another only by case, then try to open them using a Win32 program like Notepad...
In any ROM (even without gapps) there will always be automatic connections with Google(captive portal mode, ntp) and Qualcomm (ntp, gps) The theory says that we have to deactivate automatic date and time and use only the integrated GPS (or otherwise contact Google / Qualcomm) but in practice these hosts will connect to the internet when they can ... The file in a LineageOs ROM is usually in /vendor/etc/gps.conf. On the other hand, there are geolocation alternatives, such as theUnifiedNIp project. Later, we can use other servers such as Mozilla. For this purpose we need to have MicroG installed, although I leave the information in case you are interested in.
The exception would supposedly be Replicant, but it supports few devices.
To avoid the espionage of Google we need the following:
-Before installing / formatting / flashing, we export our contacts in .vcf format and then recover them by importing the file from the Contacts application. If you want synchronization you can use, for instance,DAVdroid in Nextcloud / Ownclowd. This file and our photos / videos are taken to the PC and viceversa using a wire. We also download F-Droid, Afwall firewall and Adaway apks. We do not connect to the internet till I say even we have to avoid mobile data or wifi in the setupwizard.
-We flash a LineageOs ROM, without gapps and without MicroG(because it generates too many connections with Google). In your options we will uncheck Automatic Date / Time. We become root with Magisk or su.
-The next step is to deactivate the captive portal mode. All Android phones send a ping to Google to verify that the internet works. In Development Options we will enable the Local Terminal / Shell. Afterwards, we look for the new app and we open it.
In order to have root access we write:su
Then we will put:settings put global captive_portal_mode 0
And finally:reboot (also in the terminal, because if we restart manually it will be activated again)
-We disable "Intent Filter Verification" system app. It connects to Google and Amazon to verify the net. It is not necessary to be root. We force stopping and afterwards we disable it.
-If we use Android Pie we change Private DNS from automatic (default) to No.
-Install the firewall Afwall + We will give access only to the apps that interest us. However, there is a "bug" in Android that produces another inevitable data leak for any Firewall. This occurs at the boot of the system in which the program is incapable because it is loaded later, and the OS takes advantage to skip the locks. In its experimental options, there is one that controls this behavior. "Fix the data leak at boot" To let us mark the option, which by default will be gray, we must indicate in the immediately superior option "Path of the home directory for script", the first one that appears/sbin/.core /img/.core/service.d. Besides, we mark IPv6 compatibility. Thus, Afwall could "see" some IP's and block them. Nowadays I do not know what they are but there are several (an failed) unknown connections.
-AdAway. Now It is the moment to connect to the internet. We add the lists I put below, update the app and reboot. We are going to block Google servers (time.google.com) and Qualcomm servers (Izat, izatcloud.net) because despite blocking them in the firewall, disabling automatic date / time and using only the integrated GPS for time, they will try to connect to the time servers as soon as the phone connects.
To simplify, we added the host that I created for that purpose:
https://gitlab.com/Jorgu81/hosts/raw/master/HostsGoogle
Most recommended is Steven Black, although it is not essential:
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- After that, we install the F-Droid store. We are going to avoid Yalp Store/Aurora because they generate too many connections with Google, but you can install / uninstall if you need any app.
-IceCat web browser. Startpage, Qwant or SearX search engines. The reason, here:
https://spyware.neocities.org/articles/browsers.html
First of all we disable its addons because they break the webs. Afterwards, we put the ublock addon Origin.. If you want to avoid Google webcrawling we must block its domains with the aforementioned add-on. These are some of its trackers:
adservice.google.com
admob.com
adwords.com
adservice.google.es
adservice.google.com
doubleclick.net
googleapis.com beware! Some forums will not load correctly if we block ajax.googleapis.com
google-analytics.com
googletagservices.com
googleusercontent.com
googletraveladservices.com
googlesyndication.com
googleadservices.com
gstatic.com (it tends to break many websites, so use it manually where possible)
-SD Maid. This program is very complete and with it we can disable system applications or avoid autobooting them. But what interests us is to remove tracking permissions of the apps, specifically those referred to Google. These are boot (auto-start),analytics, tracking, firebase and in general those that refer to google. If the apps contain any of them, we will remove them. We look for "Application Control" (previously we can mark it to indicate also those of the System in Settings) and after selecting them, we select the app and choose "Permission Manager". Do not forget to give the 3 points above (Other) to see all of them. Example with Whatsapp. Uncheck "com.whatsapp.Bootreceiver","google.android.gms.measurement.AppMeasurement Receiver","com.google.firebase.iid.FirebaseInstanceIdReceive r","com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver"
https://sdmaid.darken.eu/download/production/
If we want to avoid its automatic connections we could disable the options in Settings, General Settings, Bug reporting.
Do not forget Trust in LineageOs in order to change, deny or allow permissions of our installed apps.
With this we have finished the initial configuration to avoid, as far as possible, the espionage of our system.
----------------------------------------------------------------------------------------
Applications / recommended settings (from F-Droid, as usual):
-Beta Updater for WhatsApp. To update the well-known application.
-XprivacyLua. We need Xposed:
Xposed (not Android 9)
https://forum.xda-developers.com/xposed/xposed-installer-versions-changelog-t2714053
EdXposed (Android 9, alpha)
https://forum.xda-developers.com/xposed/android-9-0-xposed-solutions-t3889513
It will block all the information from our terminal that apps can takefor their indeterminate purposes. Few of them will make an incorrect use of it because they come from F-Droid. If we use WhatsApp we have to leave at least permission to clipboard and Contacts. In IceCat only for clipboard.
Removed old info.
Updated info:
-Disabling Intent Filter Verification due to its connections with Google, Amazon, and so on...
Another update and I hope the last...
We mark IPv6 compatibility in the firewall. Thus, Afwall could "see" some IP's and block them. Nowadays I do not know what they are but there are several (an failed) unknown connections.
Nevertheless, if we do not apply this, we could see data leak (AdAway, wireshark, tcpdump)
Now, there is no automatic connections at all.
On the other hand, I will install Pie soon so I will hope not to find too many problems...
Last update with Pie.
Only strange connections between mobile and router with Private DNS that is in automatic mode by default. We change it and select No.
-Added more hosts
-Changed hosts from GitHub to GitLab.
Now, we have 0 automatic data again when we turn on/off wifi or mobile data.
System Input Method's playstore link
[Playstore link: https://play.google.com/store/apps/d...ster&hl=en_GB]
Application Process: System Input Method (Process Name: com.ss.android.secure.cleanmaster)
listed as a system file.
Installed APK: /data/user/0/com.ss.android.secure.cleanmaster-1/base.apk
/data path: /data/user/0/com.ss.android.secure.cleanmaster
Version: 1.05
Target SDK: 22
Permissions:
Have full network access.
View WiFi connections.
View network connections.
Download files without notification.
Read phone status and identity
Modify or delete the contents of your usb storage.
Read contents of your Usb storage
Prevent phone from sleeping
Retrieve running apps
Draw over other apps
MainService: ime.mobile.ime.main
NOTE: This app written for older Android OS. So if installed in newer android versions, all permissions will be allowed even if you blocked it.
Last edited by SniperAlert2046; Today at 09:27 PM.
Malwarebytes classified it as riskware.
But after uninstalling it, the app came back again at random hours. seemingly downloading and installing other apps (like Haike News - communist news; and Ireader)
Drains battery and used data (to download files and maybe mine for crypto)
tried using ADB to remove it but as the base.apk is stored in root folder, the app can reinstalls itself when triggered (by the programmer / hacker or randomly)
Rooted phone and then installed Afwall+ firewall. But the firewall steathily disables internet filtering at odd hours. (or maybe the firewall is bugged).
So decided to deactivate Updater app (linked to redstone) and the OTAupdater... system app since phoine already rooted and that the Leagoo company does not provide regular OS updates. (except pushing Haike News, System Input Method and H5plugins riskwares to phone).
Well, although AFwall+ firewall did not work, thereby exposing my phone to the internet without filtering IP traffic, the riskwares did not return. So uninstalling Updater (the one with the com.redstone.ota.ui pathname) and the System Update (com.sprd.systemupdate) works for me.
Netguard firewall managed to blocks internet access by system apps. The Leagoo's Built-in Weather app created Baidu folder in root folder (collecting many encrypted log files probably for sending back to Baidu servers in China.). Would be better to uninstall Leagoo Weather app and install a 3rd party one.