Home Page


Ad and Counter Blocking
By Thiravudh Khoman

Here's something I recently implemented on my Windows machine that helps speed up web browsing a bit. (Note: This NOT an original idea, not by a long shot.)

When you give your web browser a URL such as https://www.yahoo.com, the usual way this name is "resolved" or converted into a numerical IP address is by the use of DNS servers. On smaller networks that run TCP/IP (such as on a local area network), it's not necessary to use a full-blown DNS server to do name resolution. Instead, you can compile a list of IP addresses and domain names and put them into a file called HOSTS. All TCP/IP-capable operating systems, regardless of whether they're running DOS, Windows, Mac, Linux, or whatever CAN make use of this HOSTS file.

On Windows machines, this file is usually located in C:\Windows, while on other O/S'es it's located elsewhere. (If I remember correctly, with Linux it's in /etc. Not sure where it's located on a Mac, but probably in one of the system folders.) Chances are, though, on most Windows machines you won't find an existing HOSTS file; instead, you'll find a HOSTS.SAM file which is merely a "sample" HOSTS file. You can copy HOSTS.SAM to HOSTS to get a barebones start.

The format of the HOSTS file is very simple. Each line contains an IP address, some white space (usually a tab), and then a domain name associated with that IP addresss. In most HOSTS files, you will also see a rather odd entry: localhost. "localhost" is a generic name given to YOUR computer and is the dummy IP address assigned to this name. In actual fact, ALL computers on the internet have this entry, and because is one of those magic non routable IP addresses, it will never exist on the real internet, thus avoiding any possibility of address conflicts.

More often than not, localhost is used for "loopback" testing; e.g. to see if your TCP/IP is working properly. Try it. Type: ping localhost. On my machine, this is the output I get.

    Pinging thirav.eug.or.home.com [] with 32 bytes of data:

    Reply from bytes=32 time<10ms TTL=128
    Reply from bytes=32 time<10ms TTL=128
    Reply from bytes=32 time<10ms TTL=128
    Reply from bytes=32 time<10ms TTL=128

    Ping statistics for
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

With no lost packets, my computer is deemed able to communicate with "localhost", as it very well should, since I'm just ping'ing my own computer.

Now, if you have a functioning HOSTS file, TCP/IP can use BOTH the HOSTS file AND your duly assigned DNS servers, which is what I've done. To be precise, I've entered the names of some "undesirable servers" and assigned them the magic IP number, meaning from the standpoint of MY computer, those domain names now exist locally (although their content doesn't). Needless to say, this doesn't affect any other computer on the internet.

At present, this is what my HOSTS file looks like:    localhost    ads.mweb.co.th    ads2.mweb.co.th    usa.nedstat.net    pop3.norton.antivirus    pop3.spa.norton.antivirus    207-87-18-203.wsmg.digex.net    Garden.ngadcenter.net    Ogilvy.ngadcenter.net    ResponseMedia-ad.flycast.com    Suissa-ad.flycast.com    UGO.eu-adcenter.net    VNU.eu-adcenter.net    a32.g.a.yimg.com    ad-adex3.flycast.com    ad.adsmart.net    ad.ca.doubleclick.net    ad.de.doubleclick.net    ad.doubleclick.net    ad.fr.doubleclick.net    ad.jp.doubleclick.net    ad.linkexchange.com    ad.linksynergy.com    ad.nl.doubleclick.net    ad.no.doubleclick.net    ad.preferences.com    ad.sma.punto.net    ad.uk.doubleclick.net    ad.webprovider.com    ad08.focalink.com    adcontroller.unicast.com    adcreatives.imaginemedia.com    adex3.flycast.com    adforce.ads.imgis.com    adforce.imgis.com    adfu.blockstackers.com    adimage.blm.net    adimages.earthweb.com    adimg.egroups.com    admedia.xoom.com    adpick.switchboard.com    adremote.pathfinder.com    ads.admaximize.com    ads.bfast.com    ads.clickhouse.com    ads.enliven.com    ads.fairfax.com.au    ads.fool.com    ads.freshmeat.net    ads.hollywood.com    ads.i33.com    ads.infi.net    ads.jwtt3.com    ads.link4ads.com    ads.lycos.com    ads.madison.com    ads.mediaodyssey.com    ads.msn.com    ads.ninemsn.com.au    ads.seattletimes.com    ads.smartclicks.com    ads.smartclicks.net    ads.sptimes.com    ads.tripod.com    ads.web.aol.com    ads.x10.com    ads.xtra.co.nz    ads.zdnet.com    ads01.focalink.com    ads02.focalink.com    ads03.focalink.com    ads04.focalink.com    ads05.focalink.com    ads06.focalink.com    ads08.focalink.com    ads09.focalink.com    ads1.activeagent.at    ads10.focalink.com    ads11.focalink.com    ads12.focalink.com    ads14.focalink.com    ads16.focalink.com    ads17.focalink.com    ads18.focalink.com    ads19.focalink.com    ads2.zdnet.com    ads20.focalink.com    ads21.focalink.com    ads22.focalink.com    ads23.focalink.com    ads24.focalink.com    ads25.focalink.com    ads3.zdnet.com    ads3.zdnet.com    ads5.gamecity.net    adserv.iafrica.com    adserv.quality-channel.de    adserver.dbusiness.com    adserver.garden.com    adserver.janes.com    adserver.merc.com    adserver.monster.com    adserver.track-star.com    adserver1.ogilvy-interactive.de    adtegrity.spinbox.net    antfarm-ad.flycast.com    au.ads.link4ads.com    banner.media-system.de    banner.orb.net    banner.relcom.ru    banners.easydns.com    banners.looksmart.com    banners.wunderground.com    barnesandnoble.bfast.com    beseenad.looksmart.com    bizad.nikkeibp.co.jp    bn.bfast.com    c3.xxxcounter.com    califia.imaginemedia.com    cds.mediaplex.com    click.avenuea.com    click.go2net.com    click.linksynergy.com    cookies.cmpnet.com    cornflakes.pathfinder.com    counter.hitbox.com    crux.songline.com    erie.smartage.com    etad.telegraph.co.uk    fp.valueclick.com    gadgeteer.pdamart.com    gm.preferences.com    gp.dejanews.com    hg1.hitbox.com    image.click2net.com    image.eimg.com    images2.nytimes.com    jobkeys.ngadcenter.net    kansas.valueclick.com    leader.linkexchange.com    liquidad.narrowcastmedia.com    ln.doubleclick.net    m.doubleclick.net    macaddictads.snv.futurenet.com    maximumpcads.imaginemedia.com    media.preferences.com    mercury.rmuk.co.uk    mojofarm.sjc.mediaplex.com    nbc.adbureau.net    newads.cmpnet.com    ng3.ads.warnerbros.com    ngads.smartage.com    nsads.hotwired.com    ntbanner.digitalriver.com    ph-ad05.focalink.com    ph-ad07.focalink.com    ph-ad16.focalink.com    ph-ad17.focalink.com    ph-ad18.focalink.com    rd.yahoo.com    realads.realmedia.com    redherring.ngadcenter.net    redirect.click2net.com    regio.adlink.de    retaildirect.realmedia.com    s2.focalink.com    sh4sure-images.adbureau.net    spin.spinbox.net    static.admaximize.com    stats.superstats.com    sview.avenuea.com    thinknyc.eu-adcenter.net    tracker.clicktrade.com    tsms-ad.tsms.com    v0.extreme-dm.com    v1.extreme-dm.com    van.ads.link4ads.com    view.accendo.com    view.avenuea.com    w113.hitbox.com    w25.hitbox.com    web2.deja.com    webads.bizservers.com    www.PostMasterBannerNet.com    www.ad-up.com    www.admex.com    www.alladvantage.com    www.burstnet.com    www.commission-junction.com    www.eads.com    www.freestats.com    www.imaginemedia.com    www.netdirect.nl    www.oneandonlynetwork.com    www.targetshop.com    www.teknosurf2.com    www.teknosurf3.com    www.valueclick.com    www.websitefinancing.com    www2.burstnet.com    www4.trix.net    www80.valueclick.com    z.extreme-dm.com    z0.extreme-dm.com    z1.extreme-dm.com

My HOSTS file is actually broken down into 3 sections. The first section (containing 4 lines at present), aside from the localhost entry, contains the sites of undesirable sites that *I* have compiled. The next section, set off by a blank line, contains 2 lines inserted by Norton Anti-Virus (NAV) that's used for email virus scanning. If you don't use NAV, leave this out. The last section is a list of undesirables obtained from https://www.ecst.csuchico.edu/~atman/spam/adblock.shtml, which is the source of this how-to. I highly suggest that you take a trip there and read the article.

Now, EXACTLY what are these sites? Basically, they fall into two categories:

  • The first type of undesirable site are those that serve up advertising. For example, ads.mweb.co.th and ads2.mweb.co.th are ad sites that sanook.com uses. Having assigned these sites the IP address on my computer, whenever I go to www.sanook.com, sanook.com's homepage will now attempt to load these ads from (i.e. on my computer) rather than from the real sites. Of course, the desired content doesn't exist on my computer and it will eventually "timeout". But since everything is done locally, the timeout should occur pretty quickly (presumably/hopefully faster than it would take to load the real ad).

    You can try this for yourself. Go to https://www.sanook.com. At the top of the page you will see a dark red rectangle with curved sides. If you have a HOSTS file with no references to ads.mweb.co.th or ads2.mweb.co.th, there will be an ad in the red area. On the other hand, if you were to use my HOSTS file, there will now be no ad, although the red area will still display. Not having to access the true mweb website should speed up your display a bit. It also removes one potential eyesore. To further test the case of the disappearing ad, you can also try https://www.dilbert.com and https://www.freshmeat.net.

  • The second type of undesirable site are those that count or "audit" your visit to a particular site. For example, the Bangkok Post's website (https://www.bangkokpost.com) uses a service by spinbox.net to obtain statistics on the number of visits to their website (or "eyeballs" in e-business vernacular). Presumably, this information is collected so that they can justify their online advertising rates or something. Now, if you don't want spinbox.net to count your visit or possibly worse, to obtain "other" information about you - e.g. your IP address (which determines which country you're in), where you just came from (not an XXX site hopefully), the type of web browser you're using (still using buggy Netscape?), etc. - you may want to redirect spinbox.net to good old as well (which is what my HOSTS file does) to avoid being counted or probed.

    By the way, if you're wondering what kind of information can be collected on you by the mere act of browsing, go to: https://www.privacy.net/anonymizer/. What's scarier is this: do these sites try to read your cookies as well? Who knows? In the U.S., a company called DoubleClick came under fire for collecting information on web surfers and then trying to link that information to real people. Depending on how paranoid you are, there's still obvious reason for concern here.

    (Note: Apparently, you can't disable DoubleClick in the usual manner. The correct procedure is to go to https://www.doubleclick.net/optout/default.asp and follow the on-screen directions. This will place a cookie on your computer that will disable future DoubleClick tracking.)

If you wish to add to the of list of "undesirables", you can do two things: a) Try and remember any "suspect" web sites that pop on your browser status line. This is pretty hard to do though since they pop up so fast. b) Peruse the HTML source code of a site's home page. This too isn't very satisfactory since it's a hassle and also because several pages may be loaded in succession and you will only be able to look at the last one.

Sigh, I wish there was a utility which could log ALL sites/pages accessed, when you visit a site, but so far I haven't found one. I've tried some "Spyware" programs, but these tend to log only the URL that you request, not all the URLs that are associated with the site.

While the abovementioned blocking technique should work to some benefit, there are at least two instances I can think of where it's powerless to do anything:

  • First, where the ad exists BELOW the root of the server. For example, while I can redirect ads.dummy.com to, I can't redirect www.dummy.com/ads.html. The domain name must be a "dotted" name with no slashes. Granted, I could redirect www.dummy.com, but I would lose the ability to read EVERYTHING from www.dummy.com, not just their ad pages.
  • Second, where the undesirable site is referenced by an IP address rather than a domain name. The Nation's website (https://www.nationmultimedia.com) does this. Unfortunately, you can't redirect one IP address to another IP address within a HOSTS file (I think).

One final note. You can also use the above technique to prevent people from going to certain sites (same idea, right?). For example, if I were to add www.playboy.com to my HOSTS file, no one using my computer could go there. (Of course, why would *I* want to do that?) But you get my point. Do realize though, that this is hardly a foolproof trick. A knowledgeable computer person could bypass this easily. But in certain situations, it's a cheap alternative to "baby sitter" software like NetNanny or Surfwatch.

Copyright © 2001, Thiravudh Khoman