Post Reply 
Blocking ip's...
Oct. 07, 2004, 06:51 AM
Post: #1
 
Hi. I have been using the prox for a few years now. I have configs that do that job, and a few extras added to the lists. Nothing like what most of you seem to be doing.

Anyway, I am curious to see just how large a blockfile I can use with it. Basically a host file. I am having problems though getting it to block a site, much less a domain. I am using Paul's 4 Ad lists. Crossed over from Willems recently.

I have tried the hostlist, the adlist and the domain list. With the following syntax
ipaddress
http://ipaddress
http://www.xxx.com
xxx.com

I don't know enough about html or stuff to use metacharacters. I am just trying to keep the page from even loading, similar to a hostfile.

I have been messin with blockfile manager. That gives me way more than enough to mess with. I also have lot's of host files found round the web. Trouble with blockfile manager, it gives ip's/ranges, and a kind of description of the url. I can convert it to a host file, or ip list, or a myriad of other formats. The ip list is pretty straight forward. The hostfile would appear like this
ipaddress wwwxxx.com or http://www.xxxcom or wwwxxxcom or xxxcomSpam or any other variation that makes no good hostfile.

So, how can I do this, what is the correct syntax, and where would it go. If it is even possible. I have posed this question at a number of sites, so far no answers.

Also, I see lot's of snippets of code to let the prox do different things. One example is the speeding up of dns lookups talked about here. I see the code, but don't know exactly which list I would put it in and where. Is there a post on this? I haven't found it, yet.

Thanks for any help
geri
Add Thank You Quote this message in a reply
Oct. 07, 2004, 09:02 AM
Post: #2
 
old salt;

First, Welcome to our forums!

Next, I'll try to answer your questions in quick fashion, so if something doesn't make sense, just ask for clarification. :P

A Hosts file is meant to take the place of a DNS server. A DNS server is meant to resolve "user friendly" textual addresses into network friendly numerical IP addresses. The proper format for a hosts file is:

domain-name.tld 123.123.123.123

It's easy to remember - you are submitting a name, and you want the numbers to be supplied to the browser (or whatever other program, such as ftp, email, etc.). In the short of things, this will alleviate the need to go outside of your machine, and onto the network, in search of a DNS server to resolve the address. Obviously, the HOSTS file can get large beyond all reason, so most people don't attempt to make it that big, they just use it for quick and dirty stuff, then let the DNS servers handle anything else.

Sadly, you can't just stick a HOSTS file into a proxo block list. It must be modified to remove the numerical IP addresses. The quick explanation for that is, Proxo doesn't care about address resolution, it's only looking at strings of text. If it finds a match, then (presuming we're talking about a block list here) the string of text is removed from further consideration, and the website in question is thereby effectively blocked. Simple, no? Smile!

Now, once we've stripped out the numerical stuff, we can look at the remaining list, and see that there's lots of room for improvement. For one thing, the HOSTS file must be explicit for each and every domain and sub-domain. For some domains, that's a lot of stuff to list out separately. Fortunately, Proxo lets us combine gobs of similar names by using the so-called "regexp", or regular expression. (Let's not get into that right now, just keep it in mind for future reference.)

The only other thing to remember is that Proxo only deals with Port 80 (when facing the outside world), and only addresses the HTTP protocol. That means that you'd still need a HOSTS file if you commonly use ftp, or an email client, etc. The upside is that your block list can be incorporated into many filters, and even parts of the overall list can be ignored or obeyed as dictated by various tests that Proxo can perform.

Lastly, you'd most likely add things to block to the file called URL Killfile.txt. You can reach that by right-clicking on the Proxo icon in the systray, mouse over the "Edit Blockfile" list, and choose the appropriate file to modify. Note that you can add entries to other files, such as your Bypass List.txt file, so named for obvious reasons. When you choose the Edit option, any file selected will open up in your default text editor, usually Notepad. But these are plain ordinary .txt files, so if you have some other editor chosen as the default action for opening a .txt file, that will be used instead of Notepad.

That was a lot of ground to cover, so I was quite brief <_< Keep asking questions, that's how we all learned how to use Proxo beyond what the Help file could tell us!


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Oct. 07, 2004, 11:35 AM
Post: #3
 
Nicely done Oddysey ; even I understood that ! Big Teeth Have a great day . Regards , Ralph
Add Thank You Quote this message in a reply
Oct. 07, 2004, 02:44 PM
Post: #4
 
Ralph;

Stop that, you're making me blush! Eyes Closed Smile But thanks!


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Oct. 07, 2004, 03:55 PM
Post: #5
 
Great response!

I gotta say for future converstations, I don't know much programming, but I am overly familiar with where everything is and how to add/edit etc.

Host files I have seen have been as you say, only usually 127.0.0.1 hehe. You are saying normally they do not have www. only name.com? So my end product would be, under #User added section#

badplace.com
and not
http://www.badplace.com

I have seen an online tutorial that says this
Quote:5. Restrictions on the hosts file don't apply to the Prox URL Kill feature. Wildcards allow it to block ads without blocking an entire site and it can be used with IP numbers. Examples:

http://207.218.316.23/pic.jpg or http://www.someplace.com/xyz/pic.jpg

So that is why I am tryin this.

I will play with the url killfile today and get back with some more questions.

Exellent job on the overview by the way. And thank you for not going into how to add this syntax or that syntax for all the options the prox can do. I've been researching firewalls and blocklists for a week now, and what little coding I mess with has been expanded in many areas at once from technical posts. I am surprised I can still read english Wink
Add Thank You Quote this message in a reply
Oct. 07, 2004, 09:29 PM
Post: #6
 
geriatric;
Quote:I am surprised I can still read english&nbsp; Wink
Who says you are reading English? :o I'm typing this in Lower Elbonian! <_< [lol]

Seriously, you're welcome. I've kept it brief, partially because we've already hashed this out in other threads on this forum. Feel free to search for 'em, they aren't too old, so their still relevant. :P

Quote:Host files I have seen have been as you say, only usually 127.0.0.1 hehe. You are saying normally they do not have www. only name.com? So my end product would be, under #User added section#

badplace.com
and not
http://www.badplace.com
You almost have the right of it. To emulate Paul Harvey - And now......... for the rest of the story. (copyright 1974-2004, Paul Harvey Enterprises, Inc.)

There is no law requiring a website to use the www. prefix. In point of fact, many sites across the 'net will respond correctly to either form of their address, with or without the prefix. Not all, but many. This is precisely why your HOSTS file must include all the possible permutations - it's being passed a string of text, and it has to look for an exact match, no exceptions allowed. (Well, actually, the HOSTS file is being examined by a sub-routine deep down in the bowels of the OS, a routine which isn't very smart, if you ask me. This has been virtually unmodified, nor updated, since JC was a Corporal. IMHO, by now it should at least handle regexp's. [angry])

So, we use 127.0.0.1 to return a numeric address for the string of text representing the badguy site, and of course our localhost located at 127.0.0.1 has nada sitting in its little teacup, perforce we see nada on our screens. Once again, through the miracle of modern electronics, we've been saved from being forced to visit a badguy site. Ain't life wunnerful? [rolleyes]

Quote:I have seen an online tutorial that says this
Quote:5. Restrictions on the hosts file don't apply to the Prox URL Kill feature. Wildcards allow it to block ads without blocking an entire site and it can be used with IP numbers. Examples:

http://207.218.316.23/pic.jpg or http://www.someplace.com/xyz/pic.jpg
Absolutely correct. Proxo is merely passing the address, as a string of text, out to the 'net, hence, it's fine with such a scheme as shown above. What it really means is that the HOSTS file was <span style='color:red'><span style='font-size:10pt;line-height:100%'>not</span></span> consulted, as a numeric address was already in place. This means that a badguy site can be visited - your HOSTS file protection was rendered null and void (pwned, in l33t-speak). Best to use Proxo to filter for this kind of behavior.

OK, gotta go. Keep those cards and letters comin', folks! [smoke]


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Oct. 07, 2004, 09:52 PM
Post: #7
 
So I can use http://ipaddress/whatever, or http://www.place.com/whatever, but not just ipaddress and not just http://www.place.com?

If I use an existing hostfile, do I have to rid the www. out of it all Sad

I don't see a kill url list. I have the following:
AD--
domain
keys
keywordlist
list
pathlist
urlalias
bypass
allowcookies
mimefix
killimages.

Perhaps I should reinstall(or, I mean copy/paste) Smile!

And, if I use a host file, and put 0.0.0.0 instead of 127.0.0.1, will this make the host file run faster? I have used large ones in the past, strictly playing, and it was SLOW.

Thanks again.
Add Thank You Quote this message in a reply
Oct. 08, 2004, 06:05 AM
Post: #8
 
geriatric;
Quote:I don't see a kill url list. I have the following:
AD--
domain
keys
keywordlist
list
pathlist
urlalias
bypass
allowcookies
mimefix
killimages.
I'd bet that AD-- is the one you want. If you right click the Proxo icon, choose Edit Blocklists, you'll almost certainly see AdList: URL Killfile.txt. That's the clue I'm using.

Quote:So I can use http://ipaddress/whatever, or http://www.place.com/whatever, but not just ipaddress and not just http://www.place.com?
In a HOSTS file, you'd have to use all possible permutations in order to be sure you've covered all your bets. In Proxo's filters (and by extensions, the contents of the list files too), can use regexp's to broaden the scope of what you want to block, per each line of text. Consider:

<span style='color:red'>WARNING! Programming lesson ahead! Please return your seats to their upright position, and fasten your seatbelts. At no time should you put your hands or feet ourside the browser until it stops. Thank you.</span>

In an ordinary case, we can include any prefix to a host's name with a simple [^/]++ set of characters, followed immediately by a period, and the site's basic name (OK, name and tld, if you wanna get technical). To block everything on that site, regardless of subdomains or whatever, simply append another slash, and an asterisk, and you're off to the races. In effect, you've killed all possibility of your browser ever reaching anything on that site. Here's what it looks like in real life:

[^/]++.some-dumb-site.tld/*

That's it. To cement the lesson, you should examine each of the list files for many examples of how to construct regexp's. The files are amply commented, so you should be able to figure them out without too much trouble, I'm sure. :P

<span style='color:red'>ALERT! Your programming lesson for today is now concluded. We return you now to your regularly scheduled life, already in progress. Thank you for flying Programs 'R' Us, the friendly electron shovers.</span>

John......

Marsha.....

John......

Marsha......

(repeat ad nauseum) ((Sorry, I couldn't resist. If you're truly an old fart like me, you'll know exactly where I'm coming from! Big Teeth))

Quote:And, if I use a host file, and put 0.0.0.0 instead of 127.0.0.1, will this make the host file run faster? I have used large ones in the past, strictly playing, and it was SLOW.
There should be no difference between the two number sets, but most folks seem to prefer the latter one, myself included.


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Oct. 08, 2004, 06:18 AM
Post: #9
 
geriatric,

Quote:badplace.com
and not
http://www.badplace.com

Perhaps an example would be helpful. Here is a sample from my connection-killer blocklist.
Code:
sitefinder*verisign.com
*.hta
*<(script|object|applet)*
([^.]+.|)global-finder.
([^.]+.|)uchase.com
([^.]+.|)youfindall.
([^.]+.|)pics-videos.
([^.]+.|)multimania
([^.]+.|)redsheriff
([^.]+.|)redsherrif
([^/]++.|)doubleclick.net/
([^/]++.|)lop.com/
([^/]++.|)dubolom.com/
([^/]++.|)comet.\w/
([^/]++.|)begin2search.com/
([^/]++.|)passport.com/
([^/]++.|)slipto.*/
Most of the time, I begin the entry with a wildcard in front of the hostname, to replace the prefix. You can, however, put wildcards anywhere in the hostname.
Add Thank You Quote this message in a reply
Oct. 08, 2004, 04:47 PM
Post: #10
 
Very cool.

I did not understand that the [^/]++. was used like that. I thought it was some crazy Udandan sign for stupid. :P Really though, I did not understand you had to start your address with that. Pretty simple.

How about the parentheses here ([^.]+.|) ? And the structure? That must change the way it is filtered, huh.

This may not be so hard afterall.

Oh, the list above, AD goes in front of all the below text. Those are the actual filenames by the way. Sorry, no kill url list. However, it is in the lists directory. Have no idea why it is not used. In a sudden flurry of new information, one of them, I believe Pauls lists, suggested something else. Or maybe not.

I have more lists that I am used to. I only switched to 4.5 recently. I have been using 3.? for a long time, and had it all set up. I switched to use the https thinga-ma-jigger. And in learning more about internet nasties, have been trying a lot of things new.

This has all stemmed because I am cheap. I use oupost firewall (free version), and I really love that program, far far above every other firewall I have used (and that is no small number). However, one limitation to the free version is that the blockpost plugin has some mental disorders with a listfile above 64kb. That is not many sites compared to the number available.

The only reason I even started messing with blockfiles again is that Alexa is such a pest. The blockfile plugin, with the Alexa ip's in it, does block it. And seeing how often such said nasties are blocked only encourages my opening of Pandora's box. Heh.

So, back to the task at hand.

Basic syntax, to completely kill a site from my knowledge, would be
[^/]++.alexaSUX.com/

The * at the end ensures "all" else under that directory is blocked as well?

So much to learn so little time.
Add Thank You Quote this message in a reply
Oct. 08, 2004, 06:31 PM
Post: #11
 
Hmm. Replaced proxo diretory with the original to get rid of the custom lists. URLkill was not at default. I added a new list of said name. Edit that list, to include
google.com
http://www.google.com
[^/]++.google.com
[^/]++.google.com/
[^/]++.google.com/*

Cleared all disk cache, turned off memory cache, cleared visited and typed addresses. It still loaded google. I am sure my browser uses proxy 8080. Opera 7.5.

At a loss now. Brain has finally met my rump.
Add Thank You Quote this message in a reply
Oct. 08, 2004, 11:28 PM
Post: #12
 
geriatric;

You've got it down pat - good job! Cheers

But, there are a couple of things we've all neglected to tell you so far. Just checking to see if you were awake, as it were. Ahem.....

ONE: A list can only do you some good if it's actually used by at least one filter. Proxo doesn't use a list by itself per se, the list has to be "included" within the filter, usually within either the Match or the URL sections.

There are several examples in the default configuration, and no doubt you can find them easily enough. The first one that I found in my setup is the Banner Blaster. Take a peek at the $LST() construct in the Match section. You can find others that use that same construct in the URL section, too. Kill All Images comes to mind.

TWO: Don't forget to make sure that you've configured Proxo to use the name you put in the parenthesis. That's done in Proxo's Config screen, on the fourth tab over, called appropriately enough, Blockfile. What you're doing here is telling Proxo you want to use a shortcut name for a given filename on your harddrive. Said shortcut can be short and sweet, or as long as you need it to be in order to make sense to you. And the text file's name doesn't have to have a .txt extension, but it does have to be straight ASCII, no formatting allowed.

OK, school's out for the duration. See ya next quarter! [lol]


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Oct. 08, 2004, 11:38 PM
Post: #13
 
Siamescat;

Your answer and example were perfect - I wish I'da thought o' that! Cheers


Oddysey

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Oct. 10, 2004, 06:51 AM
Post: #14
 
Quote:How about the parentheses here ([^.]+.|) ? And the structure? That must change the way it is filtered, huh.
I put the pipe symbol (|) and parentheses in because some sites have a prefix in front of the hostname sometimes, but not always. It means "not dot plus dot OR nothing". The pipe symbol is a Boolean OR.
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: