10-28-2012, 03:02 PM
I add a lot of custom entries to my windoze HOSTS file to "enhance" my browsing and web-surfing experience.
Something that I'm finding is that when I browse to certain web-sites, my browser is poping up a window asking me if I want to save the file X.php, where X is usually "like" or "likebox". When I look at the underlying web-code on the web-page, I see that the request for the php file is associated with a host that is in my HOSTS file. When I tell my browser to Save the file, I end up with a file of zero size.
Is this the expected behavior for a browser when it tries to get a php file from a blocked host?
Is it more trouble than it's worth to run a local web-server to serve up (or server-side-run?) an empty php file?
10-28-2012, 04:11 PM
Hosts will allow you to lookup ip's for specific site names, done before the lookup on DNS. I would presume that you are redirecting to (hopefully) 127.0.0.1 as whatever blocking you are doing. I do the same with known advertising and malicious sites.
The behaviour you see is an improperly configured webserver pushing its content as attachment instead of inline. If you are looking up at 127.0.0.1, than this will be your webserver doing it. If its a PHP file, all you need to do is configure it to run through a PHP interpreter, or you can simply use .htaccess or httpd.conf to redirect any bad requests (which you will get a lot of when you do this) to a simple blank index.html file. Or even simply interpret .php as .html instead.
I wouldn't bother with using a webserver just for this. If you have no other need for it, there is no problem simply looping it back your machine with no listener for http. You simply get an error message that shows instead. I prefer a blank page to an error message on the screen myself, but the error message is handy in the sense you can see that it is redirecting to your machine.
10-28-2012, 04:34 PM
Here's an example:
I have facebook.com and www.facebook.com in my hosts file:
From a particular website, here is a sample of code:
iframe src="http://www.facebook.com/plugins/like.php? (...)"
Every time I browse to that site, my browser pops up a window asking me what I want to do with the file "like.php" - save or open it.
I just installed a firefox add-on (blocksite 0.7.1.1) and added "www.facebook.com" to the blacklist. After doing that, the browser no longer opens a window asking me what I want to do with the php file.
I suppose that the site is trying to force my browser to issue a facebook "like" action without my knowledge every time I visit the site. Yes?
10-29-2012, 03:05 AM
Nope, you're localhost is trying to force you to choose how to open it. The FF plugin blocks it at a different level.
You simply need to configure your webserver differently.
10-29-2012, 06:30 PM
I don't think the HOSTS file is causing this behavior. I have the MVPS hosts file, and have added many hosts belonging to google and other ad-servers as well as twitter and many different facebook hosts. According to you, this behavior of my browser popping up a window asking me if I want to save this or that file should be happening constantly - but it doesn't.
When a web-page includes a reference to a host that's named in the HOSTS file, normally there is no action or result because there is nothing running on the local machine (127.0.0.1) to serve the file - so it behaves like a time-out (host not found, file not found, etc).
What I'm seeing only seems to happen for a few different files (like.php, likebox.php, getsegment.php). Note that all of them are php files.
And - I still want to know if the link to facebook's like.php inside an iframe is a way for a website to generate a bogus "like" click-event.
10-29-2012, 06:37 PM
Nope, like I said its not the hosts file itself. Its your local webserver that's causing it.
127.0.0.1 facebook.com would redirect DNS lookups on facebook.com to resolve to 127.0.0.1. So this then serves the entire path as specified in the request to 127.0.0.1, so in this example you have http://www.facebook.com/plugins/like.php?..., which then looks up at http://127.0.0.1/plugins/like.php?. . .. So the behaviour you are seeing is caused by a lookup of your server's /plugins/like.php file. The prompt indicates it finds *something*, but doesn't indicate if this is a real file or if its a rewritten file. I'd suspect that its a rewrite from something if you are seeing intermittent behaviour on different sites.
And yep, the .php could be the cause as well. If the server is not configured to deal with .php, and doesn't default to text/plain, it will likely serve it as an unknown type to the browser which forces it to open (ie: text/php for example).
Linking to facebook in any scope will be blocked so long as its provided to you in the form of facebook.com. The client is responsible for the lookups, so if you have a hosts that specifies that facebook.com is located on 127.0.0.1, it will never resolve to facebook.com's ip address.