This guide will show you how to block various domains that are associated with advertising, tracking, malware and more - all locally on your system. This is perfect for apps that might have advertising or trackers, as well as being a complimentary defense for browsers too.

It's a list and script made by Steven Black, which consists of a bunch of regularly updated malware, and advertiser domain lists. There are also options for blocking domains associated to porn, social networking and gambling sites as well.

This guide is aimed at Linux and OS X users, but there are more instructions on the github page for Windows folks.

- Youtube link
- Keybase mirror


Step 1. First we're going to back up our existing hosts file, just in case. Open up a terminal, and copy the file. You'll need admin privileges.

sudo cp /etc/hosts /etc/hosts.old

Step 2. Now we can clone the github repo:

git clone

Step 3. CD into the newly created hosts directory

cd hosts

Step 4. Steven made a useful python script that automatically pulls various regularly updated domain sources, and compiles them into a single hosts file. Type the following. We'll go through what each part does

python -a -r -b -e social gambling

- The python part launches the python program. If you have python 3, you'll type python3, all one word, here instead.
- We then choose the python script file
- The a option automates the creation process, removing all user prompts
- The r option replaces the active hosts file on your system
- The b option makes a backup of a previous hosts file
- The e option isn't necessary, but it allows you to add more domain categories to your list. By default, the main list includes all malware and advertising domains, but you can add more by using the keywords porn, social, or gambling

Step 5. Press enter and the script will pull domain lists from various sources, creating, and then implementing your new hosts file. You now will need to flush your DNS cache for this to work. The easiest way to do this is to reboot, or you could do it manually.

Step 6. Now when your browser, or any other apps on your system tries to connect to sites that are on this list, they are automatically blocked, and no connection will be made.


There are a lot more options you can look through, like making whitelists, custom domain mappings, editing the source lists and more. The github page has a lot more information.


These lists are updated very regularly, so it could be worth making a script to run this periodically. It's worth staying vigilant incase any domain sources get tainted somehow, but that's why we made backups, and you can always revert if you need to. Other than that, this is a cool way to add another layer of privacy and security to your network connected systems.

Thanks for watching.