Comments on: ABE Warnings Everywhere OMG!

By: Kevin Chadwick

Kevin Chadwick — Sun, 03 Jan 2010 19:03:48 +0000

127.0.0.0/8 and 0.0.0.0/8 should likely be blocked on any incoming interface especially wireless. I believe 255.255.255.0 would be a much better choice in general than 127.0.0.1. The only problem may be if a spyware program incorrectly blocks a clean site that you want to visit and then corrects this mistake by removing that entry. I would expect the domain to be searched for ignoring the ip and so even that case could easily be made irrelevent. If you have edited this file in the first place and use noscript, it would be likely that that person can backup or reset the host file or even delete it, likely without huge consequences (maybe a badly made game server host etc). On a large network with an unusual setup the consequences of using 127.0.0.1 maybe far greater.

As for speed it may be that a firewall is dropping connections to 255.255.255.0 and not 127.0.0.1, therefore it may be slower to respond or timeout those connections but if you do not want to connect to that address, then why should it matter.

Trust a microsoft employee to think existing practice should outrank best practice, lol. Especially when the changes to fix these spyware programs would be tiny and may already be unnecessary and or uneventful.

"I have no intention of altering "127.0.0.1" just because of some poorly
researched extension …"

Should have been
"I have no intension of recommending companies follow the rfcs which provide an industry standard of best practice methods just because of some well researched extension and I also recommend people who understand the risks of scripting don’t use the windows gui or activate windows (scripted) or accept adobe licensing agreements as these actions would be prevented by our own windows security scripting policies when enabled and it should be noted that activation and license acceptance actually gains us something and the user nothing but potential headaches via security problems and unidentifiably poor software".

By: Giorgio

Giorgio — Sat, 28 Nov 2009 18:43:02 +0000

@Sorrow:
Correct, and no compatibility issues.

By: Sorrow

Sorrow — Sat, 28 Nov 2009 05:54:16 +0000

So, amidst all this discussion, the bottom line is:

Use 0.0.0.0 as your target IP address instead of 127.0.0.1, except in the case of the first line, which should be your redirect address, AKA computer.

Correct? No compatibility issues whatsoever?

By: j

Sun, 18 Oct 2009 18:32:42 +0000

this is a great site as i have searche alll over to find a buffet of script coders

By: j

Sun, 18 Oct 2009 18:30:21 +0000

thank you for creating this

By: Giorgio

Giorgio — Thu, 23 Jul 2009 13:17:42 +0000

@SteveSkinz:
Your net configuration has probably nothing to do with the errors you get.
Please feel free to join our web tech forum if you want to discuss this issue.

By: SteveSkinz

SteveSkinz — Wed, 22 Jul 2009 21:09:38 +0000

Thanks, Giorgio.
For everything includingall very good instant page links.
I would also like to say a big thankyou to all poster’s also, in every post i read i found a direct link or some usefull information.
I have had my PC some 4 yesrs now & have alway’s used free/freeware/shareware products/software coz i’m a low income family of 4 and i wont pay for anything unless i know it is the best, i used to buy Norton Security suite’s but they suck IMO especially for price I even think AVG free is better lol.
I’m currently using Firefox 3.7 and have notied alit of scripting erors when i run a reg cleaner, probabbly the by a storm of ABE warnings linked from external web sites.

The solution is simple: So say’s you, I didnt really understand?
I know my IP config is:-
localhost 127.168.0.1 home.example.com (This sets up my Router)
Localhost2 127.168.0.3 (Thisis for my Daughter’s WiFi Lap lop Settings)
Subnetmask 25.255.255.0 (i think)
Loop I think i 192.168.101 (Is that right)?

I dontreally understand IP Config’s especially blocking sripts which is what i want and need to be able to do (This PC is XP the Lap Top is VISTA).

If you can explain in dummy instrutions, thanks!

Have a great morning/day/afternon and night- Slep Well ;-) .

By: Tom T.

Tom T. — Mon, 13 Jul 2009 01:57:45 +0000

Not sure what happened to the table of ping times I was attempting to post, - I see only a couple of lines of it now — but no matter. The bottom line is *.0 is the way to go.

By: Tom T.

Tom T. — Mon, 13 Jul 2009 01:51:36 +0000

Thanks, Giorgio. Will use *.0 as advised.

Speed information:

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time

By: Giorgio

Giorgio — Sun, 12 Jul 2009 15:30:33 +0000

@Lewis:
In your specific case (web site on localhost meant to be referenced from outside), you just need an exception at the beginning of the SYSTEM rule like this:

Site http://home.example.com
Allow

Regarding 127.0.0.1 VS 0.0.0.0, it works the opposite of what you believe. You may want to check this comment by Cd-Man reporting a ~100 times speed improvement of using an invalid *.0 address over 127.0.0.1.

While I can’t swear about Cd-Man’s numbers, I can swear about Firefox internals: invalid addresses like 0.0.0.0 or 255.255.255.0 don’t generate any network traffic, and their rejection is immediate: therefore they’re a far better candidate for adblocking.

@Tom T.:
I could not recommend using a valid unassigned external IP, not only for the reason above (unneeded network activity, even if just DNS resolution like in your case) but because tomorrow it might get assigned.
Just use an invalid address.