釣魚網站：詳解hosts文件

{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"1、背景    "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"hosts文件想必好多人都會聽說過吧，大多數情況下，或許是你在安裝某些軟件的時候，軟件在自動在線更新時無法正確及時鏈接時，往往就需要修改hosts文件啦。例如，更新AndroidADT時。那麼究竟hosts文件是什麼東東呢？"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"2、概念"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"hosts是一個沒有擴展名的系統文件，可以用記事本等工具打開，其作用就是將一些常用的網址域名與其對應的IP地址建立一個關聯“數據庫”，當用戶在瀏覽器中輸入一個需要登錄的網址時，系統會首先自動從Hosts文件中尋找對應的IP地址，一旦找到，系統會立即打開對應網頁，如果沒有找到，則系統再會將網址提交DNS域名解析服務器進行IP地址的解析。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"hosts文件一般(Windows系統)都是在"},{"type":"text","marks":[{"type":"underline"}],"text":"C:\\Windows\\System32\\drivers\\etc\\"},{"type":"text","text":"，如果找不到，顯示隱藏文件就可以啦。不同系統下一般存放目錄都是不同的，不過可以簡單搜索下就可以找到了吧。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"3、工作方式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"讓我們來看看Hosts在Windows中是怎麼工作的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我們知道在網絡上訪問網站，要首先通過DNS服務器把要訪問的網絡域名解析成XXX.XXX.XXX.XXX的IP地址後，計算機才能對這個網絡域名作訪問。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"要是對於每個域名請求我們都要等待域名服務器解析後返回IP信息，這樣訪問網絡的效率就會降低，因爲DNS做域名解析和返回IP都需要時間。爲了提高對經常訪問的網絡域名的解析效率，可以通過利用Hosts文件中建立域名和IP的映射關係來達到目的。根據Windows系統規定，在進行DNS請求以前，Windows系統會先檢查自己的Hosts文件中是否有這個網絡域名映射關係。如果有，則調用這個IP地址映射，如果沒有，再向已知的DNS服務器提出域名解析。也就是說Hosts的請求級別比DNS高。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"4、作用"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"來看一下Hosts文件的工作方式以及它在具體使用中起哪些作用。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"4.1 加快域名解析"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於要經常訪問的網站，我們可以通過在Hosts中配置域名和IP的映射關係，提高域名解析速度。由於有了映射關係，當我們輸入域名計算機就能很快解析出IP，而不用請求網絡上的DNS服務器。"}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/61/61c74f1dbe43aaf4a20548c75e9f5d3a.jpeg","alt":null,"title":"","style":[{"key":"width","value":"100%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"4.2 方便局域網用戶"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在很多單位的局域網中，會有服務器提供給用戶使用。但由於局域網中一般很少架設DNS服務器，訪問這些服務器時，要輸入難記的IP地址。這對不少人來說相當麻煩。可以分別給這些服務器取個容易記住的名字，然後在Hosts中建立IP映射，這樣以後訪問的時候，只要輸入這個服務器的名字就行了。對於各位大神，這樣一弄是不是覺得更加方便了吧，也提高工作效率了哦，上司會看好你喲。"}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/6d/6d90b3542297eb5de13e9dc8837d9498.jpeg","alt":null,"title":"","style":[{"key":"width","value":"100%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"4.3 屏蔽網站（域名重定向）"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有很多網站不經過用戶同意就將各種各樣的插件安裝到你的計算機中，其中有些說不定就是木馬或病毒。對於這些網站我們可以利用Hosts把該網站的域名映射到錯誤的IP或本地計算機的IP，這樣就不用訪問了。在WINDOWS系統中，約定 127.0.0.1 爲本地計算機的IP地址, 0.0.0.0是錯誤的IP地址。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果，我們在Hosts中，寫入以下內容："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"   127.0.0.1  # 要屏蔽的網站 A"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    0.0.0.0     # 要屏蔽的網站 B"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這樣，計算機解析域名A和 B時，就解析到本機IP或錯誤的IP，達到了屏蔽網站A 和B的目的。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"4.4 順利連接系統"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對於Lotus的服務器和一些數據庫服務器，在訪問時如果直接輸入IP地址那是不能訪問的，只能輸入服務器名才能訪問。那麼我們配置好Hosts文件，這樣輸入服務器名就能順利連接了。"}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"5、hosts文件與釣魚網站"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"hosts文件有時也會被一些木馬程序惡意的修改，使你訪問某些網站時卻被在毫不知情的情況下跳轉到指定的釣魚網站啦。類似很多的釣魚網站就是這麼實現的，接下來我們驗證一下吧。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"舉例：把【百度】網站給跳轉到我本地的路由器登陸頁面"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"百度："},{"type":"link","attrs":{"href":"http://www.baidu.com","title":null},"content":[{"type":"text","text":"www.baidu.com"}]},{"type":"text","text":"         路由器ip：192.168.1.1"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"（1）修改hosts文件前，我們ping一下百度，可知百度的域名和ip對應情況："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"※有的網站根據ping是無法查到其域名對應的DNS解析的IP地址，因爲它們出於安全性考慮，屏蔽了ping來查找器IP地址的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"記得以前ping百度是找不到其IP地址，今天不知怎麼就能找到啦。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    -------------------------------------------------------------------------------------------------  "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"     C:\\Users\\ThinkPad>ping baidu.com"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"     正在 Ping baidu.com [220.181.111.86] 具有 32 字節的數據:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"     來自 220.181.111.86 的回覆: 字節=32 時間=119ms TTL=49"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"     來自 220.181.111.86 的回覆: 字節=32 時間=116ms TTL=49"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    來自 220.181.111.86 的回覆: 字節=32 時間=180ms TTL=49"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    來自 220.181.111.86 的回覆: 字節=32 時間=124ms TTL=49"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"     220.181.111.86 的 Ping 統計信息:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"     數據包: 已發送 = 4，已接收 = 4，丟失 = 0 (0% 丟失)，"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"     往返行程的估計時間(以毫秒爲單位):"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"     最短 = 116ms，最長 = 180ms，平均 = 134ms"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"   ---------------------------------------------------------------------------------------------------"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"     由此，可知百度的真實ip是220.181.111.86。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"（2）接下來就修改hosts文件，把百度跳轉到我的路由器登陸頁面，修改如下：     "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"      192.168.1.1     baidu.com"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"（3）再次ping一下百度吧，是不是修改成功啦"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"  --------------------------------------------------------------------------------------------------"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    C:\\Users\\ThinkPad>ping baidu.com"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    正在 Ping baidu.com [192.168.1.1] 具有 32 字節的數據:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    來自 192.168.1.1 的回覆: 字節=32 時間=1ms TTL=64"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    來自 192.168.1.1 的回覆: 字節=32 時間<1ms TTL=64"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    來自 192.168.1.1 的回覆: 字節=32 時間=31ms TTL=64"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    來自 192.168.1.1 的回覆: 字節=32 時間=10ms TTL=64"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    192.168.1.1 的 Ping 統計信息:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    數據包: 已發送 = 4，已接收 = 4，丟失 = 0 (0% 丟失)，"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    往返行程的估計時間(以毫秒爲單位):"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    最短 = 0ms，最長 = 31ms，平均 = 10ms"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"  ----------------------------------------------------------------------------------------------------"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"    此時，說明成功將百度解析到了192.168.1.1（釣魚網站）"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"（4）現在我們訪問下百度吧，是不是跳轉到其它頁面啦，釣魚成功啦。"}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/1a/1ac6c36ae42207aea87a8b36091b087f.png","alt":"","title":null,"style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"注：舉這個例子，並不是教大家如何來釣魚的哦，而是到遇到類似釣魚網站的時候，不妨可以查看寫hosts文件是否有額外的記錄，防止被釣哦。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/22/220b80503e4a0d5ba95bb4523329a4f2.gif","alt":null,"title":"","style":[{"key":"width","value":"100%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}