Host file not blocking site

SamanWebber wrote:

Does anyone know why?

Yes!

Your question was quite interesting so I had to track it down. This site is hosted on CloudFlare. Apparently, CloudFlare is using a new, secure DNS service that effectively bypasses your /etc/hosts overrides. I found the answer here: https://superuser.com/questions/1657925/some-websites-bypass-hosts-file-in-safari

Unfortunately, it doesn't look like there is any way around it. I guess I could use this as an excuse to try to dissuade you from using the hosts file like this. I realize it is popular as a DIY adblocker. I even know of one app called "covenant eyes" that continually rewrites the contents of the hosts file in an attempt to block web site requests for people whose Christian faith is stronger than their self-control and technical skill. And then there is another for people whose Christian faith is weaker than their children's technical skill. On the other side of the spectrum, it is also a popular method for software piracy.

But really, this is a configuration file intended for network admins to roll their own DNS and developers to test websites. Just get yourself a decent web blocker. Apparently, ecosia is pretty active on the adware front. It sounds like they've found a way to bypass these DIY adblockers.

a test you may do if you have time:

Whichever network adapter you are using, whether WiFi or Ethernet,

disable it's (or disable both adapter's) IPv6 based DHCP client service,

so that, it does not obtain IPv6 from your router.

Set the network-adapter's DNS-server, into your router's ip-address (aka: gateway ip-address),

and keep only one ip-address there for now.

Close the ecos.. app, restart mac.

Login into your router, find+goto the section that shows last few mintues or last used all net-traffic packet activities.

If such option is not enabled inside your router, then enable net traffic logging in router.

Start ecos.. app, & observe what ip-address its using that ends with the port 53 , in router's packet logging,

Suppose if ecos is using EXAMPLE dns server 22.22.22.22 , then in router's net traffic packet logging,

you will see atleast 2 packets going into 22.22.22.22:53.

in that way you can find-out / know ,what dns server ip-address is used by an app inside your computer, as you started ecos.. app inside your computer, so its very likely thats what used the dns-server.

secure DNS can also use port 853 in remote DNS-server, so observe/look for that port based net-traffic, in router's net-pkt logging.

now inside the router, you will see an option that allows to block network traffic packets into specific ip-address,

crate a firewall rule for that, to drop the network packet , when any LAN clients start to communicate with internet bound 22.22.22.22 ip-address.

there are some app, which uses their own/customized dns-servers, when running system's dns resolution is not working or not-trustable,

to block such connections into external internet bound dns-server(s),

you will have to find which dns-server that/those app is/are using,

and then block them by using firewall rules inside your router.

Many apps will start to use IPv4 net stack, if IPv6 net stack is not-working,

or will do the opposite,

to stop such activities & bring them under your control, disable IPv6 stack (major portions) in your computer's network-adapter, as thats little bit easier.

More info on DNS Cache clearing : Reset the DNS cache in OS X - Apple Support (CA)

so usually below works fine (in macOS Monterey/Ventura) in Terminal:

sudo dscacheutil -flushcache ; sudo killall -HUP mDNSResponder ;

when i used words "close the ecos..app" or "start the ecos..app" , i meant to close/start the web-browser app that you are using to access/test the ecos...org website.

website needs an app : HTTP-client app (aka: web-browser app), to connect with it.

As some (web-browser, net-diagnostics, etc) app do use their own different recursive/caching DNS server, so caching dns-servers traffic also need to be blocked.

your web-browser(s) are your app, command line tools inside your Terminal (or Shell) which you use for this test+block purpose are your app.

what i'm talking about is, how to stop unwanted websites (domain-names, sub-domain names, etc), in various or all apps that we use in our computer completely, or stop unwanted websites completely from router config.

Many users dont like when various web-crawlers coming from cloudflare type of cloud hosts, & steals/takes-away web-server data, etc.

There are various+MANY web tools & standalone tools that can reveal all hosts name , sub-domains, ip-address, etc etc used by a domain or sub-domain or a host, etc , even if its under a cloudflare/cloudfront, etc dns managed.

https://subdomains.whoisxmlapi.com/ (they have other services).

search there your test domain : ecos...org

in my side result showed it has 63 sub-domains etc : https://subdomains.whoisxmlapi.com/lookup-report/mwkWgz7DkK

also try these :

https://www.ipaddress.com/search/

https://securitytrails.com/dns-trails

https://github.com/jobertabma/virtual-host-discovery

https://pentest-tools.com/information-gathering/find-virtual-hosts

if you want to block those (unwanted sites) only in one computer, then goto /etc/hosts or /private/etc/host file, and/or use PF firewall (if it is a mac computer).

if you want to block those (unwanted sites) for all computers under your LAN side, etc, then goto router, setup firewall rules to drop packets for those unwanted web-sites.

in windows, anyone can very easily downlaod free firewall app from Comodo, & start protecting their windows computer.

Even w/o using Comodo firewall, a windows-user can directly configure Windows firewall rules, to make it more safe.

but apple ppl / mac devs , etc made it very hard , complicated.

As if (harmful) hackers telepathically knows which is mac computer & will not do port scan etc to find holes,

or As if mac computer user dont need their own overriding blocking rules for their protection.

everything has plus & minus side.

To make an effective block (of those unwanted websites), you also have to find & block all public CACHING DNS server's ip-address and their host/domain-name also if exists.

But you must not block any root dns servers, TLD (aka 2nd-Level) dns servers.

You can use the macOS's builtin PF firewall :

https://apple.stackexchange.com/questions/230209/how-do-i-drop-outgoing-packets-to-specific-host-port (2016)

https://iyanmv.medium.com/setting-up-correctly-packet-filter-pf-firewall-on-any-macos-from-sierra-to-big-sur-47e70e062a0e (2021)

https://apple.stackexchange.com/questions/350579/how-to-configure-macos-firewall-to-block-outgoing-ip-ranges (2019)

https://blog.neilsabol.site/post/quickly-easily-adding-pf-packet-filter-firewall-rules-macos-osx/ (2018)

https://manjusri.ucsc.edu/2015/03/10/PF-on-Mac-OS-X/ (2015/old)

or use any one of the paid software pf firewall wrapper apps to use macOS's pf firewall.

https://www.macupdate.com/best-picks/mac-firewall (2021)

https://apple.stackexchange.com/questions/86517/firewall-for-outgoing-connections (2013/old)

if your computer is assigned a fixed ip-address by your DHCP in Router (or you manually set a fixed ip-adrs inside network-adapter), then in router's firewall rules, you can easily specify for which local computer you want to drop outbound unwanted sites.

Open-up the "Terminal" utility tool, its similar to "Command Prompt" of Windows. (More info: here).

( / Applications / Utilities / Terminal.app )

Then run below command inside it:

sudo nano /private/etc/hosts

Then you may need to run the DNS cache flushing command, so that earlier site access data & ip-address are removed, and so that site name to ip-adrs resolving to those specific sites can fail:

sudo dscacheutil -flushcache

He is talking about a website, not an app