# 2 hostnames assigned by default to 127.0.0.1



## drupaladdict (Jun 30, 2012)

My OS: *Windows 7 professional 64bit*

Developing *Drupal 6* sites locally using *XAMPP 1.7.1*.

I discovered localhost (127.0.0.1) is accessible either by typing: *"http://localhost"* or *"http://kat.ph"* (?). 

Where *"http://kat.ph"* comes from? 

I opened my *"hosts"* file on Windows and it is not listed there. I checked *"httpd-vhosts.conf"* out (*\xampp\apache\conf\extra\httpd-vhosts.conf*), but it is not there either.

I had this problem before restoring completely my system through recovery discs.

After restoring completely my Windows operating system, the issue is still there. 

I have made a computer scan using the *Windows Malware Removal Tool*, *Eset Nod32 AV 5* (installed on my machine) and even *Eset Nod32 online scanner*. Result: *no threats found*. :shadedshu

It seems like *two default hostnames* have been assigned to 127.0.0.1.

How can I get rid of *"http://kat.ph"* pointing to 127.0.0.1? 

I want only *"http://localhost"* to be mapped to 127.0.0.1. 

Thanks,
Arnold.


----------



## W1zzard (Jun 30, 2012)

start -> cmd -> nslookup -> set q=any -> kat.ph


```
Non-authoritative answer:
kat.ph
        primary name server = ns0.kat.ph
        responsible mail addr = root.kat.ph
        serial  = 2012062808
        refresh = 10800 (3 hours)
        retry   = 900 (15 mins)
        expire  = 604800 (7 days)
        default TTL = 86400 (1 day)
kat.ph  text =

        "v=spf1 +a include:mail.kat.ph ~all"
kat.ph  MX preference = 10, mail exchanger = mail.kat.ph
kat.ph  nameserver = ns4.kat.ph
kat.ph  nameserver = ns7.kat.ph
kat.ph  nameserver = ns5.kat.ph
kat.ph  nameserver = ns6.kat.ph
kat.ph  nameserver = ns3.kat.ph
kat.ph  nameserver = nsa.kat.ph
kat.ph  nameserver = ns9.kat.ph
kat.ph  nameserver = ns8.kat.ph
kat.ph  nameserver = ns1.kat.ph
kat.ph  internet address = 195.3.147.99
kat.ph  internet address = 78.138.97.181
kat.ph  internet address = 109.163.227.73
kat.ph  internet address = 193.105.134.194
```

that's what i get here


----------



## Easy Rhino (Jun 30, 2012)

i am assuming you live in the philippines? if so then that is your DNS server setup through your ISP i believe.


----------



## drupaladdict (Jun 30, 2012)

Hi *W1zzard* and *Easy Rhino*. Thanks for your fast reply.

I live in Europe.

I typed the following at the command prompt:


```
C:\>nslookup -q=any kat.ph
```

Here is the value returned from the prompt:


```
kat.ph
        primary name server = localhost
        responsible mail addr = root.localhost
        serial  = 2012062900
        refresh = 3600 (1 hour)
        retry   = 1800 (30 mins)
        expire  = 2419200 (28 days)
        default TTL = 60 (1 min)
kat.ph  nameserver = localhost
kat.ph  internet address = 127.0.0.1
```

What's happen here? It makes no sense at all. 

Bye.


----------



## Kreij (Jun 30, 2012)

What reply? Nothing has been removed from this thread.


----------



## drupaladdict (Jun 30, 2012)

Yes it's true.

I posted my reply again and it appeared.

Maybe I made a mistake when I sent my reply the first time.

Everything is ok, thanks.


----------



## Kreij (Jun 30, 2012)

I do believe that kat.ph is the site for KickAss Torrents. Do you use their torrent sites?


----------



## drupaladdict (Jun 30, 2012)

I have installed *XAMPP 1.7.1* on top of a *clean* Windows 7 64bit OEM installation through recovery discs.

I haven't any torrent client installed or running on my machine.


----------



## W1zzard (Jun 30, 2012)

some posts not showing up is our anti-spam software for new users. those posts will get approved as soon as a moderator sees them

--

are you sure your hosts file doesn't have an entry for kat.ph ?


----------



## Mindweaver (Jun 30, 2012)

You can block unwanted sites using your _host_ file. If you use _*Spybot*_ and use _immunize_ it alters your host file to block dangerous sites. Example: 
	
	



```
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1	www.sitetoblock.com
# This list is Copyright 2000-2008 Safer Networking Limited
# End of entries inserted by Spybot - Search & Destroy
```

just remove the line that points that site to _127.0.0.1_. Remember _127.0.0.1_ is _home/localhost_.


----------



## drupaladdict (Jun 30, 2012)

I found out what happened (*unbelievable*). 

This is the proof Western democracies are slowly
falling into *China-like dictatorships* while people
keep on sleeping. :shadedshu

*</rant>* 

I connected another PC to the Internet and...
guess what? *The same problem arose*. 

To cut a long story, my ISP (*Telecom Italia*) has
blocked some sites, they are not accessible at all. 

If you connect to those sites while a local server
is *NOT* running, you are presented with a *"Page not found"*
error. 

But, if a local server like *Apache* is running on your machine
and you try to connect to a given *censored* site, *you are
redirected to 127.0.0.1 (localhost)*. 

I have had the confirm of this by trying to connect to
a different censored site (*kickasstorrents.com*) while *Apache*
was running. Same behaviour as *kat.ph* (that is, I am redirected
to 127.0.0.1 (localhost). 

No virus, no bug, nothing like that. It's *simple, old-fashioned,
tyrannical, iilegal, China-style CENSORSHIP*. 

Bye,
Arnold


----------

