Network Wide Ad Blocker (Pi-hole)

Network Wide Ad Blocker (Pi-hole)

(This was a blog post that I originally wrote on my good friend tek’s blog which can be found here: http://teklordz.net/pihole I decided to move this over to my blog to consolidate and preserve it here.)


Ads… whether they are necessary/good or pure evil is outside the scope of this article. One thing that can be said though is that ads are definitely a vector for malware to enter your computer. A quick search brings up these articles:

Article 1, Article 2, Article 3

There was even a Defcon talk a few years back about inserting JavaScript code into an ad that once loaded in your browser would open multiple threads and download webpages/open sockets effectively DDOSing any website they wanted.

So how can you stop this? One solution is to install something like uBlock or Adblock Plus on your browsers. This unfortunately still leaves your phones, tablets, smart TVs/streaming sticks, and anything else that connects to the internet open to Ads, and therefore these attacks.

The easiest way to combat this (for the average person) is a piece of software called Pi-hole. It is a network wide Ad blocker. It works by taking over the role as your DNS server, the thing that turns domain names to IP addresses, and filters out black listed domains of known Ad servers, malware servers, and trackers (more on this later).

So how much does this cost you might say. Well nothing, the software is free (with regular community updates since its open source) and you probably have something that can run it. The software supports Ubuntu, Debian, Raspbian, CentOS, and Fedora. The full list of supported OS’ can be found here as well as the min hardware specs: Link

Installing Pi-hole:

  1. Get your computer and connect it with Ethernet to your router. This is NOT an official step but since it will be your DNS server you will want the shortest latency you can get to reduce page load times.
  2. Run “curl -sSL https://install.pi-hole.net | bash” (Without the quotes of course)
  3. Follow the install and select the things you want (Such as what Up-stream DNS server do you want to use. I would recommend Google’s or OpenDNS)
  4. Now you are done! (Help with the install can be found HERE)

Setting Pi-hole up:

To get going once installed you need to set your router (or devices) to use Pi-hole’s internal IP address as the DNS server (Link to info HERE)

To set an Admin password run this command:

pihole -a -p NewPasswordHere

history -c

The first command sets the pihole admin password and the second command clears your terminal history. Since you pass your password in as part of the command it is stored in your history which is definitely not safe.

Customizing Pi-hole:

Go to the web interface by navigating your favorite browser to 192.168.1.X/admin where X = the ip leased out by your router. If you don’t know what that IP is then go to the computer Pi-hole is installed on and run “ifconfig”. Look for  “inet addr:” under the network interface you are using.

This is what the interface looks like not logged in:

When you are logged in as admin more info is made available to you:

(I didn’t take a screen shot of the lower half due to domains and IP’s being leaked)

Pi-hole has a nice Query Log were you can search for past queries:

You can also manually white-list domains through the web interface:

Blacklisting is also very easy:

Settings and Extras:

Pi-hole comes with a nice settings tab and some little extras that make life easy.

The only thing you would need to change would be the Upstream DNS Servers. I would recommend that you leave your router to hand out DHCP leases and only use Pi-hole as a DNS server.

A nice feature is you can see the pihole.log file live!

You can also query your Ad block lists to see if there is a domain(s) that is being blocked:

Finally, when there is a website that is just completely broken because something won’t load you can disable the blocking feature of Pi-hole and have it act as a normal DNS server answering all your requests.

Conclusion:

I would recommend everyone who doesn’t have some sort of network wide Ad blocker to set this up. It really makes a HUGE difference in page load speeds for mobile devices. It makes mobile browsing usable, without all of the Ads that pop up, ask you to swipe, and auto play videos. I mean for fucks sake, I don’t mind static ads but when it just destroy the browsing/reading experience so much that it starts to pisses me off, then I will kill it with fire… or maybe just Pi-hole on a pi3.

Tips:

  • I still use uBlock on all my browsers with a couple cookie/tracker blockers for all of the ads that might slip through.
  • If you have any Smart TV/Streaming stick I would do some hunting and see what domains they use to send ads, track you, or give shitty recommendation. If you use Roku adding these to your blacklist might be worth wild.

If you have any questions or comments feel free to tweet me at @bl4ckneon (Hacker/security Twitter) or @starfox707 (Personal Twitter) or find me on Demonsaw!