Pi Hole, where to stick advertizing you don’t want…

One of the first things I did with my old Raspberry Pi B model was to make a DNS server / DNS blocker and load a bunch of “the usual suspects” into the dns table to make them ‘localhost’. I also installed a light weight Apache server serving exactly one page saying “It Works!”. Now a load of request for ads just get a blank space or get a panel saying “It Works!”…

But this takes maintenance. Over time, new actors enter the ads business and old actors change URLs. Slowly ads have crept back in around the edges.

Looking around, I found this project that does something very similar, but “as a group” you will have a better table update, and it does it more completely and elegantly. At some ill defined future time, I’m going to replace my homebrew IP Thief with Pi Hole.

For your amusement and edification:

https://pi-hole.net

Has lots of good stuff and detail. One sample:

Monitor Performance And Statistics

The Web interface shows how many ads were blocked, a query log, and more.

The Github repository:

https://github.com/pi-hole/pi-hole

A black hole for Internet advertisements (designed for Raspberry Pi) https://pi-hole.net

Automated Install
Designed For Raspberry Pi A+, B, B+, 2, Zero, and 3B (with an Ethernet/Wi-Fi adapter) (Works on most Debian distributions!)

Join the chat at https://gitter.im/pi-hole/pi-hole

Install Raspbian

Run the command below

curl -L https://install.pi-hole.net | bash

Alternative Semi-Automated install

wget -O basic-install.sh https://install.pi-hole.net
chmod +x basic-install.sh
./basic-install.sh

Once installed, configure your router to have DHCP clients use the Pi as their DNS server and then any device that connects to your network will have ads blocked without any further configuration. Alternatively, you can manually set each device to use the Raspberry Pi as its DNS server.

I also have some sites like {anything}.microsoft.com grounded so that stealth updates can’t happen. (To update, just point your DNS service at your boundary router or any public DNS and you get all the usual ads and updates and “stuff”…). At some point I’m also going to look up what blocks of addresses are used by, oh, China and Russia and The US Government and block them, too. You can wild-card whole address blocks, so it isn’t like you need to add 12,000 entries. Things like 17.255.255.255 (or 17.0.0.0/8 depending on address mask method) can block huge chunks of the internet from ever being reached by your box. Since I can’t think of a case where I just MUST connect to China, I see no reason for it to be reachable by default. Similar routing blocks can be added to your private side router to be doubly sure… though then you must skip that router to get a connection to China if you need one. A simple repoint of the DNS server won’t do it. Also anyone from there attacking my box can’t get packets back…

This page also has some interesting advanced options:

http://jacobsalmela.com/raspberry-pi-ad-blocker-advanced-setup/

For the advanced setup, you will be creating a script that pulls known ad servers from multiple locations, not just one that was set up in the original script.

[…]

Below is the advanced gravity.sh script, or you can view the fully-commented version on Github. Be sure to modify the piholeIP variable (highlighted below) to the IP address of your Raspberry Pi. You may also want to use the commented version of the script because it contains some echo commands so you can see how far along in the process it is.
[…]
The original list of ad servers from pgl.yoyo.org was about 42KB but the aggregated list from the script above is 5.5MB with around 120,000 ad domains! That is a lot more ad servers we can now block with the Raspberry Pi!

It may take a while to install 5.5 MB of blocking list, but it will save far far more bandwidth than that over time. Especially for folks on a slow link, or where you must pay by the byte (as with my HotSpot), having ads you don’t want suck up your limited time and money is a royal PITA. Well worth the time and effort.

Eventually I need to clone this into a portable box with battery and use it as my personal WiFi router at places like Starbucks. (remote screen on box, log into Starbucks network, turn on Access Point, slide back to my laptop and be both better protected and without the rush of ads…)

For now, though, I’m just looking to update my home DNS / blocker…

Blocking DNS service is frowned upon by folks who find it im-pure and think DNS ought to be pristine and firewall / blocking only in your firewall server; but I find it remarkably effective. Do note that if you don’t have a responder running (like my Apache server light weight) some attempts to reach a site will ‘hang’ waiting for a response that never comes and timeouts can be long. I don’t know how Pi Hole addresses that as I’ve not done the install yet. Their use of a web interface to it implies to me, though, that they use a similar ‘web server on board’ approach.

For anyone wondering “For what could I possibly need a Raspberry Pi?”, there’s your answer.

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Tech Bits and tagged , , , , , . Bookmark the permalink.

9 Responses to Pi Hole, where to stick advertizing you don’t want…

  1. j ferguson says:

    Hi E.M.
    Another use. music streamer and slideshower. When we moved off boat to land SWMBO insisted on a bigger TV than i would ever have bought – 46 inch Samsung “Not-All-That-Smart-TV”. It feeds sound to what was state of the art in 1990 HI-FI: Nakamichi Receiver and B&O Speakers. TV is for PBS, Meet-the-press, Amazon, and Netflix. So it mostly sat there looking blank. But then I realized that we could use its built-in browser to stream yourclassical.org which we listen to when we’re up – all day. This worked well for about a year then yourclassical changed the feed method to one that the Samsung couldn’t read. I tried everything but to no avail. i bought a Pi, loaded up Raspbian, and chromium, added usb-bluetooth mouse and keyboard, fed the HDMI to the Samsung and was back in business. Then it occurred to me that it could show slides. installed feh and after the usual fussing came up with a script which works its way through the 28000 slides one by one at 10 seconds each and doesn’t forget where it was if there’s some sort of interruption.

    Slides live next to the MP3s on Western Digital 4TB Cloud which also handles auto back up for the two linux machines, SWMBO’s DAMNED Apple Air, the Sun Sparc10, the pc’s and the phones. I designed and printed a small case for it. Withal, it does exactly what I wanted although it is a Pi 3 and is a bit of overkill for this use. I didn’t need the Wi-Fi, nor some of its other features. I may do what you did to try to get the popup ads down to a dull roar.

    I’ve also come to run more of system on ethernet. the comcast router – an Arris is pretty nice and it has 4 ethernet ports. I ended up running the Sun and the CNC conmputer in the garage on Cisco transcievers which plug into the 110 outlets. WD MyCloud connects to router by ethernet too, but I was having problems with too much wi-fi load and wife would have problems printing raster files to the wi-fed printer. so tv and pi are now connected by Ethernet to the router.

    I looked but wasn’t able to come up with a good way to measure load and capacity of router’s wifi. but I did conclude you don’t want to stream slides and music over wi-fi if you also want to do heavy graphics printing, and scanning.

    cheers,

    john

  2. tallbloke says:

    I’m using the latest version of the opera web browser, which has ad blocking built in rather than as an add-on. Pretty good.

  3. beng135 says:

    I use the host file from:
    http://winhelp2002.mvps.org/hosts2.htm
    Works on windows/linux. Funny that you mention 12000 entries — I have over 13000. :) But I see no slowdown at all in browser speed. Testing, windows fails to ping the listed hosts entries, but does ping (very quickly) to 127.0.0.1 (localhost) in puppy linux (managed by dnsmasq).

    Gets updated every couple months, Don’t know how to test the file’s effectiveness, but I know that after a fresh OS install & an empty host file, I’m bombarded by endless ad-site connection attempts while browsing.

  4. E.M.Smith says:

    @Tallbloke:

    I like the browser based blocking as well, but the DNS grounding gives more control. I get to do things like block all of microsoft, for example, and the total database of coverage can be larger. So I’m more of a “belt AND suspenders” guy ;-) Use them all …

    @Beng135:

    Thanks for the pointer. I started with a file from (somewhere?) on my Windows PC laptop some years back… I’d update it, but the fan and battery died and it’s on the repair pile 8-{

    It is worth mention that there are single PC solutions out there…

    Part of what I like about having my own DNS Black Hole is that it works for any machine on the network without my needing to go do updates or maintenance on each machine. Even my tablet doesn’t get ads when at home.

    What I don’t like is the flip of that. When out at Starbucks, it does get ads… Thus my desire to make a portable one ;-)

    @John:

    Nice set up! Hadn’t thought of doing a slide show to the TV… Hmmm….

  5. j ferguson says:

    E.M.
    We’ve found a trip produces from 2k to 3k digital photos. There is now virtually no cost to taking a lot, other than sorting them for reduction to the 150 or so that you can show someone. One of the surprises of the results of all of this shooting is that of ten shots of the same thing, one or two will clearly be better. Taking some care in setting up the camera will insure reasonable exposure, and the short wait for the camera to focus is worth it. So there are few mechanically poor shots.

    Most recently we’ve been using a Panasonic Lumix DMC-FH25 16 megapixel. the pictures are astounding. Best of all, parts are cheap. lens was open when were sprayed with some sort of bug-spray by overzealous friend. i was never able to get the goo off. it didn’t affect focus much, nor resolution, but the flare became unbearable. I was able to buy another lens assembly on Ebay for $28, remove the old one, transfer its sensor to the new one and reassemble back to new condition.
    Only other cost was an ‘official’ JST #1 cross-blade screwdriver (looks like Phillips but isn’t. No buggered screws.

    Dad died in September and left me a crate full of Nikon lenses. So I bought a Sony Alpha 7 which can use them with an adapter. True, no auto-focus but now I can control depth of field. Also shutter speed. It has an OLED eyelevel finder which gives you same light level no matter how much you’ve stopped down lens. It’s wonderful and about to get good field test in next week’s trip to Izmir. I’m just going to take the 20mm, the 50, and the 100. Rest are too big and too heavy.

    I suspect that you have gigs of photos. I’f you’d like i can send you the script I’m using and a shor explanation of how it works.

    Good to see you are alive and well and I assume still in CA.

    John

  6. j ferguson says:

    I should add that with a slide show, photos need not be culled, we show all of them.

  7. E.M.Smith says:

    @John:

    Please do send the script.

    FWIW, I have a set of Nikon lenses AND a set of Minolta Maxxum lenses (that work on the Sony Alpha of some number). I didn’t know that there was an Alpha that used Nikon lenses… Hmmm…

    I’ve thought of getting an Alpha to put the Minolta lenses back in play. It’s a fairly complete set. But the original Alpha was a bit small for my hand (sized for Japanese?) and my fingers felt ‘cramped’ on it. Is this one any larger?

    As to “where I am”: I’m “bicoastal” at the moment. Start of the year was Florida, at the moment in California doing some “clean up and fix up and packing up” and later in the year back in Florida. It takes rather a lot to move a lifetime of stuff to a new place and fix up 30 years of differed maintenance ;-) Oh, and finding a new place… 8-} And a new job 8-{ and…

    I had thought middle of year would be back in Florida too, but some health issues came up. Now resolved. (And I no longer have to ‘play chauffeur’… )

  8. j ferguson says:

    E,M,
    I agree about size of the Alpha. I bought a Neewer L-Bracktet for $17 from Amazon. I removed the vertical part and use only the base. this made the thing comfortable for me to hang on to. Difference was amazing. A superb manual is also available which is written for users assumed to be intelligent by a very sharp couple. it could be a good model for how to write a manual for smart people who don;t yet know the subject.

    script and other recommendations to follow via email.

    best,

    john

  9. Neal says:

    If you also install pivpn on the same raspberry pi, you can connect to your home network from Starbucks via an OpenVPN connection and get the same great ad blocking.

Anything to say?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s