Advice Request Pi-hole - Network-wide Ad Blocking (And do you use it?)

Please provide comments and solutions that are helpful to the author of this topic.

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Homepage: Pi-hole®: A black hole for Internet advertisements
Blog: Pi-hole Web Interface: The Next Generation
Reddit: A subreddit dedicated to Pi-hole® • r/pihole
Discourse: Pi-hole Userspace

  • Block Over 100,000 Ad-serving Domains - Known ad-serving domains are pulled from third party sources and compiled into one list.
  • Block Advertisements On Any Device - Network-level blocking allows any device to block ads, regardless of hardware or OS.
  • Improve Overall Network Performance - Since ads are blocked before they are downloaded, your network will perform better.
  • Reduce Cellular Data Usage - Pair your Pi-hole with a VPN for on-the-go ad-blocking and save on data costs.
  • Monitor Performance And Statistics - The Web interface shows how many ads were blocked, a query log, and more.

Does anyone use this method for their own network? Ease of use? How to setup for inexperienced Linux users? Maintenance and upkeep? Best hardware to use?
 

ozone

Level 3
Verified
Jan 17, 2017
97
on youtube there are several guide how setup pihole
it should take around 1 hour or less to setup everything
for hardware it does not matter which raspberry model you use, but I would use model 2 or 3

this is "very basic" guide
1a) get minimum hardware: Raspberry Pi, 5V 2,5A+ power supply, microSD or get kit
1b) get accessories: case, network cable, (heatsink for model 3), ...
2) download OS Download Raspbian for Raspberry Pi and Etcher by resin.io to burn it on microSD card
3) update and set OS, and install pi hole (youtube guides)
4) set static IP for Raspberry Pi, change DNS in your router to that IP (again youtube guides)
5) you can access pihole via your browser (add some filters - e.g. The Big Blocklist Collection, change DNS, ...) (and again youtube guides)
 
F

ForgottenSeer 58943

I shall refer to @ForgottenSeer 58943 for this. He seems to have the most experience with Pi-hole.

Pi-Hole is the single most important, most secure thing anyone can do for their networks. Period. Bar None. It places DNS under your control. It gives you absolutely remarkable control over egress from your network. It protects every device on your network, phones, tablets, desktops, laptops, thermostats, etc. It speeds web page loading by at least 25-50% due to the local DNS resolution caching.

It takes an hour or less to study and setup a Pi-Hole.

Step 1: Buy this (and add an MicroSD card to it) https://www.amazon.com/gp/product/B01D92SSX6
Step 2: Wait for it to arrive.
Step 3: Burn a USB w/ Raspbian. Download Raspbian for Raspberry Pi
Step 4: Plug your Pi-Hole into a monitor or TV with HDMI w/Keyboard+Mouse, boot off the USB, install Raspbian.
Step 5: Once Raspbian is done open terminal, type: curl -sSL https://install.pi-hole.net | bash
Step 6: Point your router to the IP Address of Pi-Hole. Point Pi-Hole to a DNS Forwarder (9.9.9.9, etc)
Step 7: Go to any PC, login to Pi-Hole (IP Address\admin, aka 192.168.1.200\admin)
Step 8: Add curated blacklists. Mirrored Lists ¦ Firebog
Step 9: Enjoy life.

That's it.. Really. Now the secret is, to use good curated blacklists.. Such as the ones at Mirrored Lists ¦ Firebog as noted above.. I block about 700,000 ad/tracker/spyware/coinminer domains. On average, 40-50% of ALL of my DNS traffic is blocked by Pi-Hole as being either malicious/ad/tracker/spy/coin.. Without a Pi-Hole the vast majority of those would hit your network.

So yeah.. Everyone should spend the $60 and setup a Pi-Hole.

6FqLpw.png
 

MeltdownEnemy

Level 7
Verified
Well-known
Jan 25, 2018
300
Excellent ideas inspirated on the space blackhole to swallow surrounding cosmic material, pi-hole who's come to shields our affected router against harassers ads and exploiters miners, you can to arm an amazing hosts cocktail list (malware, trackers, spyware,botnets, everything what is shared by comunities at different hostings. I didn't know anything about that something like this could be done. everyone should spare money to buy a raspberry pi that will be dedicated only for this task ..
 
F

ForgottenSeer 58943

Excellent ideas inspirated on the space blackhole to swallow surrounding cosmic material, pi-hole who's come to shields our affected router against harassers ads and exploiters miners, you can to arm an amazing hosts cocktail list (malware, trackers, spyware,botnets, everything what is shared by comunities at different hostings. I didn't know anything about that something like this could be done. everyone should spare money to buy a raspberry pi that will be dedicated only for this task ..

I almost consider it a requirement.

I have a SPARE Pi-Hole built out for myself that goes with me when I travel. I plug it into the AirBNB router, set the router to point to it, and relax.. Great on the move security you can take anywhere. Obviously it requires you to get into the router admin, if you can (and whatever way you can). If not, then you should be looking at something like a RATrap sitting in front of the router providing security. Or direct your clients to the Pi-Hole DNS manually on the network.
 

DavidLMO

Level 4
Verified
Dec 25, 2017
158
Anything similar that can run on a Windows PC?

When I make the move to Linux, I will be looking at this. What a wonderful idea.
 

MeltdownEnemy

Level 7
Verified
Well-known
Jan 25, 2018
300
I almost consider it a requirement.

I have a SPARE Pi-Hole built out for myself that goes with me when I travel. I plug it into the AirBNB router, set the router to point to it, and relax.. Great on the move security you can take anywhere. Obviously it requires you to get into the router admin, if you can (and whatever way you can). If not, then you should be looking at something like a RATrap sitting in front of the router providing security. Or direct your clients to the Pi-Hole DNS manually on the network.

Excelent thank you my buddy ForgottenSeer 58943 for tips,I will follow your recommendations firmly, and when the fortnight arrives, I will buy the raspberry pi, but i will have to purchase throuth the internet directly from store or amazon, where I live there are only basic things, those mini linux pcs are rare to get.
 

ozone

Level 3
Verified
Jan 17, 2017
97

ozone

Level 3
Verified
Jan 17, 2017
97
Not pi-hole, but you can use dnscrypt-proxy in similar way.
Latest Simple Dnscrypt now allows configuring domain blacklist.
You will have system wide "adblocker".
You can also use filters for pi-hole.

Release 0.5.1 · bitbeans/SimpleDnsCrypt · GitHub

1) After installation click on gear (up left) and check Show "Domain Blacklist" Tab, you can also check block log tab
2) in Domain Blacklist Tab click on + symbol (second one, below; we want blacklist not whitelist)
add filters (must start with http or https) or single domain you want to block
3) click on button with "stars" ? to generate blacklist
4) now go to log tab and open some site with ads to check if it works
 
Last edited:
  • Like
Reactions: ZeroDay
F

ForgottenSeer 58943

I built a new Pi-Hole server this weekend. I was getting very aggressive with my blocklists, approaching a million domains. The poor little guy I had before was running 120'F-140'F range, probably too hot for the upcoming summer. The new guy has top and bottom heat sinks and a cooling fan. It's running only 82'F right now blocking about a million domains.

45kQDn.png
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Blocking a million URL's 👍👍👍

Wikipedia said:
An online advertising network or ad network is a company that connects advertisers to websites that want to host advertisements. (link)

Peter Low said:
The ad banners that you see all over the web are stored on servers. So, if you have a list of the servers used for ad banners, it's easy to stop ad banners even getting to your browser. (link)

You don't need to block ads on the websites you visit, you just need to block the ad-networks serving ads to the websites you visit
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Handsome Recluse's solution for blocking future ad networks

SoothsayGuard first AI-driven next gen ad-blocker from mid-earth

bol.jpg


p.s. also works great against unknown exploits and future ransomware
 
F

ForgottenSeer 85179

My PiHole filterlists:
Code:
https://mirror1.malwaredomains.com/files/justdomains     
https://v.firebog.net/hosts/static/w3kbl.txt     
https://v.firebog.net/hosts/AdguardDNS.txt     
https://v.firebog.net/hosts/Easylist.txt     
https://v.firebog.net/hosts/Easyprivacy.txt     
https://v.firebog.net/hosts/Prigent-Ads.txt     
https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt     
https://mirror.cedia.org.ec/malwaredomains/immortal_domains.txt     
https://www.malwaredomainlist.com/hostslist/hosts.txt     
https://v.firebog.net/hosts/Prigent-Malware.txt     
https://phishing.army/download/phishing_army_blocklist_extended.txt     
https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt     
https://v.firebog.net/hosts/Shalla-mal.txt     
https://raw.githubusercontent.com/anudeepND/blacklist/master/CoinMiner.txt     
https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SessionReplay.txt     
https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt     
https://raw.githubusercontent.com/Yhonay/antipopads/master/hosts     
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/StreamingAds/hosts     
https://raw.githubusercontent.com/Akamaru/Pi-Hole-Lists/master/fakenewsde.txt     
https://raw.githubusercontent.com/revengeday/axelspringerblocker/master/hosts     
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt     
https://zerodot1.gitlab.io/CoinBlockerLists/hosts     
https://www.der-windows-papst.de/wp-content/uploads/2019/09/Block-Emotet-IPs-manuell.txt     
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext     
https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt     
https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt     
https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser     
https://hostfiles.frogeye.fr/firstparty-only-trackers-hosts.txt     
https://www.github.developerdan.com/hosts/lists/amp-hosts-extended.txt     
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts     
https://raw.githubusercontent.com/MetaMask/eth-phishing-detect/master/src/hosts.txt     
https://mirror1.malwaredomains.com/files/immortal_domains.txt     
https://blocklist.site/app/dl/drugs     
https://blocklist.site/app/dl/piracy     
https://blocklist.site/app/dl/proxy     
https://blocklist.site/app/dl/ransomware     
https://blocklist.site/app/dl/torrent     
https://zerodot1.gitlab.io/CoinBlockerLists/hosts_optional     
https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt     
https://raw.githubusercontent.com/Akamaru/Pi-Hole-Lists/master/mobile.txt     
https://raw.githubusercontent.com/infinitytec/blocklists/master/scams-and-phishing.txt     
https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt     
https://raw.githubusercontent.com/nextdns/cname-cloaking-blocklist/master/domains     
https://someonewhocares.org/hosts/ipv6/hosts     
https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt     
https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt     
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts     
https://ssl.bblck.me/blacklists/hosts-file.txt     
https://raw.githubusercontent.com/Akamaru/Pi-Hole-Lists/master/smarttv.txt     
https://raw.githubusercontent.com/Akamaru/Pi-Hole-Lists/master/jbfake.txt     
https://raw.githubusercontent.com/Akamaru/Pi-Hole-Lists/master/gamefake.txt     
https://raw.githubusercontent.com/Akamaru/Pi-Hole-Lists/master/cryptomine.txt     
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts     
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts     
https://raw.githubusercontent.com/mitchellkrogza/Badd-Boyz-Hosts/master/hosts     
https://raw.githubusercontent.com/stamparm/blackbook/master/blackbook.txt     
https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt     
https://github.com/infinitytec/blocklists/raw/master/ads-and-trackers.txt     
https://github.com/infinitytec/blocklists/raw/master/scams-and-phishing.txt     
https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts_without_controversies.txt     
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt     
https://winhelp2002.mvps.org/hosts.txt     
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/notserious     
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/Streaming     
https://raw.githubusercontent.com/RPiList/specials/master/Blocklisten/spam.mails     
https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt     
https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt     
https://urlhaus.abuse.ch/downloads/hostfile/     
https://raw.githubusercontent.com/nextdns/bittorrent-blocklist/master/domains     
https://someonewhocares.org/hosts/hosts     
https://block.energized.pro/blu/formats/hosts.txt     
https://dbl.oisd.nl/

I also use these RegEx blacklists:
Code:
^(.+\.)?amp\..+\.com$
^(.+\.)?ampproject\.org$
Both are blocking (Google) AMP privacy madness crap

Of course i use a Whitelist. If someone is interested, i would publish it.
Also have fun with that lists!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top