Instructions using a physical Raspberry Pi (or compatible SBC). This guide was written for the CryptoAUSTRALIA Pi-hole workshop.
This is the version of the workshop if you're using a Raspberry Pi. If you want the VM version of these instructions, look here.
Author: Nick Kavadias (CryptoAUSTRALIA)
- Download the latest version of Raspbian Lite We will also have copies available during workshop. You can verify that the image hashes match too.
- Download and install Etcher
- Insert sd card compatible with your RPi and start Etcher. Select the Raspbian Lite zip image and click Flash! If you get errors, double check that your SD Card/reader hasn't been set to 'lock'
Optional: Edit the boot directory on the image (do this if you do not know your MAC address and want an easy way to find your device in the workshop)
- Make sure you are dealing with the first partition on sd card (this should be readable on a Windows/Mac computer)
- Create an empty file called ssh to turn on ssd at boot.
touch ssh
- add the following to the end of cmdline.txt to change the mac address of the device, make it unique. Hex values only, i.e. 0-9,A-F
smsc95xx.macaddr=B8:AA:12:34:56:FF
-
this is the hardest part of the workshop!
-
Plug your device into the network with ethernet and power it. Should see a red flashy light.
-
Try to following steps in order, depending on the specific setup for workshop there may be varying levels of success with each, find out what works.
-
Make sure your laptop is plugged into the same network, and try to ping the default hostname .
ping raspberrypi
-
Scan the network, then check arp cache on your laptop and look for your mac address. On Windows this is
arp -a
command.- Simple scanner try Angry IP Scanner
- You can also use NMap
- or masscan if you want to DoS the network
-
All else fails, plug it into a monitor and see if its booting. You should see a message with the IP address come up
-
should have got the ip address from previous step. ssh into your device
ssh pi@<ipaddress>
. The default username is pi, default password is raspberry -
Change your hostname with
sudo nano /etc/hostname
. If you don't like nano as a text editor, you can install vim withsudo apt install vim
-
Change the password of your device with
passwd
-
Ready to run the Pi-hole installer, run the following command, as per the Pi-hole website:
# curl -sSL https://install.pi-hole.net | bash
This command should kick off the automated installer.
-
Once installer starts, you can use arrow keys to navigate and space or enter to accept
-
Ok all the prompts. Pick an upstream DNS provider. This is the upstream provider your Pi-hole will use, from here, you can basically accept all the defaults.
-
Accept changes the network settings to a static IP;
-
accept installing the web admin interface; and
-
accept logging queries.
- (Optional) Change the webadmin password:
# pihole -a -p
note: password currently set to raspberry, we have included it in instructions as its good practice and cannot be done in webadmin gui.
- If you are curious what other console commands pihole has, try
$ pihole -h
. Also,-c
looks like an interesting switch!
- Serveral ways of doing this depending on your operating system.
- On Windows, you can use a utility called Simple IP Config
- On a Linux type system you can try
echo "namserver <ipaddress> >/etc/resolv.conf
-
Open up a browser on your laptop and navigate to
http://<ipaddress>/admin
where is the actual ip address found in previous step. -
If the stats are looking sad, click open another browsing window on your computer and try some websites with lots of ads.
-
Go back and check the Pi-hole admin dasboard, it should be populated with statistics now. If it is not, make sure you have set the DNS server on your computer to use your Pi-hole device.
Add some new lists:
-
There are some great additional block lists you can add over the default. The default blocklists are stored in
/etc/pihole/adlists.list
. -
You can use the admin portal to add more lists. On the left hand side of web admin portal menu, go to Settings, then click on the + Pi-hole's block lists.
-
Wally3k maintains a good list of block lists compatible with Pi-hole at https://wally3k.github.io/
-
Consider adding CryptoAUSTRALIA's favourite block lists
https://hosts-file.net/exp.txt
- Websites hosting exploitshttps://hosts-file.net/emd.txt
- Websites hosting malwarehttps://hosts-file.net/psh.txt
- Phishing websiteshttps://www.malwaredomainlist.com/hostslist/hosts.txt
- Does what it says on the tin, a list of malware domainshttps://v.firebog.net/hosts/Airelle-hrsk.txt
- Airelle's phishing domainshttps://v.firebog.net/hosts/Shalla-mal.txt
- Shalla's Blacklistshttps://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
- Ransomware Tracker - Ransomware block list (general list)https://ransomwaretracker.abuse.ch/downloads/LY_C2_DOMBL.txt
- Ransomware Tracker - Ransomware block list (+ Locky)https://ransomwaretracker.abuse.ch/downloads/CW_C2_DOMBL.txt
- Ransomware Tracker - Ransomware block list (+ CryptoWall)https://ransomwaretracker.abuse.ch/downloads/TC_C2_DOMBL.txt
- Ransomware Tracker - Ransomware block list (+ TeslaCrypt)https://ransomwaretracker.abuse.ch/downloads/TL_C2_DOMBL.txt
- Ransomware Tracker - Ransomware block list (+ TorrentLocker)http://www.networksec.org/grabbho/block.txt
- ThreatExpert.com malware and adware block listhttps://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- Unified list for blocking adware and malwarehttps://isc.sans.edu/feeds/suspiciousdomains_Medium.txt
- DShield.org suspicious domains (Medium)http://someonewhocares.org/hosts/hosts
- Dan Pollock's list blocking ads and spywarehttps://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt
- Block Windows 10 telemetry domainshttps://v.firebog.net/hosts/static/SamsungSmart.txt
- Block Samsung SmartTV trackershttps://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
- Disconnect.me anti-malvertisinghttps://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
- Disconnect.me ad-blockerhttps://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
- Disconnect.me anti-trackinghttps://raw.githubusercontent.com/StevenBlack/hosts/master/data/SpotifyAds/hosts
- Block Spotify Free Adshttps://gist.githubusercontent.com/anudeepND/adac7982307fec6ee23605e281a57f1a/raw/5b8582b906a9497624c3f3187a49ebc23a9cf2fb/Test.txt
- Block YouTube adshttps://v.firebog.net/hosts/Easylist.txt
- EasyList (same feed as in uBlock/Adblock browser plugins)http://www.joewein.net/dl/bl/dom-bl.txt
- jwSpamSpy - Domains from Spam emails
-
Paste the URL into the admin page textbox and wait
-
Sometimes you'll find a website is behaving strange. If you think Pi-hole is to blame, you can click Disable -> 5 minutes You can then try reloading the page.
-
You can also look at the query log and then click status & sort by what's been blocked. You can try whitelisting the site by clicking whitelist button and see if that fixes it. If it doesn't, you can then remove the site you just whitelisted by going to Whitelist and removing it.
- Add the following sites to your blacklist. Make sure googlevideo.com domains are added as wildcards.
- This won't work if you're using Chrome. Refer to this discussion.
-
Open up terminal and try:
$ nslookup googleads.g.doubleclick.net
-
Compare previous result to resolving directly against Google's DNS servers:
$ nslookup googleads.g.doubleclick.net 8.8.8.8
-
Try visiting http://googleads.g.doubleclick.net in a web browser, the web page should be blocked
-
Try visiting http://googleads.g.doubleclick.net/test.js, the JavaScript file should be just one line long
-
(new for v3.2) Try setting up a custom block page creating
/var/www/html/pihole/custom.php
. -
(new for v3.2) Setup a contact email on the block page,
pihole -a email [email protected]
-
If want to take your Pi-hole config back home to use without setting it back up from scratch, be aware your RPi has now been confiured with a static IP address with the details on the workshop network.
-
To avoid having to plug your RPi into a monitor/keyboard/mouse when you get back home, do the following:
-
Edit the /etc/dhcpcd.conf file and remove the static ip settings:
sudo su
nano /etc/dhcpcd.conf
- Delete the following last 3 lines in the file which set a static IP:
interface eth0
static ip_address=x.x.x.x/x
static routers=x.x.x.x
static domain_name_servers=x.x.x.x
-
You will need to re-run the Pi-Hole installer when you get home to reconfigure the services with your home IP. i.e. the ssh into your Raspberry Pi device step
If you are stuck or need more information, tweet CryptoAUSTRALIA on Twitter or ping us on Slack
Thanx