Last active
February 12, 2017 21:01
-
-
Save tuklusan/6da6d0aa20b1efc206af3b0b04977ca0 to your computer and use it in GitHub Desktop.
Create Your Own ad-blocker, malware blocker and ransomware blocker internet security gateway: http://supratim-sanyal.blogspot.com/2016/07/add-simple-ad-blocker-with-dnsmasq-to.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # -- | |
| # adblocker-dnsmasq.sh | |
| # Rev 6 | |
| # | |
| # Complete guide to creating your own ad-blocking, malware blocking and ransomware-blocking internet gateway: | |
| # http://supratim-sanyal.blogspot.com/2016/07/add-simple-ad-blocker-with-dnsmasq-to.html | |
| # | |
| # Assuming dnsmasq is configured so that it reads configuration files from /etc/dnsmasq.d, this | |
| # script grabs ad, malware and ransomware server lists from yoyo and other places, saving "address=/xxxxxx.com/10.42.2.1" and | |
| # "server=/xxxxxx.com/" format files in dnsmasq configuration directory so that requests to the listed ad servers | |
| # are redirected to a local LAN address or fail. It restarts dnsmasq afterwards. | |
| # | |
| # OUTPUT FILES: | |
| # 1) /etc/dnsmasq.d/adblocklist.conf with lines like "address=/xxxxxx.com/10.42.2.1" | |
| # 2) /etc/dnsmasq.d/adblockserverlist.conf with lines like "server=/xxxxxx.com/" | |
| # 3) /etc/dnsmasq.d/adblocklist-from-vps.conf - grabbed from my VPS at http://sanyalnet-cloud-vps.freeddns.org/adblocklist.conf | |
| # | |
| # This should be put in a weekly cron job, perhaps using a file in /etc/cron.d/update-adblocker-dnsmasq like this: | |
| # #/etc/cron.d/update-adblocker-dnsmasq | |
| # SHELL=/bin/bash | |
| # PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin | |
| # MAILTO="" | |
| # HOME=/ | |
| # # Every 7 days (each Wednesday midnight) update dnsmasq ad server block lists | |
| # 0 0 * * 3 * root /root/adblocker/adblocker-dnsmasq.sh>/var/log/adblocker-dnsmasq.log 2>&1 | |
| # | |
| # Initial implementation tested on a massively modified CentOS-based ClearOS Community release 6.6.0 (Final) | |
| # server with Dnsmasq version 2.72. | |
| # Linux anubis-clearos.sanyalnet.lan 2.6.32-573.1.1.v6.x86_64 #1 SMP Fri Aug 21 13:24:06 MDT 2015 x86_64 x86_64 x86_64 GNU/Linux | |
| # | |
| # License: GNU AGPLv3 http://tuklusan.decsystem.org/agpl-3.0.txt | |
| # | |
| # Supratim Sanyal, Germantown, MD | |
| # http://supratim-sanyal.blogspot.com/ | |
| # e-mail form: http://mcaf.ee/sdlg9f | |
| # -- | |
| # The following is the IP address that ad server domains will be forced to resolve to | |
| # This IP runs a little http server that returns HTTP 502 and logs the ad request (so that I can see all ad requests being | |
| # blocked in real time). See http://supratim-sanyal.blogspot.com/2016/07/httpd410server-tiny-free-web-server-to.html | |
| #------------------------ | |
| IP='10.42.2.1' | |
| #------------------------ | |
| # -------------------- | |
| # get list from yoyo.org, and | |
| # create /etc/dnsmasq.d/adblocklist.conf with lines like "address=/xxxxxx.com/10.42.2.1" | |
| # -------------------- | |
| # get https://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext into /etc/dnsmasq.d/adblocklist.conf | |
| /bin/mv /etc/dnsmasq.d/adblocklist.conf /tmp/adblocklist.conf.bak | |
| /usr/bin/wget --no-check-certificate -q -O /etc/dnsmasq.d/adblocklist.conf "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext" | |
| if [ "$?" -ne "0" ]; then | |
| /bin/logger -p cron.err "ad blocklist updater: wget adblocklist failed" | |
| echo "ad blocklist updater: wget adblocklist failed" | |
| /bin/mv /tmp/adblocklist.conf.bak /etc/dnsmasq.d/adblocklist.conf | |
| else | |
| # The following line repoints 127.0.0.1 in the blocklist to a little http server running on my network that | |
| # returns HTTP 502 and logs the ad request (so that I can see all ad requests being blocked at real time) | |
| /bin/sed -i "s/127.0.0.1/$IP/g" /etc/dnsmasq.d/adblocklist.conf | |
| fi | |
| # -------------------- | |
| # get lists from many sources, and | |
| # create /etc/dnsmasq.d/adblockserverlist.conf with lines like "server=/xxxxxx.com/" | |
| # -------------------- | |
| # this part is adapted from the adblocker for dd-wrt from http://jazz.tvtom.pl/download/dd-wrt/adblock | |
| # the idea is even if we fail to get a list from yoyo this will still provide a list | |
| HOSTSTEMP='/tmp/adserver-hosts.tmp' | |
| HOSTSDENY='/etc/dnsmasq.d/adblockserverlist.conf' | |
| BLACKLISTS='https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt | |
| http://adaway.org/hosts.txt | |
| http://adblock.gjtech.net/?format=unix-hosts | |
| http://hosts-file.net/ad_servers.txt | |
| http://jazz.tvtom.pl/download/hosts | |
| http://mirror.cedia.org.ec/malwaredomains/justdomains | |
| http://palevotracker.abuse.ch/blocklists.php?download=domainblocklist | |
| http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts;showintro=0;mimetype=plaintext | |
| http://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt | |
| http://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt | |
| http://someonewhocares.org/hosts/hosts | |
| http://sysctl.org/cameleon/hosts | |
| http://winhelp2002.mvps.org/hosts.txt | |
| http://www.dshield.org/feeds/suspiciousdomains_Low.txt | |
| http://www.malekal.com/HOSTS_filtre/HOSTS.txt | |
| http://www.malwaredomainlist.com/hostslist/hosts.txt | |
| http://malwaredomains.lehigh.edu/files/justdomains | |
| http://zeustracker.abuse.ch/blocklist.php?download=hostfile' | |
| # + --- | |
| # WHITELIST - DO NOT BLOCK THESE DOMAINS | |
| # + --- | |
| WHITELIST='localhost | |
| apple.com | |
| twitter.com | |
| localhost.localdomain' | |
| : > $HOSTSTEMP | |
| for url in $BLACKLISTS ; do | |
| /usr/bin/wget --no-check-certificate -O- $url | /bin/cut -d '#' -f 1 | /bin/grep -E -o '([a-zA-Z0-9](-?[a-zA-Z0-9])*\.){1,}[a-zA-Z]{2,}' | /bin/sed 's/.*/127.0.0.1 \0/g' >> $HOSTSTEMP | |
| done | |
| #echo 'Sorting' | |
| /bin/sort $HOSTSTEMP | /usr/bin/uniq > $HOSTSDENY | |
| for site in $WHITELIST ; do | |
| /bin/sed -i "/^127\.0\.0\.1 $site/d" $HOSTSDENY | |
| done | |
| /bin/sed -i "s/^127\.0\.0\.1 /server=\//g" $HOSTSDENY | |
| /bin/sed -i "s/\$/\//g" $HOSTSDENY | |
| # ------------ | |
| # Grab the advertisement domain block list I maintain independently on my VPS | |
| # ------------ | |
| curl -o /etc/dnsmasq.d/adblocklist-from-vps.conf http://sanyalnet-cloud-vps.freeddns.org/adblocklist.conf | |
| /bin/sed -i "s/0.0.0.0/$IP/g" /etc/dnsmasq.d/adblocklist-from-vps.conf | |
| # restart dnsmaq | |
| /sbin/service dnsmasq restart | |
| # report what we have done | |
| date | |
| echo | |
| echo | |
| echo --- | |
| echo /etc/dnsmasq.d/adblocklist.conf: | |
| echo --- | |
| cat /etc/dnsmasq.d/adblocklist.conf | |
| echo --- | |
| echo | |
| echo | |
| echo --- | |
| echo /etc/dnsmasq.d/adblockserverlist.conf: | |
| echo --- | |
| cat /etc/dnsmasq.d/adblockserverlist.conf | |
| echo --- | |
| echo | |
| echo | |
| echo --- | |
| echo /etc/dnsmasq.d/adblocklist-from-vps.conf | |
| echo --- | |
| cat /etc/dnsmasq.d/adblocklist-from-vps.conf | |
| echo --- | |
| echo | |
| /sbin/service dnsmasq status | |
| # -- | |
| # if lighttpd document root is present, copy the blocklist there (for web access by others) | |
| # -- | |
| if [ -d "/var/www/lighttpd/" ]; then | |
| cp -f /etc/dnsmasq.d/adblocklist.conf /var/www/lighttpd/ | |
| chown lighttpd:lighttpd /var/www/lighttpd/adblocklist.conf | |
| chmod a+r /var/www/lighttpd/adblocklist.conf | |
| fi | |
| echo | |
| echo That is all folks. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment