top of page
Search
Writer's pictureTenaka

Pi-hole Ad and Malware Blocker Setup

Updated: Jul 12, 2023

Introduction

Pi-hole provides numerous benefits as a network-wide ad blocker and privacy tool. It eliminates annoying ads and pop-ups across all devices, resulting in a cleaner and more streamlined browsing experience.


By blocking ad-related domains, Pi-hole accelerates webpage loading times, saving bandwidth and reducing data consumption.


It also enhances online security by blocking access to malicious domains and preventing tracking and data collection by advertisers.


Overall, Pi-hole offers an effective and convenient solution to improve browsing speed, reduce data usage, bolster privacy, and enhance online security and this is a guide on how to setup a pi-hole.


EtherApe

Using EtherApe, I'm going to demonstrate the effectiveness of Pi-hole on a well established bastion of truth and a British institution (cough) and particularly high in Adverts, the Dailymail.


Before the Pi-hole is enabled there's numerous and sustained....

Video pop-ups

Header Ads

Ads on both sides of the news articles

The network noise is... outrageous, both in the number of connections to Ad-sites and the amount of traffic, represented by the heat map.

After the Pi-hole is enabled:

Video pop-ups - gone

Header Ad - gone

Ads on both sides of the news articles - gone

EtherApe is showing a much calmer heat map with farless outbound connections.


Equipment

The following equipment is required, mines from Amazon.


Raspberry Pi 4 Model B - £97.99

SanDisk 128Gb Extreme microSDXC - $16.99

Raspberry Pi 4 USB-C Power Supply - £11.99

Total £126.17



Raspberry Pi Installation

Raspberry Pi makes downloading and burning the image to SSD easy, needing only the Imager executable.


Download and install from https://www.raspberrypi.com/software, the wizard will guide you through the burning process.

Run the Imager and select Operating System.

Select 'Raspberry Pi OS (64-bit)'.

Insert the microSSD into the PC and select Storage and then choose the correct storage.

Click on the cog:

Set credentials, used to manage the pi-hole.

Enable SSH

Save

Click on Write and Yes to the warning message.

The writing process takes a while, its exhausting work, go and top up with a coffee.

Click continue.

If the Format Disk message appears select Canel.

Remove the microSD card from the PC and insert it into the Raspberry Pi device.


Attach the power and ethernet cables, it will power on automatically.


Pi-hole installation

There are a couple of options for the initial configuration, including connecting a monitor, keyboard and mouse.


I've opted for interrogating DHCP for the IP address of the pi-hole, then reserving.


Putty to the to the IP address.

Type admin and the password set earlier.

The first item on the itinerary is installing the latest patches for Raspberry Pi :

sudo apt-get update

sudo apt-get upgrade


I'm stuck behind a firewall and need to point the pi-hole to an internal timesource.


Configure NTP.

sudo nano /etc/systemd/timesyncd.conf

NTP=192.168.0.249


To save changes.

Ctrl + o (output to file)

Ctrl + x (exit file)


sudo timedatectl set-ntp true

sudo reboot


Log back on via Putty


Installing Pi-hole is one command, followed by a wizard.


Click Ok to start the Pi-hole configuration.

Read and then click Ok.

Continue.

Yes to set the current IP address assigned.

Ignore, the IP has been reserved in DHCP.

Select the preferred DNS server or add custom DNS entries.


You may wish to consider doubling up on the DNS filtering with the following free services.


OpenDNS provides Family Sheild for blocking adult content:

  • 208.67.222.123

  • 208.67.220.123

Cloudflare provides 1.1.1.1 for Families with the following 2 options

Malware Blocking Only:

  • 1.1.1.2

  • 1.0.0.2

Malware and Adult Content

  • 1.1.1.3

  • 1.0.0.3

Yes to install the default block list.

Yes to install the Admin Web Interface.

Yes to install the pre-requisites.

Yes to enable logging.

Of course, I want to see everything.

Make a note of the Web Admin password and Ok.


The Web Admin password will be updated to something more complex later.


Pi-hole Configuration

Open a browser and enter the IP of the Raspberry Pi, enter the Web Admin password.

Clearly, the most important issue to resolve is the interface, go to the Web Interface in Tools and set the Start Trek theme.

Pi-hole block lists are extensible, consider adding the following adlists.


Don't feel it necessary to add all the lists at once, one at a time and test, some lists may be too restrictive and you'll be forever whitelisting.


Adaway Default Blocklist: Blocking ads and known tracking domains.

  • https://adaway.org/hosts.txt


OISD: Blocks most Ad, Malware, Porn etc.

  • https://oisd.nl/setup


EasyList: A popular list that blocks various types of ads.

  • https://easylist.to/easylist/easylist.txt


EasyPrivacy: A list that focuses on blocking privacy-invading trackers.

  • https://easylist.to/easylist/easyprivacy.txt


MVPS: Blocks ads, banners, and known malicious sites

  • http://winhelp2002.mvps.org/hosts.txt

AD Guard DNS Filter: A DNS filter list by AdGuard that blocks ads and trackers.

  • https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt


Chad Mayfield: Porn Filter

  • https://raw.githubusercontent.com/chadmayfield/my-pihole- blocklists/master/lists/pi_blocklist_porn_all.list


Click on ADLists and add the URL's.

Pi-hole won't automatically block the additional lists, they require processing.


Click on Tools and then Update Gravity and Update.


Gravity will require monthly checks as the online lists are amended.

Updating the Web Admin Password to something a little more complex via Putty. Login with admin and the initial password set in Imager, then type the following.

pihole -a -p

Maintenance

Updating Raspberry Pi and Pi-Hole is essential for security and stability. Regular updates patch vulnerabilities, protecting against cyber threats. They improve system performance and fix bugs.


Every month run the following commands by logging in via Putty and the admin account.


Update Raspberry Pi OS

apt-get update

apt-get upgrade


Update Pi-hole

pihole -up


Update Gravity

pihole -g


Update the Client's DNS Settings


Home User

For home users, DNS, the bit that resolves domain names to IP addresses is handled by the router, either BT, Virgin or Sky etc. Due to the different types of router and potential configurations I'm unable to provide clear and concise guidance. The router's DNS settings need updating to that of the IP of the pi-hole.


My Setup

Meh what can I say, it flips between 2 configurations depending on the cost of energy, my preferred setup is definetly off the cards at this moment.


Current config, a pair of Pi-holes act as DNS proxies, with forwarders from the Domain Controllers (DC's). All client resolution is via the DC's.


Or my preferred setup. The clients point their DNS to a pair of Pi-holes, these pass any queries on to the DC's and finally proxy out via a pair of synology NAS's. The benefit of this config, the Pi-holes log the clients hostnames. The downside is the cost of running the hardware.



Thanks for your time and support by reading this blog. If you found it useful, please share.

38 views0 comments

Recent Posts

See All

Credential Stuffing

Reusing passwords across multiple accounts can put you at significant risk because hackers can exploit this practice through a technique...

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page