top of page
Search

Pi-hole Ad and Malware Blocker Setup

Updated: May 5

Introduction

Pi-hole provides numerous benefits as a network-wide ad blocker and privacy tool. It eliminates annoying ads and pop-ups across all devices, resulting in a cleaner and more streamlined browsing experience.


By blocking ad-related domains, Pi-hole accelerates webpage loading times, saving bandwidth and reducing data consumption.


It also enhances online security by blocking access to malicious domains and preventing tracking and data collection by advertisers.


Overall, Pi-hole offers an effective and convenient solution to improve browsing speed, reduce data usage, bolster privacy, and enhance online security and this is a guide on how to setup a pi-hole.


EtherApe

Using EtherApe, I'm going to demonstrate the effectiveness of Pi-hole on a well established bastion of truth and a British institution (cough) and particularly high in Adverts, the Dailymail.


Before the Pi-hole is enabled there's numerous and sustained....

Video pop-ups

Header Ads

Ads on both sides of the news articles

ree

The network noise is... outrageous, both in the number of connections to Ad-sites and the amount of traffic, represented by the heat map.

ree

After the Pi-hole is enabled:

Video pop-ups - gone

Header Ad - gone

Ads on both sides of the news articles - gone

ree

EtherApe is showing a much calmer heat map with farless outbound connections.

ree

Equipment

The following equipment is required, mines from Amazon.


Raspberry Pi 4 Model B - £97.99

SanDisk 128Gb Extreme microSDXC - $16.99

Raspberry Pi 4 USB-C Power Supply - £11.99

Total £126.17


ree

Raspberry Pi Installation

Raspberry Pi makes downloading and burning the image to SSD easy, needing only the Imager executable.


Download and install from https://www.raspberrypi.com/software, the wizard will guide you through the burning process.

ree

Run the Imager and select Operating System.

ree

Select 'Raspberry Pi OS (64-bit)'.

ree

Insert the microSSD into the PC and select Storage and then choose the correct storage.

ree

Click on the cog:

Set credentials, used to manage the pi-hole.

Enable SSH

Save

ree

Click on Write and Yes to the warning message.

ree

The writing process takes a while, its exhausting work, go and top up with a coffee.

ree

Click continue.

ree

If the Format Disk message appears select Canel.

ree

Remove the microSD card from the PC and insert it into the Raspberry Pi device.


Attach the power and ethernet cables, it will power on automatically.


Pi-hole installation

There are a couple of options for the initial configuration, including connecting a monitor, keyboard and mouse.


I've opted for interrogating DHCP for the IP address of the pi-hole, then reserving.


Putty to the to the IP address.

ree

Type admin and the password set earlier.

ree

The first item on the itinerary is installing the latest patches for Raspberry Pi :

sudo apt-get update

sudo apt-get upgrade


I'm stuck behind a firewall and need to point the pi-hole to an internal timesource.


Configure NTP.

sudo apt-get install ntp

sudo apt-get install systemd-timesyncd


sudo nano /etc/systemd/timesyncd.conf

NTP=192.168.0.249


To save changes.

Ctrl + o (output to file)

Ctrl + x (exit file)


sudo timedatectl set-ntp true

sudo reboot


Log back on via Putty


Check time sync

sudo timedatectl timesync-status


Installing Pi-hole is one command, followed by a wizard.


Click Ok to start the Pi-hole configuration.

ree

Read and then click Ok.

ree

Continue.

ree

Yes to set the current IP address assigned.

ree

Ignore, the IP has been reserved in DHCP.

ree

Select the preferred DNS server or add custom DNS entries.


You may wish to consider doubling up on the DNS filtering with the following free services.


OpenDNS provides Family Sheild for blocking adult content:

  • 208.67.222.123

  • 208.67.220.123

Cloudflare provides 1.1.1.1 for Families with the following 2 options

Malware Blocking Only:

  • 1.1.1.2

  • 1.0.0.2

Malware and Adult Content

  • 1.1.1.3

  • 1.0.0.3

ree

Yes to install the default block list.

ree

Yes to install the Admin Web Interface.

ree

Yes to install the pre-requisites.

ree

Yes to enable logging.

ree

Of course, I want to see everything.

ree

Make a note of the Web Admin password and Ok.


The Web Admin password will be updated to something more complex later.

ree

Pi-hole Configuration

Open a browser and enter the IP of the Raspberry Pi, enter the Web Admin password.

ree

Clearly, the most important issue to resolve is the interface, go to the Web Interface in Tools and set the Start Trek theme.

ree

Pi-hole block lists are extensible, consider adding the following adlists.


Don't feel it necessary to add all the lists at once, one at a time and test, some lists may be too restrictive and you'll be forever whitelisting.


Adaway Default Blocklist: Blocking ads and known tracking domains.

  • https://adaway.org/hosts.txt


OISD: Blocks most Ad, Malware, Porn etc.

  • https://oisd.nl/setup


EasyList: A popular list that blocks various types of ads.

  • https://easylist.to/easylist/easylist.txt


EasyPrivacy: A list that focuses on blocking privacy-invading trackers.

  • https://easylist.to/easylist/easyprivacy.txt


MVPS: Blocks ads, banners, and known malicious sites

  • http://winhelp2002.mvps.org/hosts.txt

AD Guard DNS Filter: A DNS filter list by AdGuard that blocks ads and trackers.

  • https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt


Chad Mayfield: Porn Filter

  • https://raw.githubusercontent.com/chadmayfield/my-pihole- blocklists/master/lists/pi_blocklist_porn_all.list


Click on ADLists and add the URL's.

ree

Pi-hole won't automatically block the additional lists, they require processing.


Click on Tools and then Update Gravity and Update.


Gravity will require monthly checks as the online lists are amended.

ree

Updating the Web Admin Password to something a little more complex via Putty. Login with admin and the initial password set in Imager, then type the following.

pihole -a -p

ree

Maintenance

Updating Raspberry Pi and Pi-Hole is essential for security and stability. Regular updates patch vulnerabilities, protecting against cyber threats. They improve system performance and fix bugs.


Every month run the following commands by logging in via Putty and the admin account.


Update Raspberry Pi OS

apt-get update

apt-get upgrade


Update Pi-hole

pihole -up


Update Gravity

pihole -g


Update the Client's DNS Settings


Home User

For home users, DNS, the bit that resolves domain names to IP addresses is handled by the router, either BT, Virgin or Sky etc. Due to the different types of router and potential configurations I'm unable to provide clear and concise guidance. The router's DNS settings need updating to that of the IP of the pi-hole.


My Setup

Meh what can I say, it flips between 2 configurations depending on the cost of energy, my preferred setup is definetly off the cards at this moment.


Current config, a pair of Pi-holes act as DNS proxies, with forwarders from the Domain Controllers (DC's). All client resolution is via the DC's.


Or my preferred setup. The clients point their DNS to a pair of Pi-holes, these pass any queries on to the DC's and finally proxy out via a pair of synology NAS's. The benefit of this config, the Pi-holes log the clients hostnames. The downside is the cost of running the hardware.


ree

Thanks for your time and support by reading this blog. If you found it useful, please share.

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
bottom of page