Instructions using a virtual machine. This guide was written for the CryptoAUSTRALIA Pi-hole workshop.
This is the version of the workshop if you're using a VM to run Pi-hole. If you have a physical Raspberry Pi device (or similar SBC) use these instructions.
Author: Nick Kavadias (CryptoAUSTRALIA)
- Download and Install VirtualBox (Recommended)
- Alternative, use VMWare Fusion
- We've created a purpose built VM for the workshop so you can try out Pi-hole for yourself.
- VirtualBox: https://s3-ap-southeast-2.amazonaws.com/dl.cryptoaustralia.org.au/workshops/Raspbian.ova?torrent
- VMware Fusion: https://s3-ap-southeast-2.amazonaws.com/dl.cryptoaustralia.org.au/workshops/Raspbian-vmware.ova?torrent
-
From Virtual Machine Manager (VMM), got to File -> Import or File -> Import Appliance and select
.ova
file downloaded in previous step -
Click Import. Note: It may take several minutes to complete the VM import.
-
Once complete, you should now have a Linux machine called Raspbian appear in VMM. No need to change the hardware settings. Leave the network configured to use NAT.
-
Click Start in the VMM.
-
You should now be booted straight into Raspbian and have a the Raspbian desktop appear.
-
To check that you have a working system, click on Chromium on the desktop and browse to your favourite website, hopefully it works! If not, you may need to tinker with the NAT settings in VirtualBox to get vm online (change adapter NAT is using?), or proceed with the workshop offline.
- If you've customised NAT in VirtualBox, try changing VM back to using DHCP, you can do this with
sudo rasp-config
Note: system username is pi
and password raspberry
. The Pi-hole web admin password is also raspberry
-
Pi-hole is already installed on this VM, but we can easily uninstall and re-install it (only do this step if you've checked in previous step that you're online).
-
The Keyboard layout is set to UK. Easiest way to fix this is to click on the Raspberry in to left hand side and go to Preferences -> Keyboard and Mouse -> Keyboard -> Keyboard Layout
-
Click
US
under Country and thenEnglish (US)
under variant. Yes, UK keyboards are weird. -
Open a new bash terminal and run `
sudo pihole uninstall. The password is
raspberry`.
-
Type
Y
for uninstalling dependencies, you can say N for curl, wget and zip. -
You have to reset your dns server not to be yourself. Run the following:
$ sudo su
# echo "nameserver 8.8.8.8" > /etc/resolv.conf
-
Ready to run the Pi-hole installer, run the following command, as per the Pi-hole website:
# curl -sSL https://install.pi-hole.net | bash
This command should kick off the automated installer.
-
Once installer starts, you can use arrow keys to navigate and space or enter to accept
-
Ok all the prompts. Pick an upstream DNS provider. This is the upstream provider your Pi-hole will use, from here, you can basically accept all the defaults.
-
Accept changes the network settings to a static IP;
-
accept installing the web admin interface; and
-
accept logging queries.
- (Optional) Change the webadmin password:
# pihole -a -p
note: password currently set to raspberry, we have included it in instructions as its good practice and cannot be done in webadmin gui.
- If you are curious what other console commands pihole has, try
$ pihole -h
. Also,-c
looks like an interesting switch!
-
Open up Chrome in the VM and visit http://pi.hole/admin (there should be a bookmark for this)
-
If the stats are looking sad, click open another tab an do some browsing, try some websites with lots of ads.
Add some new lists:
-
There are some great additional block lists you can add over the default. The default blocklists are stored in
/etc/pihole/adlists.list
. -
You can use the admin portal to add more lists. On the left hand side of web admin portal menu, go to Settings, then click on the + Pi-hole's block lists.
-
Wally3k maintains a good list of block lists compatible with Pi-hole at https://wally3k.github.io/
-
Consider adding CryptoAUSTRALIA's favourite community-managed block lists
https://hosts-file.net/exp.txt
- hpHosts - Websites hosting exploitshttps://hosts-file.net/emd.txt
- hpHosts - Websites hosting malwarehttps://hosts-file.net/psh.txt
- hpHosts - Phishing websiteshttps://www.malwaredomainlist.com/hostslist/hosts.txt
- Extensive list by Malware Domain Listhttps://v.firebog.net/hosts/Airelle-hrsk.txt
- Airelle's list of phishing domainshttps://v.firebog.net/hosts/Shalla-mal.txt
- Shalla's Ad and Spyware Blacklistshttps://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
- Ransomware Tracker - Ransomware C2 server block list (generic)https://ransomwaretracker.abuse.ch/downloads/LY_C2_DOMBL.txt
- Ransomware Tracker - Ransomware C2 server block list (Locky)https://ransomwaretracker.abuse.ch/downloads/CW_C2_DOMBL.txt
- Ransomware Tracker - Ransomware C2 server block list (CryptoWall)https://ransomwaretracker.abuse.ch/downloads/TC_C2_DOMBL.txt
- Ransomware Tracker - Ransomware C2 server block list (TeslaCrypt)https://ransomwaretracker.abuse.ch/downloads/TL_C2_DOMBL.txt
- Ransomware Tracker - Ransomware C2 server block list (TorrentLocker)http://www.networksec.org/grabbho/block.txt
- ThreatExpert.com's malware and adware block listhttps://isc.sans.edu/feeds/suspiciousdomains_Medium.txt
- DShield.org Suspicious Domain List (Medium-level)http://someonewhocares.org/hosts/hosts
- Dan Pollock's list blocking ads and spywarehttps://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt
- WindowsSpyBlocker - Blocks Windows 10 telemetry domainshttps://v.firebog.net/hosts/static/SamsungSmart.txt
- Blocks Samsung SmartTV trackershttps://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
- Disconnect.me anti-malvertisinghttps://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
- Disconnect.me ad-blockerhttps://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
- Disconnect.me anti-trackinghttps://gist.githubusercontent.com/anudeepND/adac7982307fec6ee23605e281a57f1a/raw/5b8582b906a9497624c3f3187a49ebc23a9cf2fb/Test.txt
- Block YouTube adshttps://v.firebog.net/hosts/Easylist.txt
- EasyList - Might be familiar from the uBlock and Adblock browser pluginshttp://www.joewein.net/dl/bl/dom-bl.txt
- jwSpamSpy - Domains featured in Spam emails
-
Paste the URL into the admin page textbox and wait
-
Sometimes you'll find a website is behaving strange. If you think Pi-hole is to blame, you can click Disable -> 5 minutes You can then try reloading the page.
-
You can also look at the query log and then click status & sort by what's been blocked. You can try whitelisting the site by clicking whitelist button and see if that fixes it. If it doesn't, you can then remove the site you just whitelisted by going to Whitelist and removing it.
-
Open up terminal and try:
$ nslookup googleads.g.doubleclick.net
-
Compare previous result to resolving directly against Google's DNS servers:
$ nslookup googleads.g.doubleclick.net 8.8.8.8
-
Try visiting http://googleads.g.doubleclick.net in a web browser, the web page should be blocked
-
Try visiting http://googleads.g.doubleclick.net/test.js, the JavaScript file should be just one line long
If you are stuck or need more information, tweet CryptoAUSTRALIA on Twitter or ping us on Slack