Instantly share code, notes, and snippets.

Embed
What would you like to do?

CryptoAUSTRALIA Pi-hole Workshop

Instructions using a virtual machine. This guide was written for the CryptoAUSTRALIA Pi-hole workshop.

This is the version of the workshop if you're using a VM to run Pi-hole. If you have a physical Raspberry Pi device (or similar SBC) use these instructions.

Author: Nick Kavadias (CryptoAUSTRALIA)

Install virtual machine manager and import Raspbian VM

  1. Download and Install VirtualBox (Recommended)
  2. Alternative, use VMWare Fusion

Download the OVF.

  1. We've created a purpose built VM for the workshop so you can try out Pi-hole for yourself.

Import and boot the VM

  1. From Virtual Machine Manager (VMM), got to File -> Import or File -> Import Appliance and select .ova file downloaded in previous step

  2. Click Import. Note: It may take several minutes to complete the VM import.

  3. Once complete, you should now have a Linux machine called Raspbian appear in VMM. No need to change the hardware settings. Leave the network configured to use NAT.

  4. Click Start in the VMM.

  5. You should now be booted straight into Raspbian and have a the Raspbian desktop appear.

  6. To check that you have a working system, click on Chromium on the desktop and browse to your favourite website, hopefully it works! If not, you may need to tinker with the NAT settings in VirtualBox to get vm online (change adapter NAT is using?), or proceed with the workshop offline.

  • If you've customised NAT in VirtualBox, try changing VM back to using DHCP, you can do this with sudo raspi-config

Note: system username is pi and password raspberry. The Pi-hole web admin password is also raspberry

Fixing the Keyboard Layout (oops!)

  1. The Keyboard layout is set to UK. Easiest way to fix this is to click on the Raspberry in to left hand side and go to Preferences -> Keyboard and Mouse -> Keyboard -> Keyboard Layout

  2. Click US under Country and then English (US) under variant. Yes, UK keyboards are weird.

  3. Open a new bash terminal and run `

(Re)installing Pi-hole (optional)

  1. Pi-hole is already installed on this VM, but we can easily uninstall and re-install it (only do this step if you've checked in previous step that you're online).

sudo pihole uninstall. The password is raspberry.

  1. Type Y for uninstalling dependencies, you can say N for curl, wget and zip.

  2. You have to reset your dns server not to be yourself. Run the following:

    $ sudo su

    # echo "nameserver 8.8.8.8" > /etc/resolv.conf

  3. Ready to run the Pi-hole installer, run the following command, as per the Pi-hole website:

    # curl -sSL https://install.pi-hole.net | bash

This command should kick off the automated installer.

  1. Once installer starts, you can use arrow keys to navigate and space or enter to accept

  2. Ok all the prompts. Pick an upstream DNS provider. This is the upstream provider your Pi-hole will use, from here, you can basically accept all the defaults.

  3. Accept changes the network settings to a static IP;

  4. accept installing the web admin interface; and

  5. accept logging queries.

Post-install configuration

  1. (Optional) Change the webadmin password:

# pihole -a -p

note: password currently set to raspberry, we have included it in instructions as its good practice and cannot be done in webadmin gui.

  1. If you are curious what other console commands pihole has, try $ pihole -h. Also, -c looks like an interesting switch!

Logging into webadmin

  1. Open up Chrome in the VM and visit http://pi.hole/admin (there should be a bookmark for this)

  2. If the stats are looking sad, click open another tab an do some browsing, try some websites with lots of ads.

Upgrade Pi-hole!

  1. Yes, the version on the VM is out of date. To upgrade pi-hole, you need to use the terminal, so open a terminal windows and run the following: sudo pihole -up.
  2. This may take a few minutes, sit back and watch der pretty lights.

Adding additional blocklists

Add some new lists:

  1. There are some great additional block lists you can add over the default. The default blocklists are stored in /etc/pihole/adlists.list.

  2. You can use the admin portal to add more lists. On the left hand side of web admin portal menu, go to Settings, then click on the + Pi-hole's block lists.

  3. Wally3k maintains a good list of block lists compatible with Pi-hole at https://wally3k.github.io/

  4. Consider adding CryptoAUSTRALIA's favourite block lists

    1. https://hosts-file.net/exp.txt - Websites hosting exploits
    2. https://hosts-file.net/emd.txt - Websites hosting malware
    3. https://hosts-file.net/psh.txt - Phishing websites
    4. https://www.malwaredomainlist.com/hostslist/hosts.txt - Does what it says on the tin, a list of malware domains
    5. https://v.firebog.net/hosts/Airelle-hrsk.txt - Airelle's phishing domains
    6. https://v.firebog.net/hosts/Shalla-mal.txt - Shalla's Blacklists
    7. https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt - Ransomware Tracker - Ransomware block list (general list)
    8. https://ransomwaretracker.abuse.ch/downloads/LY_C2_DOMBL.txt - Ransomware Tracker - Ransomware block list (+ Locky)
    9. https://ransomwaretracker.abuse.ch/downloads/CW_C2_DOMBL.txt - Ransomware Tracker - Ransomware block list (+ CryptoWall)
    10. https://ransomwaretracker.abuse.ch/downloads/TC_C2_DOMBL.txt - Ransomware Tracker - Ransomware block list (+ TeslaCrypt)
    11. https://ransomwaretracker.abuse.ch/downloads/TL_C2_DOMBL.txt - Ransomware Tracker - Ransomware block list (+ TorrentLocker)
    12. http://www.networksec.org/grabbho/block.txt - ThreatExpert.com malware and adware block list
    13. https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts - Unified list for blocking adware and malware
    14. https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt - DShield.org suspicious domains (Medium)
    15. http://someonewhocares.org/hosts/hosts - Dan Pollock's list blocking ads and spyware
    16. https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt - Block Windows 10 telemetry domains
    17. https://v.firebog.net/hosts/static/SamsungSmart.txt - Block Samsung SmartTV trackers
    18. https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt - Disconnect.me anti-malvertising
    19. https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt - Disconnect.me ad-blocker
    20. https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt - Disconnect.me anti-tracking
    21. https://raw.githubusercontent.com/StevenBlack/hosts/master/data/SpotifyAds/hosts - Block Spotify Free Ads
    22. https://gist.githubusercontent.com/anudeepND/adac7982307fec6ee23605e281a57f1a/raw/5b8582b906a9497624c3f3187a49ebc23a9cf2fb/Test.txt - Block YouTube ads
    23. https://v.firebog.net/hosts/Easylist.txt - EasyList (same feed as in uBlock/Adblock browser plugins)
    24. http://www.joewein.net/dl/bl/dom-bl.txt - jwSpamSpy - Domains from Spam emails
  5. Paste the URL into the admin page textbox and wait

Blocking YouTube Ads

  1. Add the following sites to your blacklist. Make sure googlevideo.com domains are added as wildcards.
  2. This won't work if you're using Chrome. Refer to this discussion.

Finding out what's been blocked

  1. Sometimes you'll find a website is behaving strange. If you think Pi-hole is to blame, you can click Disable -> 5 minutes You can then try reloading the page.

  2. You can also look at the query log and then click status & sort by what's been blocked. You can try whitelisting the site by clicking whitelist button and see if that fixes it. If it doesn't, you can then remove the site you just whitelisted by going to Whitelist and removing it.

Poke around

  1. Open up terminal and try:

    $ nslookup googleads.g.doubleclick.net

  2. Compare previous result to resolving directly against Google's DNS servers:

    $ nslookup googleads.g.doubleclick.net 8.8.8.8

  3. Try visiting http://googleads.g.doubleclick.net in a web browser, the web page should be blocked

  4. Try visiting http://googleads.g.doubleclick.net/test.js, the JavaScript file should be just one line long

  5. (new for v3.2) Try setting up a custom block page creating /var/www/html/pihole/custom.php.

  6. (new for v3.2) Setup a contact email on the block page, pihole -a email BOFH@example.com

More information

If you are stuck or need more information, tweet CryptoAUSTRALIA on Twitter or ping us on Slack

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment