CryptoAUSTRALIA Pi-hole Workshop
Instructions using a virtual machine. This guide was written for the CryptoAUSTRALIA Pi-hole workshop.
This is the version of the workshop if you're using a VM to run Pi-hole. If you have a physical Raspberry Pi device (or similar SBC) use these instructions.
Author: Nick Kavadias (CryptoAUSTRALIA)
Install virtual machine manager and import Raspbian VM
Download the OVF.
- We've created a purpose built VM for the workshop so you can try out Pi-hole for yourself.
- VirtualBox: https://s3-ap-southeast-2.amazonaws.com/dl.cryptoaustralia.org.au/workshops/Raspbian.ova?torrent
- VMware Fusion: https://s3-ap-southeast-2.amazonaws.com/dl.cryptoaustralia.org.au/workshops/Raspbian-vmware.ova?torrent
Import and boot the VM
From Virtual Machine Manager (VMM), got to File -> Import or File -> Import Appliance and select
.ovafile downloaded in previous step
Click Import. Note: It may take several minutes to complete the VM import.
Once complete, you should now have a Linux machine called Raspbian appear in VMM. No need to change the hardware settings. Leave the network configured to use NAT.
Click Start in the VMM.
You should now be booted straight into Raspbian and have a the Raspbian desktop appear.
To check that you have a working system, click on Chromium on the desktop and browse to your favourite website, hopefully it works! If not, you may need to tinker with the NAT settings in VirtualBox to get vm online (change adapter NAT is using?), or proceed with the workshop offline.
- If you've customised NAT in VirtualBox, try changing VM back to using DHCP, you can do this with
Note: system username is
pi and password
raspberry. The Pi-hole web admin password is also
Fixing the Keyboard Layout (oops!)
The Keyboard layout is set to UK. Easiest way to fix this is to click on the Raspberry in to left hand side and go to Preferences -> Keyboard and Mouse -> Keyboard -> Keyboard Layout
USunder Country and then
English (US)under variant. Yes, UK keyboards are weird.
Open a new bash terminal and run `
(Re)installing Pi-hole (optional)
- Pi-hole is already installed on this VM, but we can easily uninstall and re-install it (only do this step if you've checked in previous step that you're online).
sudo pihole uninstall. The password is
Yfor uninstalling dependencies, you can say N for curl, wget and zip.
You have to reset your dns server not to be yourself. Run the following:
$ sudo su
# echo "nameserver 220.127.116.11" > /etc/resolv.conf
Ready to run the Pi-hole installer, run the following command, as per the Pi-hole website:
# curl -sSL https://install.pi-hole.net | bash
This command should kick off the automated installer.
Once installer starts, you can use arrow keys to navigate and space or enter to accept
Ok all the prompts. Pick an upstream DNS provider. This is the upstream provider your Pi-hole will use, from here, you can basically accept all the defaults.
Accept changes the network settings to a static IP;
accept installing the web admin interface; and
accept logging queries.
- (Optional) Change the webadmin password:
# pihole -a -p
note: password currently set to raspberry, we have included it in instructions as its good practice and cannot be done in webadmin gui.
- If you are curious what other console commands pihole has, try
$ pihole -h. Also,
-clooks like an interesting switch!
Logging into webadmin
Open up Chrome in the VM and visit http://pi.hole/admin (there should be a bookmark for this)
If the stats are looking sad, click open another tab an do some browsing, try some websites with lots of ads.
- Yes, the version on the VM is out of date. To upgrade pi-hole, you need to use the terminal, so open a terminal windows and run the following:
sudo pihole -up.
- This may take a few minutes, sit back and watch der pretty lights.
Adding additional blocklists
Add some new lists:
There are some great additional block lists you can add over the default. The default blocklists are stored in
You can use the admin portal to add more lists. On the left hand side of web admin portal menu, go to Settings, then click on the + Pi-hole's block lists.
Consider adding CryptoAUSTRALIA's favourite block lists
https://hosts-file.net/exp.txt- Websites hosting exploits
https://hosts-file.net/emd.txt- Websites hosting malware
https://hosts-file.net/psh.txt- Phishing websites
https://www.malwaredomainlist.com/hostslist/hosts.txt- Does what it says on the tin, a list of malware domains
https://v.firebog.net/hosts/Airelle-hrsk.txt- Airelle's phishing domains
https://v.firebog.net/hosts/Shalla-mal.txt- Shalla's Blacklists
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt- Ransomware Tracker - Ransomware block list (general list)
https://ransomwaretracker.abuse.ch/downloads/LY_C2_DOMBL.txt- Ransomware Tracker - Ransomware block list (+ Locky)
https://ransomwaretracker.abuse.ch/downloads/CW_C2_DOMBL.txt- Ransomware Tracker - Ransomware block list (+ CryptoWall)
https://ransomwaretracker.abuse.ch/downloads/TC_C2_DOMBL.txt- Ransomware Tracker - Ransomware block list (+ TeslaCrypt)
https://ransomwaretracker.abuse.ch/downloads/TL_C2_DOMBL.txt- Ransomware Tracker - Ransomware block list (+ TorrentLocker)
http://www.networksec.org/grabbho/block.txt- ThreatExpert.com malware and adware block list
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts- Unified list for blocking adware and malware
https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt- DShield.org suspicious domains (Medium)
http://someonewhocares.org/hosts/hosts- Dan Pollock's list blocking ads and spyware
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt- Block Windows 10 telemetry domains
https://v.firebog.net/hosts/static/SamsungSmart.txt- Block Samsung SmartTV trackers
https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt- Disconnect.me anti-malvertising
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt- Disconnect.me ad-blocker
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt- Disconnect.me anti-tracking
https://raw.githubusercontent.com/StevenBlack/hosts/master/data/SpotifyAds/hosts- Block Spotify Free Ads
https://gist.githubusercontent.com/anudeepND/adac7982307fec6ee23605e281a57f1a/raw/5b8582b906a9497624c3f3187a49ebc23a9cf2fb/Test.txt- Block YouTube ads
https://v.firebog.net/hosts/Easylist.txt- EasyList (same feed as in uBlock/Adblock browser plugins)
http://www.joewein.net/dl/bl/dom-bl.txt- jwSpamSpy - Domains from Spam emails
Paste the URL into the admin page textbox and wait
Blocking YouTube Ads
- Add the following sites to your blacklist. Make sure googlevideo.com domains are added as wildcards.
- This won't work if you're using Chrome. Refer to this discussion.
Finding out what's been blocked
Sometimes you'll find a website is behaving strange. If you think Pi-hole is to blame, you can click Disable -> 5 minutes You can then try reloading the page.
You can also look at the query log and then click status & sort by what's been blocked. You can try whitelisting the site by clicking whitelist button and see if that fixes it. If it doesn't, you can then remove the site you just whitelisted by going to Whitelist and removing it.
Open up terminal and try:
$ nslookup googleads.g.doubleclick.net
Compare previous result to resolving directly against Google's DNS servers:
$ nslookup googleads.g.doubleclick.net 18.104.22.168
Try visiting http://googleads.g.doubleclick.net in a web browser, the web page should be blocked
(new for v3.2) Try setting up a custom block page creating
(new for v3.2) Setup a contact email on the block page,
pihole -a email BOFH@example.com