Instantly share code, notes, and snippets.

Embed
What would you like to do?
Raspberry Pi instructions for Pi-hole setup

CryptoAUSTRALIA Pi-hole Workshop

Instructions using a physical Raspberry Pi (or compatible SBC). This guide was written for the CryptoAUSTRALIA Pi-hole workshop.

This is the version of the workshop if you're using a Raspberry Pi. If you want the VM version of these instructions, look here.

Author: Nick Kavadias (CryptoAUSTRALIA)

Get the Raspbian Lite image onto an SD Card

  1. Download the latest version of Raspbian Lite We will also have copies available during workshop. You can verify that the image hashes match too.
  2. Download and install Etcher
  3. Insert sd card compatible with your RPi and start Etcher. Select the Raspbian Lite zip image and click Flash! If you get errors, double check that your SD Card/reader hasn't been set to 'lock'

Optional: Edit the boot directory on the image (do this if you do not know your MAC address and want an easy way to find your device in the workshop)

  1. Make sure you are dealing with the first partition on sd card (this should be readable on a Windows/Mac computer)
  2. Create an empty file called ssh to turn on ssd at boot. touch ssh
  3. add the following to the end of cmdline.txt to change the mac address of the device, make it unique. Hex values only, i.e. 0-9,A-F smsc95xx.macaddr=B8:AA:12:34:56:FF

Plug your device, find IP and ssh to it

  1. this is the hardest part of the workshop!

  2. Plug your device into the network with ethernet and power it. Should see a red flashy light.

  3. Try to following steps in order, depending on the specific setup for workshop there may be varying levels of success with each, find out what works.

  4. Make sure your laptop is plugged into the same network, and try to ping the default hostname . ping raspberrypi

  5. Scan the network, then check arp cache on your laptop and look for your mac address. On Windows this is arp -a command.

  6. All else fails, plug it into a monitor and see if its booting. You should see a message with the IP address come up

ssh into your Raspberry Pi device

  1. should have got the ip address from previous step. ssh into your device ssh pi@<ipaddress>. The default username is pi, default password is raspberry

  2. Change your hostname with sudo nano /etc/hostname. If you don't like nano as a text editor, you can install vim with sudo apt install vim

  3. Change the password of your device with passwd

  4. Ready to run the Pi-hole installer, run the following command, as per the Pi-hole website:

    # curl -sSL https://install.pi-hole.net | bash

This command should kick off the automated installer.

  1. Once installer starts, you can use arrow keys to navigate and space or enter to accept

  2. Ok all the prompts. Pick an upstream DNS provider. This is the upstream provider your Pi-hole will use, from here, you can basically accept all the defaults.

  3. Accept changes the network settings to a static IP;

  4. accept installing the web admin interface; and

  5. accept logging queries.

Post-install configuration

  1. (Optional) Change the webadmin password:

# pihole -a -p

note: password currently set to raspberry, we have included it in instructions as its good practice and cannot be done in webadmin gui.

  1. If you are curious what other console commands pihole has, try $ pihole -h. Also, -c looks like an interesting switch!

Change DNS of your laptop to point to your Pi-hole

  1. Serveral ways of doing this depending on your operating system.
  • On Windows, you can use a utility called Simple IP Config
  • On a Linux type system you can try echo "namserver <ipaddress> >/etc/resolv.conf

Logging into webadmin

  1. Open up a browser on your laptop and navigate to http://<ipaddress>/admin where is the actual ip address found in previous step.

  2. If the stats are looking sad, click open another browsing window on your computer and try some websites with lots of ads.

  3. Go back and check the Pi-hole admin dasboard, it should be populated with statistics now. If it is not, make sure you have set the DNS server on your computer to use your Pi-hole device.

Adding additional blocklists

Add some new lists:

  1. There are some great additional block lists you can add over the default. The default blocklists are stored in /etc/pihole/adlists.list.

  2. You can use the admin portal to add more lists. On the left hand side of web admin portal menu, go to Settings, then click on the + Pi-hole's block lists.

  3. Wally3k maintains a good list of block lists compatible with Pi-hole at https://wally3k.github.io/

  4. Consider adding CryptoAUSTRALIA's favourite block lists

    1. https://hosts-file.net/exp.txt - Websites hosting exploits
    2. https://hosts-file.net/emd.txt - Websites hosting malware
    3. https://hosts-file.net/psh.txt - Phishing websites
    4. https://www.malwaredomainlist.com/hostslist/hosts.txt - Does what it says on the tin, a list of malware domains
    5. https://v.firebog.net/hosts/Airelle-hrsk.txt - Airelle's phishing domains
    6. https://v.firebog.net/hosts/Shalla-mal.txt - Shalla's Blacklists
    7. https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt - Ransomware Tracker - Ransomware block list (general list)
    8. https://ransomwaretracker.abuse.ch/downloads/LY_C2_DOMBL.txt - Ransomware Tracker - Ransomware block list (+ Locky)
    9. https://ransomwaretracker.abuse.ch/downloads/CW_C2_DOMBL.txt - Ransomware Tracker - Ransomware block list (+ CryptoWall)
    10. https://ransomwaretracker.abuse.ch/downloads/TC_C2_DOMBL.txt - Ransomware Tracker - Ransomware block list (+ TeslaCrypt)
    11. https://ransomwaretracker.abuse.ch/downloads/TL_C2_DOMBL.txt - Ransomware Tracker - Ransomware block list (+ TorrentLocker)
    12. http://www.networksec.org/grabbho/block.txt - ThreatExpert.com malware and adware block list
    13. https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts - Unified list for blocking adware and malware
    14. https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt - DShield.org suspicious domains (Medium)
    15. http://someonewhocares.org/hosts/hosts - Dan Pollock's list blocking ads and spyware
    16. https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/win10/spy.txt - Block Windows 10 telemetry domains
    17. https://v.firebog.net/hosts/static/SamsungSmart.txt - Block Samsung SmartTV trackers
    18. https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt - Disconnect.me anti-malvertising
    19. https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt - Disconnect.me ad-blocker
    20. https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt - Disconnect.me anti-tracking
    21. https://raw.githubusercontent.com/StevenBlack/hosts/master/data/SpotifyAds/hosts - Block Spotify Free Ads
    22. https://gist.githubusercontent.com/anudeepND/adac7982307fec6ee23605e281a57f1a/raw/5b8582b906a9497624c3f3187a49ebc23a9cf2fb/Test.txt - Block YouTube ads
    23. https://v.firebog.net/hosts/Easylist.txt - EasyList (same feed as in uBlock/Adblock browser plugins)
    24. http://www.joewein.net/dl/bl/dom-bl.txt - jwSpamSpy - Domains from Spam emails
  5. Paste the URL into the admin page textbox and wait

Finding out what's been blocked

  1. Sometimes you'll find a website is behaving strange. If you think Pi-hole is to blame, you can click Disable -> 5 minutes You can then try reloading the page.

  2. You can also look at the query log and then click status & sort by what's been blocked. You can try whitelisting the site by clicking whitelist button and see if that fixes it. If it doesn't, you can then remove the site you just whitelisted by going to Whitelist and removing it.

Blocking YouTube Ads

  1. Add the following sites to your blacklist. Make sure googlevideo.com domains are added as wildcards.
  2. This won't work if you're using Chrome. Refer to this discussion.

Poke around

  1. Open up terminal and try:

    $ nslookup googleads.g.doubleclick.net

  2. Compare previous result to resolving directly against Google's DNS servers:

    $ nslookup googleads.g.doubleclick.net 8.8.8.8

  3. Try visiting http://googleads.g.doubleclick.net in a web browser, the web page should be blocked

  4. Try visiting http://googleads.g.doubleclick.net/test.js, the JavaScript file should be just one line long

  5. (new for v3.2) Try setting up a custom block page creating /var/www/html/pihole/custom.php.

  6. (new for v3.2) Setup a contact email on the block page, pihole -a email BOFH@example.com

If you want to use your Pi-hole setup at home

  1. If want to take your Pi-hole config back home to use without setting it back up from scratch, be aware your RPi has now been confiured with a static IP address with the details on the workshop network.

  2. To avoid having to plug your RPi into a monitor/keyboard/mouse when you get back home, do the following:

  3. Edit the /etc/dhcpcd.conf file and remove the static ip settings:

    1. sudo su
    2. nano /etc/dhcpcd.conf
    3. Delete the following last 3 lines in the file which set a static IP:

    interface eth0

    static ip_address=x.x.x.x/x

    static routers=x.x.x.x

    static domain_name_servers=x.x.x.x

  4. You will need to re-run the Pi-Hole installer when you get home to reconfigure the services with your home IP. i.e. the ssh into your Raspberry Pi device step

More information

If you are stuck or need more information, tweet CryptoAUSTRALIA on Twitter or ping us on Slack

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment