The Hole Truth

Charly's Column – Pi-hole

Article from Issue 200/2017
Author(s):

A strange rule seems to dictate that the most useless products and services have the most annoying online advertising. Columnist Charly blocks the garish advertising for all computers on his network centrally with the Pi-hole tool, which is not only for Raspberry Pi devices.

There are two irreconcilable camps in the discussion on the use of banners and skyscrapers on websites: One is populated by people who get annoyed by garish, flashing, fidgety advertising formats that remind them of neon signs from the 50s. An increasing number of these users simply reject advertising on the web as garbage. The opposing camp is occupied by website owners – amateur bloggers, to name just one example – for whom advertising is the only way to recoup their costs for servers and other things.

People who place ads on their websites usually source them from one of several large commercial networks and simply create placeholders on the sites, which are then later replaced with the ads. Most people do not know exactly what advertising their site is showing at any given time.

The ad networks, in turn, allow the ad creators a great amount of freedom. It is no longer only images that are used here, but also JavaScript and the like. Criminals exploit this to display manipulated advertisements that scan the visitor's browser for vulnerabilities and – if they find any – install malicious software or animate the user to download applications of dubious repute. It can thus happen that visiting a highly reputable website actually infects your own PC with malware.

Those who are aware of this "malvertising" – a word composed from malware and advertising – or are simply annoyed by the visual overkill can turn to an ad blocker in the form of a plugin for their browser. But because I have many computers, I need a centralized, easy-to-maintain instance that solves the problem. It seems to me that Pi-hole [1] is extremely useful for this task. The tool got its name from the company that originally developed it for use on a Raspberry Pi, but it has long since been adapted for deployment on most standard Linux distributions.

Pi-hole is underpinned by the lean Dnsmasq DNS server with a special configuration. I entered Pi-hole as the DNS server on all my clients, and it now filters out the undesirable requests by the clients to ad networks and submits the remaining DNS requests to the regular DNS server.

Easy Install

The easiest way to install Pi-hole is with the following command:

curl -sSL https://install.pi-hole.net | bash

Security-conscious admins might go into meltdown at the sight of this line, but the makers of Pi-hole have a way of calming them down. Of course, anyone can download the code, inspect it at their leisure, and then proceed with the install. Corresponding links and instructions can also be found online [1]. When done, the installer displays a randomly generated password for the web interface. You can access it on http://<IP address>/admin.

The web interface is visually appealing and offers a wealth of statistics (see Figure 1). You also can maintain your own blacklists and whitelists there. I make good use of this option, because I do not oppose advertising on the web as a matter of principle; I thus specifically add sites that I would like to support to the white list. In return, I punish sites that are badly behaved – because they install poster-sized pop-overs, for example – with a blacklist entry that filters their ads directly into a black hole.

Figure 1: The Pi-hole UI, which is appealing both visually and in terms of content, presents various statistics and lists.

Incidentally, there is no advertising at all on pi-hole.net. The project is free, and the code is open source. The authors simply ask you to donate an amount of your choosing. It would be nice if many people complied.

Charly Kühnast

Charly Kühnast manages Unix systems in the data center in the Lower Rhine region of Germany. His responsibilities include ensuring the security and availability of firewalls and the DMZ.

Infos

  1. Pi-hole: https://pi-hole.net

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • The sys admin's daily grind: colorls

    The first time in our lives we got to a black-and-white Linux or Unix shell, most of us probably typed ls first. In a mixture of nostalgia and the knowledge that life is colorful, columnist Charly Kühnast plays a colorful trump card with colorls.

  • Charly's Column – Speedometer

    Thanks to LTE, state-of-the-art Internet technology has now made its way into Charly's quiet home. Accustomed to the sorrows of low surf speeds, our columnist prefers to make his own measurements.

  • Charly's Column

    Zsync handles a special case: large volume download files that change frequently but not drastically. Charly shows how this handy file fetcher can save you time and bandwidth.

  • Charly's Column

    On a trip to Berlin, Charly discovers that the nmap port scanner has a new cousin who enjoys spying on phones – smap scans networks for VoIP devices.

  • Charly's Column

    If you do not receive a response to a ping, or if the response is seriously delayed, you might like to take this as a warning. But who wants to ping all day? You need a ping-based monitoring utility like Smokeping.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News