The Hole Truth
Charly's Column – Pi-hole
A strange rule seems to dictate that the most useless products and services have the most annoying online advertising. Columnist Charly blocks the garish advertising for all computers on his network centrally with the Pi-hole tool, which is not only for Raspberry Pi devices.
There are two irreconcilable camps in the discussion on the use of banners and skyscrapers on websites: One is populated by people who get annoyed by garish, flashing, fidgety advertising formats that remind them of neon signs from the 50s. An increasing number of these users simply reject advertising on the web as garbage. The opposing camp is occupied by website owners – amateur bloggers, to name just one example – for whom advertising is the only way to recoup their costs for servers and other things.
People who place ads on their websites usually source them from one of several large commercial networks and simply create placeholders on the sites, which are then later replaced with the ads. Most people do not know exactly what advertising their site is showing at any given time.
The ad networks, in turn, allow the ad creators a great amount of freedom. It is no longer only images that are used here, but also JavaScript and the like. Criminals exploit this to display manipulated advertisements that scan the visitor's browser for vulnerabilities and – if they find any – install malicious software or animate the user to download applications of dubious repute. It can thus happen that visiting a highly reputable website actually infects your own PC with malware.
Those who are aware of this "malvertising" – a word composed from malware and advertising – or are simply annoyed by the visual overkill can turn to an ad blocker in the form of a plugin for their browser. But because I have many computers, I need a centralized, easy-to-maintain instance that solves the problem. It seems to me that Pi-hole [1] is extremely useful for this task. The tool got its name from the company that originally developed it for use on a Raspberry Pi, but it has long since been adapted for deployment on most standard Linux distributions.
Pi-hole is underpinned by the lean Dnsmasq DNS server with a special configuration. I entered Pi-hole as the DNS server on all my clients, and it now filters out the undesirable requests by the clients to ad networks and submits the remaining DNS requests to the regular DNS server.
Easy Install
The easiest way to install Pi-hole is with the following command:
curl -sSL https://install.pi-hole.net | bash
Security-conscious admins might go into meltdown at the sight of this line, but the makers of Pi-hole have a way of calming them down. Of course, anyone can download the code, inspect it at their leisure, and then proceed with the install. Corresponding links and instructions can also be found online [1]. When done, the installer displays a randomly generated password for the web interface. You can access it on http://<IP address>/admin
.
The web interface is visually appealing and offers a wealth of statistics (see Figure 1). You also can maintain your own blacklists and whitelists there. I make good use of this option, because I do not oppose advertising on the web as a matter of principle; I thus specifically add sites that I would like to support to the white list. In return, I punish sites that are badly behaved – because they install poster-sized pop-overs, for example – with a blacklist entry that filters their ads directly into a black hole.

Incidentally, there is no advertising at all on pi-hole.net. The project is free, and the code is open source. The authors simply ask you to donate an amount of your choosing. It would be nice if many people complied.
Charly Kühnast
Charly Kühnast manages Unix systems in the data center in the Lower Rhine region of Germany. His responsibilities include ensuring the security and availability of firewalls and the DMZ.
Infos
- Pi-hole: https://pi-hole.net
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Direct Download
Read full article as PDF:
Price $2.95
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
News
-
KDE Plasma 5.27 Beta is Ready for Testing
The latest beta iteration of the KDE Plasma desktop is now available and includes some important additions and fixes.
-
Netrunner OS 23 Is Now Available
The latest version of this Linux distribution is now based on Debian Bullseye and is ready for installation and finally hits the KDE 5.20 branch of the desktop.
-
New Linux Distribution Built for Gamers
With a Gnome desktop that offers different layouts and a custom kernel, PikaOS is a great option for gamers of all types.
-
System76 Beefs Up Popular Pangolin Laptop
The darling of open-source-powered laptops and desktops will soon drop a new AMD Ryzen 7-powered version of their popular Pangolin laptop.
-
Nobara Project Is a Modified Version of Fedora with User-Friendly Fixes
If you're looking for a version of Fedora that includes third-party and proprietary packages, look no further than the Nobara Project.
-
Gnome 44 Now Has a Release Date
Gnome 44 will be officially released on March 22, 2023.
-
Nitrux 2.6 Available with Kernel 6.1 and a Major Change
The developers of Nitrux have officially released version 2.6 of their Linux distribution with plenty of new features to excite users.
-
Vanilla OS Initial Release Is Now Available
A stock GNOME experience with on-demand immutability finally sees its first production release.
-
Critical Linux Vulnerability Found to Impact SMB Servers
A Linux vulnerability with a CVSS score of 10 has been found to affect SMB servers and can lead to remote code execution.
-
Linux Mint 21.1 Now Available with Plenty of Look and Feel Changes
Vera has arrived and although it is still using kernel 5.15, there are plenty of improvements sure to please everyone.