How to block ads and malware from your network with Pi Hole

Overview

Malware and unwanted software is easily spread through fake ads which can popup or pop under on a website.  You or your employees could be putting your company data at risk by accidentally clicking on these ads that could be serving up dangerous software to your computers.  Even clicking on harmless white space might end up with you unintentionally clicking on a hidden advertisement.  To avoid this problem you could install “adblock” a software extension for some browsers, depending on what type of browser your company uses you might have to do some research on which one is a good fit for you.  And with these ad blockers they may still serve up some ads.

A better way that I have found to do this is setup your own ad blocking device on your network and for less than $100 you can buy all the parts and easily set it up yourself. If you find this too intimidating then we could come to arrangement where we set it up for you (email admin@securitybreach.online for more info) and all you will need to do is power it up within your company and your ad blocking will start as soon as you plug it in.  The software not only blocks ad’s you can also set it up to block pornography and other illicit websites that you don’t want your employees or family members clicking on.  The device comes with an easily internal web portal to display ad blocking statistics or allow you to block other websites.

The ad blocking device is created with a Raspberry Pi – a mini computer smaller than your cellphone.

The device is called a Pi-Hole.

Parts

To build a Pi-Hole you will need the following:

A raspberry Pi Zero W, you can use other types of Raspberry Pi’s but this is the one that I decided to go with.  If you had more than 10 employees or family members and available space on your network router then you might want to buy the Raspberry Pi with a network port which would be called the Raspberry Pi 3

Otherwise the wireless version is all you need you can buy it using the link below – I have assured that all you will need is in the link below.

CanaKit Raspberry Pi Zero W (Wireless) Starter Kit with Official Case

Raspberry Pi Zero W

Another thing which I found useful is a micro sd to usb reader because the SD card that the kit came with gave me some “write protection” errors when I tried to put the software from my computer onto the SD card

You can buy one from here: http://amzn.to/2jwDRgk

Prepare the Pi

After you receive everything you want to firstly put your Raspberry Pi Zero into the case that came in the bundle you purchased.  You want to put the micro sd card into your computer via the micro sd to usb reader – you can also try the adapter that came with your bundle.

You will want to now download the latest raspbian pi lite software to your computer and save it somewhere you remember: https://downloads.raspberrypi.org/raspbian_lite_latest

This will download a zip file to your computer and you will have to extract the image file before putting it on the card.  You will need to download a separate piece of software in order to “flash” your sd card.  There are many types of software but I found that the one that was the easiest to use was called Etcher.

How to use Etcher

Run the Etcher software and select the image file from the zip file and then select the sd card from and press flash.  After about 10 – 15 mins you will have a Raspberry Pi ready sd card to put into your new Raspberry Pi Device.  Before you do this though you will want to do a couple more things in order to make it easier to make your network ad blocker.

If you burned or flashed the sd card properly you should now see it containing a folder called “boot”.In this folder you will need to create three files:

There are two text files we will create/edit in boot.

wpa_supplicant.conf – wifi settings

ssh – an empty text file to enable ssh

The first file you will need to create is wpa_supplicant.  So using notepad, copy the following text into notepad:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
ssid=”YOURSSID”
psk=”YOURPASSWORD”
scan_ssid=1
}

Where it is “YOURSSID” and “YOURPASSWORD” put your wifi network name and your wifi password.  For example if your wifi network was called mynetwork and your password was called kittens it would look like this:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
ssid=”mynetwork”
psk=”kittens”
scan_ssid=1
}

After you have done this, save the file as wpa_supplicant.conf (you can change the save type to all files) and save it in the sd card into the boot directory.

You also want to create a new file and don’t write anything into it and save that as ssh (change the type to all files) with no extension and save that into the boot directory as well.

Now you are already to power up the Raspberry Pi Zero.

Powering up the Pi

To power up the Pi for the first time you will need a computer monitor with hdmi – you can use your tv if you can’t find anything else.  Use the usb to HDMI connector and then plug the hdmi cable into that.

You will need to plug the power adapter into a power bar and then plug that into the far right micro usb port on the Pi Zero (the one furthermost away from the sd card slot) and you will need to put the micro sd card into the slot on the side.  If you do all this and power it on you will see a rainbow colored screen popup and then that will turn into a alot of scrolling text as the Pi zero makes all its system checks.  After the checks are done it will have a login prompt.  At this point you can disconnect the screen because you know everything is up and running or you can leave it in it doesn’t really matter.  For normal use it won’t be sitting connected to a screen it will just be plugged in somewhere in your home or office.

Connecting to the Pi

So you are probably wondering how you connect and install the software if you don’t have a keyboard and mouse connected to the Pi well you will connect via ssh from your laptop

or desktop computer. You will need a ssh client and I recommend putty because it’s just one executable. So run putty.exe and choose ssh as the type of connection and type in the ip address of the Pi you can find this on the screen that’s connected to the Pi or you can ping raspberrypi.local it to find out the address.

 

Logging into Pi with ssh

Once you have managed to connecton ssh you can login with the username pi and password is raspberry.  We recommend that you should change the password. To change your password you type passwd and follow the prompts as the picture shows below:

Changing pi password

Installing the Ad blocking software

Now that we have prepped the Pi, powered the Pi, and successfully connected to the Pi we are ready to install the software.

Copy or type the following text into the terminal:

curl -sSL https://install.pi-hole.net | bash

This will start installing the Pi hole software.

Pi Hole Software Installation

The install will take approximately 15 to 20 minutes to complete.

You will get prompted for some information along the way and for the most part you can just accept the defaults.

This is asking you for the upstream dns server, you can select one of these options, this dns server will serve ads that can’t be blocked for instance the ad at the start of the youtube videos.  The dns server will also provide access to your other content that you would usually use dns for ie translating IP addresses to web addresses.

This is a selection of IPv4 and IPv6 – most people use IPv4 and if you have never heard of IPv6 before just stick with the default setting.

The next selection is about the IP address of the Pi, you can either allow your router to set the address for you or you can set a custom address by selecting no.

After this it will ask you if you want a web interface for displaying blocked ad information – it also allows you to put in custom lists for blocking different types of websites, for instance blocking pornography and other illicit websites.  Even if you don’t want this you can always select yes and not access it.

At the end of the installation it will give you a password to access the management interface, I suggest that you write this down and save it in your notes somewhere.

Using your new Pi Hole

Once it has completed its installation you should take the IP address of the Pi hole and put it into your router or dhcp server as the dns server so that your wireless and lan clients can get their ads blocked too. For example in my Netgear Nighthawk Router I can set the dns address as shown below:

Changing DNS Server

The configuration and installation will all be saved now so you just need to leave you Pi-Hole device plugged into power somewhere within range of your wireless network and it will block all the ads for you.

To login to your web interface go to your http://<pihole address>/admin

and you should see something very similar to the following image:

Pi Hole Web Interface

Ok well now you can refresh the IP addresses on your devices, or reboot things that you can’t directly manage like the Television and lead a mostly ad free life.

 

Add a Comment

Your email address will not be published. Required fields are marked *