Category: Internet

Pi Hole – Not upgrading (pihole -up)

Recently Pi Hole issued an update to there web front end, unfortunately every time I ran the command pihole -up I was getting an error message:

Unable to find remote helper for 'https'

I was struggling to find any help on the web about this error but stumbled on an old article regarding git cloning failing in a similar way, knowing that Pi Hole uses git I ran the following commands:

sudo apt-get remove git

and this command to re-install git and any missing components:

sudo apt-get install git-all

After this I re-issued the command pihole -up and was successfully able to update it to the latest.

pi@pihole:~ $ pihole -up
[i] Checking for updates...
[i] Pi-hole Core: up to date
[i] Web Interface: update available
[i] FTL: up to date

Hey Presto!

New – Pi Hole Setup 2021

Heres a quick guide to my new Pi Hole setup and Block list.

Step One: Download Raspberry Pi OS Lite and extract to a 4GB SD Card (More Space the Better) I used Raspberry Pi own imager https://www.raspberrypi.org/software/

Step Two: Update the repositories  using the command: sudo apt update

Step Three: Configure your Raspberry Pi with a static IP address: sudo nano /etc/dhcpcd.conf

uncomment the following lines and edit to suit your network

interface eth0
static ip_address=192.168.0.252/24    
static routers=192.168.0.1
static domain_name_servers=192.168.0.1 1.1.1.1

Step Four: Install Unbound: sudo apt install unbound

Install DNS Root hits by running this command: wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints

Edit Unbound configure by using the following command: sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf

Copy and paste the below text:

server:

    # If no logfile is specified, syslog is used

    # logfile: “/var/log/unbound/unbound.log”

    verbosity: 0

    interface: 127.0.0.1

    port: 5335

    do-ip4: yes

    do-udp: yes

    do-tcp: yes

    # May be set to yes if you have IPv6 connectivity

    do-ip6: no

    # You want to leave this to no unless you have *native* IPv6. With 6to4 and

    # Terredo tunnels your web browser should favor IPv4 for the same reasons

    prefer-ip6: no

    # Use this only when you downloaded the list of primary root servers!

    # If you use the default dns-root-data package, unbound will find it automatically

    #root-hints: “/var/lib/unbound/root.hints”

    # Trust glue only if it is within the server’s authority

    harden-glue: yes

    # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS

    harden-dnssec-stripped: yes

    # Don’t use Capitalization randomization as it known to cause DNSSEC issues sometimes

    # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details

    use-caps-for-id: no

    # Reduce EDNS reassembly buffer size.

    # Suggested by the unbound man page to reduce fragmentation reassembly problems

    edns-buffer-size: 1472

    # Perform prefetching of close to expired message cache entries

    # This only applies to domains that have been frequently queried

    prefetch: yes

    # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.

    num-threads: 1

    # Ensure kernel buffer is large enough to not lose messages in traffic spikes

    so-rcvbuf: 1m

    # Ensure privacy of local IP ranges

    private-address: 192.168.0.0/16

    private-address: 169.254.0.0/16

    private-address: 172.16.0.0/12

    private-address: 10.0.0.0/8

    private-address: fd00::/8

    private-address: fe80::/10

Once the above text has been copied and paste save the file by pressing Ctrl + X and choose Y (Yes) to save.

Step 5: Install Pi Hole by running the following command:

curl -sSL https://install.pi-hole.net | bash

Setup is pretty simple nexting through the installation but when choosing an Up-Stream DNS provide select Custom and type in the following:

127.0.0.1#5335

This completes the first part of the installation, lets move onto AD List (Blocklist)

https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt

https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts

https://v.firebog.net/hosts/static/w3kbl.txt

https://raw.githubusercontent.com/matomo-org/referrer-spam-blacklist/master/spammers.txt

https://someonewhocares.org/hosts/zero/hosts

https://raw.githubusercontent.com/VeleSila/yhosts/master/hosts

https://winhelp2002.mvps.org/hosts.txt

https://v.firebog.net/hosts/neohostsbasic.txt

https://raw.githubusercontent.com/RooneyMcNibNug/pihole-stuff/master/SNAFU.txt

https://paulgb.github.io/BarbBlock/blacklists/hosts-file.txt

https://adaway.org/hosts.txt

https://v.firebog.net/hosts/AdguardDNS.txt

https://v.firebog.net/hosts/Admiral.txt

https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt

https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt

https://v.firebog.net/hosts/Easylist.txt

https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext

https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts

https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts

https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts

https://v.firebog.net/hosts/Easyprivacy.txt

https://v.firebog.net/hosts/Prigent-Ads.txt

https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts

https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt

https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt

https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt

https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt

https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt

https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt

https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/AmazonFireTV.txt

https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt

https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt

https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt

https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt

https://v.firebog.net/hosts/Prigent-Crypto.txt

https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt

https://phishing.army/download/phishing_army_blocklist_extended.txt

https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt

https://v.firebog.net/hosts/Shalla-mal.txt

https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt

https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts

https://urlhaus.abuse.ch/downloads/hostfile/

https://v.firebog.net/hosts/Prigent-Malware.txt

https://raw.githubusercontent.com/HorusTeknoloji/TR-PhishingList/master/url-lists.txt

https://blocklist.site/app/dl/youtube

UniFi G3-Flex using Different SUBNET/VLAN (UniFi Protect)

How I resolved my issue with running UniFi Protect and UniFi’s G3-Flex cameras in different subnets.

 

Previously I had been running UniFi Video inside a VM which lived in the same subnet as my cameras with no trouble, since upgrading to UniFi Protect I had no choice but to put the nvr outside my cameras network (as the nvr also acts as my controller for my WiFi).

 

I wanted to keep my cameras on their own network as I can firewall this off so that anyone plugging in a device other than a camera won’t be able to get on my internal lan.

But removing firewall, enabling MDNS wouldn’t let my nvr see the camera, I also reset the camera to factory defaults, by chance I logged onto the webpage of my camera using the default user name and password “ubnt” and manually added the IP of my new nvr under the UniFi Video server and hey presto the camera appeared on in UniFi Protect.

PiHole Block List

PiHole Blocklist as of 04/08/2019

Copy and Paste the below list into your Block list.

https://blocklist.site/app/dl/malware
https://blocklist.site/app/dl/piracy
https://blocklist.site/app/dl/ransomware
https://blocklist.site/app/dl/redirect
https://blocklist.site/app/dl/spam
https://blocklist.site/app/dl/tracking
https://blocklist.site/app/dl/facebook
https://blocklist.site/app/dl/youtube
https://blocklist.site/app/dl/crypto
https://blocklist.site/app/dl/fraud
https://blocklist.site/app/dl/gambling
https://blocklist.site/app/dl/porn
https://blocklist.site/app/dl/phishing
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts