Category: Security

Pi Hole – Not upgrading (pihole -up)

Recently Pi Hole issued an update to there web front end, unfortunately every time I ran the command pihole -up I was getting an error message:

Unable to find remote helper for 'https'

I was struggling to find any help on the web about this error but stumbled on an old article regarding git cloning failing in a similar way, knowing that Pi Hole uses git I ran the following commands:

sudo apt-get remove git

and this command to re-install git and any missing components:

sudo apt-get install git-all

After this I re-issued the command pihole -up and was successfully able to update it to the latest.

pi@pihole:~ $ pihole -up
[i] Checking for updates...
[i] Pi-hole Core: up to date
[i] Web Interface: update available
[i] FTL: up to date

Hey Presto!

Netatmo Smart Video Doorbell – Review

My reason for choosing Netatmo Smart Video Doorbell over the other competition is that it has a wide compatibility with other eco systems and no hidden surcharges. Being an Apple user even today still limits you to devices that have full compatibility all round but when Amazon had a sale of this device I snapped it up – stock at the moment seem very erratic and im not sure if this is done on purpose or not – anyway I digress.

This door bell integrates with Apple and more importantly for me with the Apple TV, when a person rings the bell a notification comes on my TV and video is played, in addition to this my Homepod chimes and a notification with picture and video sent to my watch, perfect! and this all seem pretty responsive.

In the box you get:

Stickers to place on the property to disclose that people entering the property are being recorded however only one sticker is provided (not that anyone would use an ugly sticker)

Backing plate and angled bracket for different mounting options – ABS plastic 🙁

Template for drilling holes – although no spirit level like you seen on other youtube videos

SD Card pre-installed Great! (although mine again came with a smaller card than other reviewers)

Security screw and screw driver

Homekit badge to allow you to scan in to your Apple device

Chime adapter

Spare fuse

Raw plugs and mounting screws

What you don’t get:

Chime

Transformer

Clear instructions

 

This product claims to be easy to fit and as a single device it is, but wiring it up to a chime left me a little confused, they are examples of what the product is compatible with on the website ( https://check.netatmo.com/en-us/security/doorbell/question/requirement ) but the instructions still a little vague. So I decided to setup the doorbell off the wall before mounting.

 

I wired up the doorbell and straight away it came to life and a little light flashes green and you need to wait for this to turn white.

In the app you can then begin to setup the WiFi, here is where I ran into problems. My WiFi is setup for two networks my main WiFi and my IoT devices, I wanted my Doorbell to live in the IoT network – this hasn’t been a problem with my other Netatmo devices such as the Smoke Alarm but the Doorbell refused to connect.

However after several attempts and re-setting the device using the small reset button on the back of the device – it finally connected.

Next issue – WiFi strength.

My house uses the Ubiquiti WiFi with excellent coverage, however the device reports weak signal even though phones and other devices in the same place report excellent, I have tried all different channels, Signal strengths and my only solution was to install a second access point. This has improved the strength however I would say it might as well be hardwired as the AP is virtually next to the doorbell. I will continue to investigate and hope that this is just a firmware issue.

Quality:

The doorbell it self feels well engineered and the main button positive to the touch, you know where exactly where to press unlike some of the cheaper models, I was a little disappointed however in how the doorbell attaches to the angled bracket, only being held in place with small self tapping screws into abs plastic. Also the backing plate which is optional for installation but I used as it hides the bell wire better on my property isn’t very secure, I think this doorbell is really meant to be installed straight on a brick work where the cables pass directly behind it.

Video & Audio:

I have to say I’m happy with the quality of the video, my front door faces southwest so in the morning get sun light which can cause flares and the camera deals with this perfectly. Night vision is not bad also, however i have found the infrared lights flash which cause my other CCTV camera to pick up on, not sure why it flashes maybe power issue.

The audio is decent too, don’t get me wrong its no Sonos or Apple hompod quality but decent enough, the microphone does however pickup on wind noise which is distracting but clear other than that.

Other Issues:

Within the app you are given option to backup to an FTP server or Dropbox , this is a great feature as you know that you video is stored in two places if one fails and if you have Secure video from Apple a third place, again I was met with problems, FTP just would not work – tested with different clients to make sure that no fault of mine but it just would not work, but I’m glad to report Dropbox was a quick and easy option to setup.

Conclusion:

Would I buy the product knowing what I know: Yes its about the only option at the moment that ticks the boxes for me and I hope that the other issue can be worked out through software or firmware, I would say my overall opinion is I hope they bring out updated version which fixes my other concerns but other than that it is decent bit of kit.

Pros:

No Hidden surcharges

Local and Remote storage options

Compatible with other smart operators

Video Quality

SD-Card included

Homekit support

Responsive

If you loose power it continues to work for a little while as long as your wifi is still working

Cons:

Weak WiFi

WiFi Setup requiring several attempts

App a little clunky

Use with the angled bracket doesn’t feel as secure to the wall

New – Pi Hole Setup 2021

Heres a quick guide to my new Pi Hole setup and Block list.

Step One: Download Raspberry Pi OS Lite and extract to a 4GB SD Card (More Space the Better) I used Raspberry Pi own imager https://www.raspberrypi.org/software/

Step Two: Update the repositories  using the command: sudo apt update

Step Three: Configure your Raspberry Pi with a static IP address: sudo nano /etc/dhcpcd.conf

uncomment the following lines and edit to suit your network

interface eth0
static ip_address=192.168.0.252/24    
static routers=192.168.0.1
static domain_name_servers=192.168.0.1 1.1.1.1

Step Four: Install Unbound: sudo apt install unbound

Install DNS Root hits by running this command: wget https://www.internic.net/domain/named.root -qO- | sudo tee /var/lib/unbound/root.hints

Edit Unbound configure by using the following command: sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf

Copy and paste the below text:

server:

    # If no logfile is specified, syslog is used

    # logfile: “/var/log/unbound/unbound.log”

    verbosity: 0

    interface: 127.0.0.1

    port: 5335

    do-ip4: yes

    do-udp: yes

    do-tcp: yes

    # May be set to yes if you have IPv6 connectivity

    do-ip6: no

    # You want to leave this to no unless you have *native* IPv6. With 6to4 and

    # Terredo tunnels your web browser should favor IPv4 for the same reasons

    prefer-ip6: no

    # Use this only when you downloaded the list of primary root servers!

    # If you use the default dns-root-data package, unbound will find it automatically

    #root-hints: “/var/lib/unbound/root.hints”

    # Trust glue only if it is within the server’s authority

    harden-glue: yes

    # Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS

    harden-dnssec-stripped: yes

    # Don’t use Capitalization randomization as it known to cause DNSSEC issues sometimes

    # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details

    use-caps-for-id: no

    # Reduce EDNS reassembly buffer size.

    # Suggested by the unbound man page to reduce fragmentation reassembly problems

    edns-buffer-size: 1472

    # Perform prefetching of close to expired message cache entries

    # This only applies to domains that have been frequently queried

    prefetch: yes

    # One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.

    num-threads: 1

    # Ensure kernel buffer is large enough to not lose messages in traffic spikes

    so-rcvbuf: 1m

    # Ensure privacy of local IP ranges

    private-address: 192.168.0.0/16

    private-address: 169.254.0.0/16

    private-address: 172.16.0.0/12

    private-address: 10.0.0.0/8

    private-address: fd00::/8

    private-address: fe80::/10

Once the above text has been copied and paste save the file by pressing Ctrl + X and choose Y (Yes) to save.

Step 5: Install Pi Hole by running the following command:

curl -sSL https://install.pi-hole.net | bash

Setup is pretty simple nexting through the installation but when choosing an Up-Stream DNS provide select Custom and type in the following:

127.0.0.1#5335

This completes the first part of the installation, lets move onto AD List (Blocklist)

https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt

https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts

https://v.firebog.net/hosts/static/w3kbl.txt

https://raw.githubusercontent.com/matomo-org/referrer-spam-blacklist/master/spammers.txt

https://someonewhocares.org/hosts/zero/hosts

https://raw.githubusercontent.com/VeleSila/yhosts/master/hosts

https://winhelp2002.mvps.org/hosts.txt

https://v.firebog.net/hosts/neohostsbasic.txt

https://raw.githubusercontent.com/RooneyMcNibNug/pihole-stuff/master/SNAFU.txt

https://paulgb.github.io/BarbBlock/blacklists/hosts-file.txt

https://adaway.org/hosts.txt

https://v.firebog.net/hosts/AdguardDNS.txt

https://v.firebog.net/hosts/Admiral.txt

https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt

https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt

https://v.firebog.net/hosts/Easylist.txt

https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext

https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts

https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts

https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts

https://v.firebog.net/hosts/Easyprivacy.txt

https://v.firebog.net/hosts/Prigent-Ads.txt

https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts

https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt

https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt

https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt

https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt

https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt

https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt

https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/AmazonFireTV.txt

https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt

https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt

https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt

https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt

https://v.firebog.net/hosts/Prigent-Crypto.txt

https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt

https://phishing.army/download/phishing_army_blocklist_extended.txt

https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt

https://v.firebog.net/hosts/Shalla-mal.txt

https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt

https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts

https://urlhaus.abuse.ch/downloads/hostfile/

https://v.firebog.net/hosts/Prigent-Malware.txt

https://raw.githubusercontent.com/HorusTeknoloji/TR-PhishingList/master/url-lists.txt

https://blocklist.site/app/dl/youtube

UniFi G3-Flex using Different SUBNET/VLAN (UniFi Protect)

How I resolved my issue with running UniFi Protect and UniFi’s G3-Flex cameras in different subnets.

 

Previously I had been running UniFi Video inside a VM which lived in the same subnet as my cameras with no trouble, since upgrading to UniFi Protect I had no choice but to put the nvr outside my cameras network (as the nvr also acts as my controller for my WiFi).

 

I wanted to keep my cameras on their own network as I can firewall this off so that anyone plugging in a device other than a camera won’t be able to get on my internal lan.

But removing firewall, enabling MDNS wouldn’t let my nvr see the camera, I also reset the camera to factory defaults, by chance I logged onto the webpage of my camera using the default user name and password “ubnt” and manually added the IP of my new nvr under the UniFi Video server and hey presto the camera appeared on in UniFi Protect.

PiHole Block List

PiHole Blocklist as of 04/08/2019

Copy and Paste the below list into your Block list.

https://blocklist.site/app/dl/malware
https://blocklist.site/app/dl/piracy
https://blocklist.site/app/dl/ransomware
https://blocklist.site/app/dl/redirect
https://blocklist.site/app/dl/spam
https://blocklist.site/app/dl/tracking
https://blocklist.site/app/dl/facebook
https://blocklist.site/app/dl/youtube
https://blocklist.site/app/dl/crypto
https://blocklist.site/app/dl/fraud
https://blocklist.site/app/dl/gambling
https://blocklist.site/app/dl/porn
https://blocklist.site/app/dl/phishing
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts