Ad-blocking with DD-WRT

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3 ... 9, 10, 11 ... 17, 18, 19  Next
Author Message
strfr
DD-WRT User


Joined: 21 Jan 2008
Posts: 192

PostPosted: Tue Aug 12, 2008 4:53    Post subject: Reply with quote
sorry man but is not it doubled by mistake? seems to me like two identical repeating scripts...
Sponsor
darthn
DD-WRT Novice


Joined: 28 Jul 2008
Posts: 37

PostPosted: Tue Aug 12, 2008 4:55    Post subject: Reply with quote
Whoops, fixed. Ctrl+V happy.
Corrected below.
Code:
logger WAN UP Script Executing
sleep 5
test -s /tmp/dlhosts
if [ $? == 1 ] ; then
echo -e "#!/bin/sh\nwget -O - http://www.mvps.org/winhelp2002/hosts.txt | grep 127.0.0.1 | tr -d '\015\032' | sed -e '2,\$s/127.0.0.1/0.0.0.0/g' -e 's/[[:space:]]*#.*$//' -e '2,\$s/0.0.0.0  localhost$/127.0.0.1  localhost/g' -e '2,\$s/0.0.0.0  pagead.*.googlesyndication.com//g' | grep 0.0 > /tmp/hosts\nlogger DOWNLOADED http://www.mvps.org/winhelp2002/hosts.txt\nkillall -1 dnsmasq" > /tmp/dlhosts
chmod 777 /tmp/dlhosts
/tmp/dlhosts
fi
ln -s /tmp/hosts /etc/hosts
echo "45 23 * * 5 root /tmp/dlhosts" >> /tmp/crontab
gene
DD-WRT Guru


Joined: 28 Dec 2007
Posts: 619

PostPosted: Tue Aug 12, 2008 14:23    Post subject: Reply with quote
someone needs to make this post a sticky please.
strfr
DD-WRT User


Joined: 21 Jan 2008
Posts: 192

PostPosted: Tue Aug 12, 2008 15:49    Post subject: Reply with quote
agree, very useful..
Cyfun
DD-WRT Novice


Joined: 16 Jun 2006
Posts: 16

PostPosted: Wed Aug 13, 2008 6:52    Post subject: Reply with quote
I second that. It's been running great with the latest build, and appears to be updating properly.
kardzzz
DD-WRT Novice


Joined: 05 Aug 2008
Posts: 11

PostPosted: Wed Aug 13, 2008 21:52    Post subject: This is a 'must have' code for unwanted traffic Reply with quote
Guys,
My WRT54GL is running DD-WRT v24 RC-5 (11/22/07) std.

I have read through this whole thread and went with the code nick696 posted and it works perfectly.
Full instructions below. I hope he doesn't mind me re-posting.


This is my in the startup section:
Code:

logger WAN UP Script Executing
sleep 5
test -s /tmp/dlhosts
if [ $? == 1 ] ; then
echo -e "#!/bin/sh\nwget -O - http://www.mvps.org/winhelp2002/hosts.txt | grep 127.0.0.1 | tr -d '\015\032' | sed -e '2,\$s/127.0.0.1/0.0.0.0/g' -e 's/[[:space:]]*#.*$//' > /tmp/hosts\nlogger DOWNLOADED http://www.mvps.org/winhelp2002/hosts.txt\nkillall -1 dnsmasq" > /tmp/dlhosts
chmod 777 /tmp/dlhosts
/tmp/dlhosts
fi
ln -s /tmp/hosts /etc/hosts
echo "45 23 * * 5 root /tmp/dlhosts" >> /tmp/crontab


this is the script in the firewall section:
Code:

/tmp/dlhosts


I have:
1. In Basic Setup.
Use DNSMasq for DHCP - ENABLED
Use DNSMasq for DNS - ENABLED
DHCP-Authoritative - ENABLED

2. In services.
DNSMasq - Enable
Local DNS - Enable



THIS THREAD SHOULD BE PINNED.
Thanks all for the help; I now get to surf faster.
gene
DD-WRT Guru


Joined: 28 Dec 2007
Posts: 619

PostPosted: Sun Aug 17, 2008 12:05    Post subject: Reply with quote
bump, someone please pin this
RCShadows
DD-WRT User


Joined: 17 Aug 2008
Posts: 437

PostPosted: Sun Aug 17, 2008 13:35    Post subject: Reply with quote
I posted this script on another forum and got asked a question that I have not seen addressed here.

What are the risks involved with this? Can the person that makes the hosts.txt file exploit it somehow to compremise your network? Are there any other risks besides this?

My thanks in advance.

Chris
gene
DD-WRT Guru


Joined: 28 Dec 2007
Posts: 619

PostPosted: Sun Aug 17, 2008 13:49    Post subject: Reply with quote
RCShadows wrote:
I posted this script on another forum and got asked a question that I have not seen addressed here.

What are the risks involved with this? Can the person that makes the hosts.txt file exploit it somehow to compremise your network? Are there any other risks besides this?

My thanks in advance.

Chris


yea, that has been bugging me in the back of my mind, I do see that as a risk. all the hosts file does is short circut the DNS look-up process and resolve the web name -> IP translation process locally. it could very well be directing you to a bogus address....so, yes, that is a risk IMO.

quoted from the website in question here:

"
What it does ...
The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory (cache) at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local (your) machine. Another feature of the HOSTS file is its ability to block other applications from connecting to the Internet, providing the entry exists.
"

you can go directly to the web site and judge for your self if the site warrants your trust
RCShadows
DD-WRT User


Joined: 17 Aug 2008
Posts: 437

PostPosted: Sun Aug 17, 2008 15:53    Post subject: Reply with quote
I actually did one better. I contacted the owner of the web site that produces the hosts.txt file. Here is my email to him. This is actually my second email to him, hence the first sentence.

"Mike,

I appreciate the reply. I wanted to see if you could help with a subject that got brought up in this thread...

http://s8.zetaboards.com/emachineupgraders/topic/8015389/1/#new

The poster after my post was asking about risks, what they are, and if it warranted any concern. The original thread where I actually got the code for this is on the DD-WRT forum here...

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=20346&start=135

I posted a reply in the thread directly above asking the same type question to see if I could get any input.

I appreciate what you have done and hope you will address this concern in these forums to put not only my mind, but others minds at rest.

Many thanks again.

Chris"

I hope that Mike chimes in on this thread to ease any issues and/or concerns anyone has with this subject.

Chris
darthn
DD-WRT Novice


Joined: 28 Jul 2008
Posts: 37

PostPosted: Sun Aug 17, 2008 17:51    Post subject: Re: This is a 'must have' code for unwanted traffic Reply with quote
kardzzz wrote:
2. In services.
DNSMasq - Enable
Local DNS - Enable


Just a suggestion. I recommend using OpenDNS as your DNS Server and not using Local DNS.
RCShadows
DD-WRT User


Joined: 17 Aug 2008
Posts: 437

PostPosted: Mon Aug 18, 2008 14:57    Post subject: Reply with quote
I wish I had better news but Mike sent a reply about his hosts.txt file and all he said was it is safe and if this issue is router related he couldn't help.

I guess we each have to decide if it is best-practice or not to use his file.

I appreciate the responses...I tried : \

Chris
Mibz
DD-WRT Novice


Joined: 02 Jul 2008
Posts: 35

PostPosted: Mon Aug 18, 2008 17:58    Post subject: Reply with quote
As long as you're only applying the lines that start with "127.0.0.1" then there's no risk whatsoever. The worst that happens is you'll get a 403 for sites that you actually want to visit.
RCShadows
DD-WRT User


Joined: 17 Aug 2008
Posts: 437

PostPosted: Mon Aug 18, 2008 18:05    Post subject: Reply with quote
Thanks Mibz...and to the others that have made posts.

What my feeling is, to make the bullet proof, would be to write a little check program to validate the file before it gets applied to the router.

Does anyone know if code could be used at the router level to check this? I am a programmer but know nothing about the router environment and thus would not be very effective.

Thoughts?

Chris
Mibz
DD-WRT Novice


Joined: 02 Jul 2008
Posts: 35

PostPosted: Mon Aug 18, 2008 18:50    Post subject: Reply with quote
RCShadows wrote:
Thanks Mibz...and to the others that have made posts.

What my feeling is, to make the bullet proof, would be to write a little check program to validate the file before it gets applied to the router.

Does anyone know if code could be used at the router level to check this? I am a programmer but know nothing about the router environment and thus would not be very effective.

Thoughts?

Chris
A check would be redundant and/or useless. If you're validating individual entries, well the scripts above already do it in such a way that no harm can come from an error. If you're validating the file to confirm it came from MVP, well it doesn't matter if it comes from MVP if MVP is the one to screw people over.

I understand that it's better to be safe than sorry, but the only extra security you could really add is to give the file a once-over with your own eyes.
Goto page Previous  1, 2, 3 ... 9, 10, 11 ... 17, 18, 19  Next Display posts from previous:    Page 10 of 19
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum