να δηλώσεις ως dns server το 8.8.8.8 στο pihole
και στο router σου να δηλώσεις ως dns server την IP του pihole
Εμφάνιση 16-30 από 224
Θέμα: Pi Hole
-
22-12-20, 19:03 Απάντηση: Pi Hole #16
-
22-12-20, 19:08 Απάντηση: Pi Hole #17
-
22-12-20, 23:39 Απάντηση: Pi Hole #18
Βάλε το domain που θες στην λίστα του Whitelist.
-
19-01-21, 15:34 Απάντηση: Pi Hole #19Κώδικας:
Pi-hole FTL v5.5 released – UPDATE TODAY In September 2020, the JSOF Research Lab discovered seven security vulnerabilities in dnsmasq. They named the set of vulnerabilities dnspooq. We’ve been in contact with them and, over the last couple of weeks, we’ve partnered and worked closely with Cisco, Red Hat and, Simon Kelley (the maintainer of dnsmasq) [the order of mentioning does not imply anything] to fix the discovered vulnerabilities. It was agreed upon to keep the discovered vulnerabilities private until fixes are published to allow our users adequate time to test and install updates before exploits are easily available. Today we release an important security update for the DNS and DHCP server dnsmasq working at the very heart of pihole-FTL. As usual, we want to ship security fixes as soon as possible. It is not yet clear when the major distributions will receive the new version and if the fixes will at all be backported into older OS releases. In this blog post, we provide a small write-up of the technical details for those that are interested. If not, you can simply update your Pi-hole using pihole -up to immediately receive and automatically apply the new security fixes without having to read anything here. The JSON research lab found that dnsmasq is vulnerable to a DNS cache poisoning attack by an off-path attacker (i.e., an attacker that does not observe the communication between the DNS forwarder and the DNS server). Their attack allowed for the poisoning of multiple domain names at once and is a result of several vulnerabilities found. The importance of this vulnerability is underlined by their demonstration of being able to complete such an attack successfully within only seconds (up to only a few minutes) without any special requirements on the configuration of the server. The attack is possible directly from the Internet and affects about 1 million (!) open dnsmasq instances. This is also again the point where we should point out that running an open resolver is a really bad idea and that accessing your Pi-hole over an encrypted channel (such as a Wireguard VPN) is fairly easy to set up and gives you a lot of extra benefits. In addition to the cache poisoning attack, JSOF research lab found a critical heap-buffer overflow vulnerability that could potentially lead to remote code execution. As the vulnerability resides in the early stages of DNSSEC validation, DNSSEC’s defense against DNS attacks is rendered ineffective. As Pi-hole always takes security very important, we have a few countermeasures always in place to mitigate such vulnerabilities. This ensures that – even if your Pi-hole would be taken over in such an attack – common attack like those from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid, cannot happen as our daemon can neither read nor change data from other users on the system. Further buffer-overflow vulnerabilities they found can “only” lead to DoS (denial of service) attacks taking your DNS resolution down. You can find the full technical report on their website: https://www.jsof-tech.com/disclosures/dnspooq The relevant changes to fix the vulnerabilities described above are nicely summarized in dnsmasq‘s CHANGELOG for version 2.83: Use the values of min-port and max-port in outgoing TCP connections to upstream DNS servers. Fix a remote buffer overflow problem in the DNSSEC code. Any dnsmasq with DNSSEC compiled in and enabled is vulnerable to this, referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687. Be sure to only accept UDP DNS query replies at the address from which the query was originated. This keeps as much entropy in the {query-ID, random-port} tuple as possible, to help defeat cache poisoning attacks. Refer: CVE-2020-25684. Use the SHA-256 hash function to verify that DNS answers received are for the questions originally asked. This replaces the slightly insecure SHA-1 (when compiled with DNSSEC) or the very insecure CRC32 (otherwise). Refer: CVE-2020-25685. Handle multiple identical near-simultaneous DNS queries better. Previously, such queries would all be forwarded of the query. The new behavior detects repeated queries and merely stores the clients sending repeats so that when the first query completes, the answer can be sent to all the clients who asked. Refer: CVE-2020-25686. Next to the update of the embedded dnsmasq, this release also contains a few other bug fixes plus some memory usage improvements. In addition, we also released two small bug fixes for Pi-hole Core and Web so all components can be updated.
-
21-01-21, 13:57 Απάντηση: Pi Hole #20
Καλημερα σας,
Θυμιστε μου σε ποιο μενου στο pi-hole πρεπει να βαλω καποια συκσευη ( ταβλετ γυναικας) που θελει να παιρνει ζωες στα παιχνιδια που παιζει απο τις διαφημισεις.
-
09-12-21, 10:28 Απάντηση: Pi Hole #21
Καλημερα σας,
Δεν μου κανει τοFTLv5.8.1·Update available!
Τι κανω μετα??
pi@raspberrypi:~ $ pihole -up
[i] Checking for updates...
[i] Pi-hole Core: up to date
[i] Web Interface: up to date
[i] FTL: update available
[i] FTL out of date, it will be updated by the installer.
[✓] Root user check
.;;,.
.ccccc:,.
:cccclll:. ..,,
:ccccclll. ;ooodc
'ccll:;ll .oooodc
.;cll.;;looo:.
.. ','.
.',,,,,,'.
.',,,,,,,,,,.
.',,,,,,,,,,,,....
....''',,,,,,,'.......
......... .... .........
.......... ..........
.......... ..........
......... .... .........
........,,,,,,,'......
....',,,,,,,,,,,,.
.',,,,,,,,,'.
.',,,,,,'.
..'''.
[✗] Update local cache of available packages
Error: Unable to update package cache. Please try "sudo apt-get update"
Unable to complete update, please contact Pi-hole Support
pi@raspberrypi:~ $ pi@raspberrypi:~ $ sudo apt-get update
-bash: pi@raspberrypi:~: command not found
pi@raspberrypi:~ $ sudo apt-get update
Get:1 http://archive.raspberrypi.org/debian buster InRelease [32.6 kB]
Get:2 http://raspbian.raspberrypi.org/raspbian buster InRelease [15.0 kB]
Reading package lists... Done
E: Repository 'http://raspbian.raspberrypi.org/raspbian buster InRelease' changed its 'Suite' value from 'stable' to 'oldstable'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
E: Repository 'http://archive.raspberrypi.org/debian buster InRelease' changed its 'Suite' value from 'testing' to 'oldstable'
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.
pi@raspberrypi:~ $
-
09-12-21, 10:51 Απάντηση: Pi Hole #22
Αν δεν κανω λαθος γραψε
Κώδικας:sudo apt-get update --allow-releaseinfo-change
απο ΕΔΩ
-
25-12-21, 12:01 Απάντηση: Το thread του Raspberry Pi #23CPU: Intel Core I7 920@2,66Ghz,GPU: nVidia Asus ENGTS 250/DI/CUBA 512MD3 ,RAM:3x1GΒ Corsair TR3G1333 PC3@1333Mhz, PSU: Thermaltake 650W,Μοtherboard: Asus P6TD DELUXE, CASE: CoolerMaster ENTURION
-
25-12-21, 12:22 Απάντηση: Το thread του Raspberry Pi #24
-
25-12-21, 13:20 Απάντηση: Το thread του Raspberry Pi #25
-
25-12-21, 13:41 Απάντηση: Το thread του Raspberry Pi #26
-
29-12-21, 09:41 Απάντηση: Το thread του Raspberry Pi #27
Καλημέρα
Μια σχετική ερώτηση με το pihole.
Υπάρχουν πολλές περιπτώσεις αναζήτησης στο google με την ένδειξη διαφήμιση που όταν κάνω κλικ δεν ανοίγει η σελίδα.
Εκεί λοιπόν υπάρχει "γκρίνια" "τι έκανες πάλι" και τα σχετικά.
Πως μπορούμε αυτό να το παρακάμψουμε;
Δοκίμασα την whitelist χωρίς επιτυχία.
Έχετε κάποιο παράδειγμα να το δοκιμάσω;CPU: Intel Core I7 920@2,66Ghz,GPU: nVidia Asus ENGTS 250/DI/CUBA 512MD3 ,RAM:3x1GΒ Corsair TR3G1333 PC3@1333Mhz, PSU: Thermaltake 650W,Μοtherboard: Asus P6TD DELUXE, CASE: CoolerMaster ENTURION
-
29-12-21, 10:19 Απάντηση: Το thread του Raspberry Pi #28
-
29-12-21, 10:29 Απάντηση: Το thread του Raspberry Pi #29CPU: Intel Core I7 920@2,66Ghz,GPU: nVidia Asus ENGTS 250/DI/CUBA 512MD3 ,RAM:3x1GΒ Corsair TR3G1333 PC3@1333Mhz, PSU: Thermaltake 650W,Μοtherboard: Asus P6TD DELUXE, CASE: CoolerMaster ENTURION
-
29-12-21, 10:48 Απάντηση: Το thread του Raspberry Pi #30
Ανοιξε το web interface του pihole
πηγαινε στο Group Management -> Adlists
Πανω αριστερα που λεει Address
βαλε ενα ενα τα παρακατω και πατα το μπλε κουμπ "Add" που ειναι δεξια.
https://raw.githubusercontent.com/0Z...r/easylist.txt
https://raw.githubusercontent.com/0Z...asyprivacy.txt
https://pgl.yoyo.org/adservers/serve...stformat=plain
https://curben.gitlab.io/malware-fil...er-domains.txt
στη συνχεια πηγαινε στο Tools -> Upgrade gravity
και πατα το μεγαλο κουμπι Update.
Με αυτο το τροπο θα προσθεσεις μερικες χιλιαδες ακομα domains για μπλοκαρισμα και θεωρητικα θα κοπουν και οι διαφημισεις της google στο search.Τελευταία επεξεργασία από το μέλος panoc : 29-12-21 στις 11:01.
Bookmarks