1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ALL-U-NEED Ad Blocking

Discussion in 'Tomato Firmware' started by srouquette, Nov 6, 2010.

  1. srouquette

    srouquette LI Guru Member


    ALL-U-NEED Ad Blocking v3.9e
    Based on YAQUI's Adblocking Script


    Other Adblock script:
    http://www.linksysinfo.org/index.php?threads/script-clean-lean-and-mean-adblocking.68464/



    Place this script under Administration > Scripts > WAN Up tab, then save and reboot.
    You can generate the encoded part in this script with the second script under this one.
    Code:
    ## ALL-U-NEED Ad Blocking v3.9e
    ## http://goo.gl/mhykQ
    ## Original script by YAQUI
    ## Updated by ~nephelim~, Syl, jochen, groosh, ng12345, ray123, mstombs
    ## base64 decoder by Danny Chouinard's
    
    sleep 10
    
    ADB="/tmp/ADBLOCK.sh"
    {
    cat <<'ENDF' >$ADB
    #!/bin/sh
    
    OPTIMISE="Y"
    GETS="1 2 3 4"
    TRIM_BEGIN=3
    S1="http://pgl.yoyo.org/as/serverlist.php?hostformat=nohtml"  #44K
    S2="http://mirror1.malwaredomains.com/files/justdomains"    #189K
    S3="http://www.malwaredomainlist.com/hostslist/hosts.txt"   #97K
    S4="http://winhelp2002.mvps.org/hosts.txt"              #620K
    S5="http://hosts-file.net/hphosts-partial.asp"              #460K
    S6="http://hostsfile.mine.nu/Hosts"                         #2641K
    S7="http://support.it-mate.co.uk/downloads/hosts.txt"       #3851K
    
    USEWHITELIST="Y" # N/Y/R for remote
    WURL="http://example.com/whitelist.txt"
    WHITE="intel.com"
    BLACK=""
    
    USEPIXELSERV="N"
    PXL_IP=192.168.1.2
    PXL_EXE="/tmp/pixelserv"
    PXL_URL="http://example.com/pixelserv"
    
    UPLOAD="N"
    FTP_SERVER="example.com"
    FTP_USER=""
    FTP_PASS=""
    FTP_PORT=21
    FTP_PATH="/gen"
    
    ADD_CONF="N"
    USEHOSTS="N"
    ROUTER="Y"
    
    NIP="0.0.0.0"
    
    ENDF
    }
    
    UPDATE="Y"
    AUP() {
    if [[ "$UPDATE" == "Y" ]] ; then
    if [[ "$(cru l | grep AdUpd | cut -d '#' -f2)" != "AdUpd" ]] ; then
    cru a AdUpd "0 4 * * * $ADB"
    fi
    fi
    }
    
    #### DO NOT EDIT BELOW ####
    
    b64="openssl enc -base64 -d"
    [[ "$(echo WQ==|$b64)" != "Y" ]] && b64="b64" 
    
    b64(){
    awk 'BEGIN{b64="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"}
    {for(i=1;i<=length($0);i++){c=index(b64,substr($0,i,1));if(c--)
    for(b=0;b<6;b++){o=o*2+int(c/32);c=(c*2)%64;if(++obc==8){if(o)
    {printf"%c",o}else{system("echo -en \"\\0\"")}obc=o=0}}}}';}
    
    {
    cat <<'ENDF'| $b64 |gunzip >>$ADB
    H4sIAJn5fk4CA61Xe2/aSBD/359iuvHFkKsx5Jq7KtSRCI+ASgCBc+kpJBG1F1gV
    bGo7j17od7/ZWRsMJG2kXpMq693Zmd+8Zyv9s4Gt72ln9Y7NrHi+sCbcZ5pz3ks+
    Yz5fMK3a7TSSDTfwx0xrdgfOINmZBlEcMe2y0WrXk62HqYg50/CfGMPVFegVlANv
    bCjC9TUsl3KP6blFBEuYhHwBJgfDNCVvI90y/OBz4H0z8gxsGxjDm2WIp9zXwjmY
    Y9ARc2HuHWU/Z6Mo1sZCCq62+7k8PGVO0yUqly6lXuma8Gvf5d3epzbdVeCZfjGo
    91qf6u1Bvf+3QvNPBo6iegPmI+h487b+qb4+fJjwGMzu+oQWF/225k7ngQe/ry9J
    4GIsbSAm8DksHhfVUau3ApJbCC8Yw0I88lnEw/sd22zJafXA9CWvMkQzjkYtQRnk
    VYAvYjYDc9A6uxj0S7DLuQwE55VytVkwmfAQKrXTdrf6Eer9frd/DO7I94MYongU
    xuvbmvyj8fvRDFin1bMTqEwaAH/JBZ0qeeCiU6s37KI2DkIQIHzpSGdQBi8AxeAu
    nNlsqA90wUDrlWw9x91pADruLyHiHhjR8mYax4ur6Prg2LKubqzrg2HOKhwM8/py
    WFoaea3582vDnLqYx4vpNYnpUWIqwSH8ITFpsZjzlBeGNGvWKzX0RAmajtOzSoXS
    MBz6TcyXY9Cb9FENfJ+7sQh8tNYsiLjcZEvNd8F8gCNJBu+LS5UkAtoY4OZ54Imx
    4N7xMg7B9IANQ5YnX6GrJAQmU016JwmKzyEffSGHeoHPNyntDUpl7xLRKotIqpMT
    yi6fPygGioNOxKjnV7RAymArGYmRIs9up+TaeU3aHrM4upuvj5fuXUyK4Y85LuUB
    6Q636BDMLlmiGXJViuHqcKXcVowegx+AOx35Ex5BJHyXA0GTCr8F/ihi4U8K2eoi
    9Zf7SZzO77MnmQJEAez0W+cUwjKaTIH1TYus4R6Gj2Xh6qZ0+NewUKTf0hUM4+sD
    2lfLhOb4OHs0C9zRTBZbeWrd6JZnqGJG8moDkrabKDt5Iq1EZUlGu6xNJpbcdSTB
    CXGFjeqmCzAnHA9Qq9vT+lmrsy45cg/I0e4oVndPTlTF3ba4lKiy/4f1IgWnpRGr
    LDpwcvknDIWjzVDYDoMEcqZFyKazv0964G0ZGXqOsCbneVLmF4IEm02ZvpLSRpmD
    ok5WTSqta+3LprPdWy6bLafebg2c3d4i3RlhLyWPEh0aJAkpYFZatiTJUpUta1iw
    hvh/YuQtjyk3kA357GWR/UwHWYfHJbap5+ODeiW8kFbU/GciSjikaGWLTxIAVplg
    qO0kmFUL3tBZ+YkO8r+g+msibhu3ynKSwvTTdqX6kUEqKUnLoY/C1F6iQxr55Oxu
    b9PX+N06bw3qu37etmEUhDKygGarQqGQDReavXZZyCtg3oEZqBwkGKT56OELmA0w
    CgYYlLtP3T4Ob+z7E5o6J+xOoyxOimVhmvlFKHzUX7A9VlZrhu3ou6ESTYpYrtjt
    bbEre4CQfkO2YpwTvscfc3rxrZd/Y5f29zuNN3Yx/+TZejFhrJsmCtYUBFpvgmAF
    possCEShSpN0y7bByFBkNu4VMtV5ZQlySLWjHOJ0HawhD9hjZ/CBzvO7tQqJgPtx
    KHikbjec3kVvM3l77W6l9tJIyPR+98Kp959J63ixuCNv6cj0Fp3aB3OhPnqVwQDM
    XvLR7TtqJWdPpEpInGbGv777v/HLTGCNWmdwvl2qXog9d5GWWxxYJEky3f757l26
    kakCOFotDR0nP5z1jWfOSwKbY6GIPyVYNb0VIamcUEtWciAbeV7Io8i29i3FeGms
    9FFlt9o4e50uQF3M4rFreX40H0VfC3Ikp8Sm54I8Tj/gw4d6t6GheN+kCLTXLyJN
    nhDYlxlmIVZqtW2QuHUrxTwD8hV6qAEbedqElWXHbtpF6TRzrzRqnCUKeVN3YY7u
    4mkQingUi3uphDvlZiT+5fZh8d17mS7mKPrmu/YRabqy9Gn7YzL3hPcC+2WiND4C
    gsVrYKf06jlojsWMKwUU/mePs3Zs0CBEFlq/L43k2s7rElKx2+mfyhERhHe+j8X4
    R20Eo0++cWTJTp2MRTtZrqDhmCDflvJ1g/OaHGhoHpBlSfYK+ktFRvtpBaHspLBO
    AocMj8rT81cK0v4De76CG9wPAAA=
    ENDF
    }
    
    chmod 775 $ADB
    $ADB
    AUP
    




    The base64 block is based on the following script:
    Code:
    #!/bin/sh
    {
    cat <<'ENDF'|gzip|openssl enc -base64
    ARGS=$#
    GEN="/tmp/gen"
    TMP="/tmp/temp"
    CONF="/tmp/conf"
    HOSTS="/tmp/hosts"
    WFILE="/tmp/white"
    
    
    
    if [[ $ARGS != 0 ]] || [[ "$(ps | grep -e '--conf' | grep 'nobody')" == "" ]]; then
    rm -f $GEN.md5
    rm -f $GEN.last
    fi
    
    
    
    CLR() {
    rm -f $GEN
    rm -f $TMP
    rm -f $CONF
    rm -f $WFILE
    }
    
    
    
    PXL() {
    if [[ "$USEPIXELSERV" == "Y" ]]; then
    if [[ ! -x $PXL_EXE ]]; then
    wget -O $PXL_EXE $PXL_URL
    chmod +x $PXL_EXE
    fi
    ifconfig br0:0 $PXL_IP
    if [[ "$(pidof pixelserv)" == "" ]]; then $PXL_EXE $PXL_IP -n br0; sleep 1 ; else  kill -SIGUSR1 $(pidof pixelserv); fi
    if [[ "$(pidof pixelserv)" == "" ]]; then
    logger ADBLOCK ERROR: cannot start pixelserv
    else
    eval "NIP=$PXL_IP"
    fi
    fi
    }
    
    
    
    NC() {
    UNDEF=0
    for i in $GETS; do 
    eval url="\$S$i" 
    P1=$(echo $url| sed 's|^http[s]*://[^/]*\(/.*\)$|\1|')
    H1=$(echo $url| sed 's|^http[s]*://\([^/]*\)/.*$|\1|')
    for x in 1 2 3; do
    time=$(echo -e "HEAD $P1 HTTP/1.1\r\nHost: $H1\r\nConnection: close\r\n"|
    nc -w 5 $H1 80|grep -i Last-Modified:|tr -d "\r")
    if [ "$time" != "" ]; then break; fi
    done
    if [ "$time" == "" ]; then UNDEF=1; fi
    echo $time>>$GEN.new
    done
    
    if [ $UNDEF -eq 1 ]; then rm -f $GEN.last; fi
    
    if [ -f $GEN.last ]; then
    MD1=$(md5sum $GEN.last|cut -d " " -f1) 
    MD2=$(md5sum $GEN.new|cut -d " " -f1) 
    if [ "$MD1" == "$MD2" ]; then
    logger ADBLOCK: no changes since last time, exiting.
    rm -f $GEN.new
    exit
    fi
    fi
    mv -f $GEN.new $GEN.last
    }
    
    
    
    TRIM() {
    sed -ie '
    s/\#.*$//
    s/^127\.0\.0\.1[ \t]*//
    s/[ \t]*$//
    s/^::1[ \t]*//
    s/localhost$//
    /^$/d' $TMP
    }
    
    
    
    DS() {
    for i in $GETS; do
    eval url="\$S$i"
    if wget $url -O - | tr -d "\r" > $TMP ; then
    if [[ $i -ge $TRIM_BEGIN ]]; then TRIM ; fi
    cat $TMP >> $GEN
    logger ADBLOCK: $url
    else
    logger ADBLOCK ERROR: cannot get $url
    fi
    done
    }
    
    
    
    TST(){
    MD5=$(md5sum $GEN|cut -d " " -f1)
    if [[ -f $GEN.md5 ]] && [[ $MD5 == $(cat $GEN.md5) ]];  then
    logger ADBLOCK: no changes since last time, exiting.
    CLR; exit
    else
    echo $MD5>$GEN.md5
    fi
    }
    
    
    
    LWHT() {
    if [[ "$USEWHITELIST" == "Y" ]]; then
    for site in $WHITE
    do
    sed -i "/$(echo $site|sed 's/\./\\./g')/d" $GEN
    done
    elif [[ "$USEWHITELIST" == "R" ]]; then 
    if wget $WURL -O - | tr -d "\r" > $WFILE ; then
    logger ADBLOCK: whitelist $WURL
    sed -i -e '/\#.*$/ s/\#.*$//' -e '/^$/d' $WFILE
    for site in $(cat $WFILE)
    do
    sed -i "/$(echo $site|sed 's/\./\\./g')/d" $GEN
    done
    else
    logger ADBLOCK ERROR: cannot get whitelist $WURL
    fi
    fi
    echo "$BLACK" |sed 's/[ \t]*/\n/g'|sed '/^$/d' >> $GEN
    }
    
    
    
    OPT() {
    if [[ "$OPTIMISE" == "Y" ]]; then
    logger ADBLOCK: sorting hosts...
    if [[ "$USEHOSTS" == "Y" ]]; then
    sort -u -o $TMP $GEN
    else
    awk -F '.' 'BEGIN{ORS=""}{for(i=NF;i>0;i--)print $i"#";print "\n"}' $GEN|sort|
    awk -F '#' 'BEGIN{ORS="";d = "%"}{if(index($0,d)!=1&&NF!=0){d=$0;print $--NF;
    for(i=--NF;i>0;i--)print "."$i;print "\n"}}' > $TMP
    fi
    logger ADBLOCK: hosts sorted.
    fi
    mv -f $TMP $GEN
    }
    
    
    
    CNT() {
    TOT=$(wc -l < $GEN)
    logger ADBLOCK: $TOT entries
    }
    
    
    
    FTPUP() {
    if [[ "$UPLOAD" == "Y" ]]; then
    if [[ "$ROUTER" == "Y" ]]; then
    ftpput -u $FTP_USER -p $FTP_PASS -P $FTP_PORT $FTP_SERVER $FTP_PATH $GEN
    else
    ncftpput -u $FTP_USER -p $FTP_PASS -P $FTP_PORT $FTP_SERVER $FTP_PATH $GEN
    fi
    fi
    }
    
    
    
    FDNSM() {
    if [[ "$USEHOSTS" == "Y" ]]; then
    cp -f $GEN $HOSTS
    chmod 644 $HOSTS
    sed -i -e 's|^|'$NIP' |' $HOSTS
    sed -i -e '1i127.0.0.1 localhost' $HOSTS
    else
    sed -i 's|^.*$|address=/&/'$NIP'|' $GEN
    fi
    }
    
    
    
    LCFG() {
    if [[ "$USEHOSTS" == "Y" ]]; then 
    cat /etc/dnsmasq.conf >> $CONF
    cat >> $CONF <<EOF
    addn-hosts=/tmp/hosts
    EOF
    else
    cat /etc/dnsmasq.conf >> $GEN
    fi
    }
    
    
    
    ADDCFG() {
    if [[ "$ADD_CONF" == "Y" ]]; then 
    if [[ "$USEHOSTS" == "Y" ]]; then 
    eval "CFG=$CONF"
    else
    eval "CFG=$GEN"
    fi
    cat >> $CFG <<EOF
    dhcp-authoritative
    cache-size=2048
    log-async=5
    EOF
    fi
    }
    
    
    
    LBLK() {
    service dnsmasq stop
    if [[ "$USEHOSTS" == "Y" ]]; then 
    dnsmasq --conf-file=$CONF
    else
    dnsmasq --conf-file=$GEN
    fi
    }
    
    
    
    FS() { 
    if ps | grep 'dnsmasq' | grep 'nobody' ; then 
    logger ADBLOCK: dnsmasq is running
    else
    logger ADBLOCK ERROR: restarting dnsmasq...
    dnsmasq
    fi
    }
    
    
    
    CLR
    PXL
    
    NC
    DS
    TST
    LWHT
    CNT
    OPT
    CNT
    FTPUP
    
    if [[ "$ROUTER" == "Y" ]]; then
    FDNSM
    LCFG
    ADDCFG
    LBLK
    FS
    fi
    
    CLR
    
    ENDF
    }





    AdBlock Sources
    Code:
    OPTIMISE="Y"
    GETS="1 2 3 4"
    TRIM_BEGIN=3
    S1="http://pgl.yoyo.org/as/serverlist.php?hostformat=nohtml"  #44K
    S2="http://www.malwaredomains.com/files/justdomains"        #189K
    S3="http://www.malwaredomainlist.com/hostslist/hosts.txt"   #97K
    S4="http://www.mvps.org/winhelp2002/hosts.txt"              #620K
    S5="http://hosts-file.net/hphosts-partial.asp"              #283K
    S6="http://hostsfile.mine.nu/Hosts"                         #2641K
    S7="http://support.it-mate.co.uk/downloads/hosts.txt"       #3851K
    
    You can choose which hosts files will be downloaded to block ads, update the variable GETS.
    In the default setup, Adblock will download S1 to S4.
    S6 and S7 require a router with a lot of memory, use it if you know what you're doing.

    A little explanation about TRIM_BEGIN=3:
    S1 and S2 are files with hostname only, these files will be copied without formatting.
    S3 to S7 are file formatted to replace hosts file, these files will be formatted to works with AdBlock.
    TRIM_BEGIN tells AdBlock which sources need formatting (from S3 to the end),
    updated it if you add a source, between S2 and S3, which doesn't need formatting.

    You can also add your custom blacklist here. Add a new source and update GETS.

    If OPTIMISE="Y", AdBlock will remove duplicated entries in the hosts file. See Hosts file Vs. DNS Cache Poisoning for more details.






    Whitelist and Blacklist
    Code:
    USEWHITELIST="Y" # N/Y/R for remote
    WURL="http://example.com/whitelist.txt"
    WHITE="intel.com"
    BLACK="facebook.com
    facebook.net
    fbcdn.net"
    
    You can add inline whitelist and blacklist to the script,
    look at the example above to see how to add domains to the blacklist.
    If USEWHITELIST="R", AdBlock will download the whitelist from the URL specified by WURL.






    Pixelserv
    If you don't want to run pixelserv, you can update NIP="0.0.0.0" if you want to redirect blocked hosts to another HTTP server.
    If you don't have a HTTP server, don't modify this variable.

    You can download pixelserv from this thread.
    Instead of redirecting blocked hosts to 0.0.0.0, pixelserv will return a 1x1 pixel.
    Pixelserv removes error message in the browser by doing that.
    Code:
    USEPIXELSERV="Y"
    PXL_IP=192.168.1.2
    PXL_EXE="/tmp/pixelserv"
    PXL_URL="http://example.com/pixelserv"
    
    Update USEPIXELSERV="Y" to use it.
    PXL_IP is the IP AdBlock will use to redirect hosts to pixelserv, you MUST specify an unused IP.
    PXL_EXE is where pixelserv is located or will be downloaded. You can change this location if you want to store it on your usb drive if you have one connected to your router.
    If AdBlock can't find pixelserv to the specified location, it will download it from PXL_URL and save it on the router to PXL_EXE location.
    For example, you can store it on dropbox.
    You can see how many ads was blocked with this command: kill -SIGHUP $(pidof pixelserv)






    Additional configuration
    Disabled by default, ADD_CONF="Y" will add the following lines to dnsmasq.conf:
    Code:
    dhcp-authoritative
    cache-size=2048
    log-async=5
    
    Some firmwares (TomatoUSB) already add these lines by default.
    If you see the error "duplicate entries in dnsmasq.conf", you must disable this option.






    Hosts file Vs. DNS Cache Poisoning
    USEHOSTS let you choose between hosts file method or DNS Cache Poisoning.
    The default settings and the recommended one is USEHOSTS="N", to use DNS Cache Poisoning method.
    We couldn't figure out which one was the most effective in term of memory usage or speed, but here are the 2 differences with these methods:

    1) DNS Cache Poisoning blocks a domain, hosts file blocks a host.
    For example, if we have these 2 entries:
    adserver.com
    ad1.adserver.com

    hosts file will block both, but it can't block ad2.adserver.com
    DNS Cache Poisoning will block both and every hosts using the domain adserver.com.

    2) Knowing that, we added an optimisation to remove a lot of duplicates in DNS Cache Poisoning.
    AdBlock takes between 4 and 6 minutes to remove these duplicates.
    At the time I wrote this guide, it removes 8184 entries (from 32812 to 24628) for DNS Cache Poisoning.






    Auto update
    UPDATE="Y" will update AdBlock with the time specified in the cron rule below:
    Code:
    ## cru (a)dd <name> "min hr day mo wkday <cmd>" 
    ## min=0-59 hour=0-23 day=1-31 month=1-12 sun=0 *=all
    cru a AdUpd "0 4 * * * $ADB"
    
    The default time is everyday at 4 AM.
    AdBlock has optimisations to know if it has to download, remove duplicates (6 min) and restart dnsmasq.
    So you may be able to update it more frequently, but I recommend to do it if you have a powerful router.
    To force AdBlock to update its files without verifying if they changed, add a parameters to AdBlock when you call it on the command line, for example:
    /tmp/ADBLOCK.sh --force






    Upload to a FTP server
    If you want to upload the result to another server through FTP, update this lines:
    Code:
    UPLOAD="Y"
    FTP_SERVER="ftpserver.com"
    FTP_USER="login"
    FTP_PASS="pass"
    FTP_PORT=21
    FTP_PATH="/gen"
    
    Then, you can tell your router to only get this file without doing any optimisation, it will be quicker:
    Code:
    OPTIMISE="N"
    GETS="0"
    TRIM_BEGIN=3
    S0="http://example.com/hosts"
    
    If you run this script on a router, FTP_PATH must be a file (/gen). But if you run it on Ubuntu, FTP_PATH must be a directory (/).





    Running AdBlock on Ubuntu
    Recommended settings before running it:
    Code:
    USEPIXELSERV="N"
    ROUTER="N"
    UPDATE="N"
    
    And at line 12, replace "#!/bin/sh" by "#!/bin/bash"

    If ROUTER="N", Adblock won't restart dnsmasq, and the script will use ncftp to upload to a FTP server.
    If you don't have it installed, type: sudo apt-get install ncftp

    You can add a cron job with: crontab -e
    0 1 * * * /path/to/ADBLOCK.sh
    And restart cron: sudo service cron restart
     
    HunterZ, Klakinoumi, zbeyuz and 2 others like this.
  2. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    What happened to the shorter decoder? :confused:
    Code:
    b64(){
    awk 'BEGIN{b64="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"}
    {for(i=1;i<=length($0);i++){c=index(b64,substr($0,i,1));if(c--)
    for(b=0;b<6;b++){o=o*2+int(c/32);c=(c*2)%64;if(++obc==8){if(o)
    {printf"%c",o}else{system("echo -en \"\\0\"")}obc=o=0}}}}';}
     
  3. srouquette

    srouquette LI Guru Member

    certainly a bad copy, thanks for the feedback, I updated it.
     
  4. tmr250z

    tmr250z Addicted to LI Member

    When storing my whitelist and pixelserv on Dropbox, it seems, at least for me, that it's not necessary to put "?dl=1" at the end of their URLs. They download just fine without it. So appending "?dl=1" to the end might be optional…
     
  5. srouquette

    srouquette LI Guru Member

    ok, thanks, I wasn't sure about that.
     
  6. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    I recently came across Mawk

    An article updated on 4/30/2010 praises mawk for its speed but warns about the chance of buggy results with large datasets.
    Latest available mawk source (1.3.4-20100625) postdate that article (there is a chance such issue might have been fixed)

    I carried a quick test using an outdated mipsel version 1.3.3 (176KB) from openwrt repository.

    The same function was run using busibox's awk(D11) then with mawk (D11m).

    mawk is nearly 2 minutes faster.

    Code:
    Nov  7 15:07:48 router user.notice root: START BATCH TESTING
    Nov  7 15:07:48 router user.notice root: ADBLOCK Retrieved http://pgl.yoyo.org/as/serverlist.php?showintro=0;hostformat=nohtml
    Nov  7 15:07:52 router user.notice root: ADBLOCK Retrieved http://mirror1.malwaredomains.com/files/justdomains
    Nov  7 15:07:55 router user.notice root: ADBLOCK Retrieved http://www.malwaredomainlist.com/hostslist/hosts.txt
    Nov  7 15:08:06 router user.notice root: ADBLOCK Retrieved http://www.mvps.org/winhelp2002/hosts.txt
    Nov  7 15:08:06 router user.notice root: start D11m :  33044 lines
    Nov  7 15:09:05 router user.notice root: end D11m Runtime: 0 min, 59 sec [59 ss]
    Nov  7 15:09:05 router user.notice root: After parsing:  24813 lines
    Nov  7 15:09:05 router user.notice root: start D11 :  33044 lines
    Nov  7 15:11:48 router user.notice root: end D11 Runtime: 2 min, 43 sec [163 ss]
    Nov  7 15:11:48 router user.notice root: After parsing:  24813 lines
    Athough mipsel debian up-to-date binaries are available they won't run on tomato.

    It's a pity. :frown:
     
  7. srouquette

    srouquette LI Guru Member

    I was wondering if it's possible to block an IP address with the router.
    I know dnsmasq resolves only hostname to IP address, but I found a list of active malware IP addresses on MDL, and I'm interested in blocking these IPs.
    http://www.malwaredomainlist.com/forums/index.php?topic=3270.0
    http://www.malwaredomainlist.com/hostslist/ip.txt
    The only method I thought was using the firewall, maybe updating /etc/iptables ?...

    I also discovered that hosts file supports wildcard hostname:
    http://daniel.hahler.de/easy-dns-wildcard-setup-for-local-domains-using-dnsmasq
    We may be able to apply the same optimisation to the dns cache poisoning method by adding *. to the domain...


    And I found a nice tutorial with additional hosts files:
    http://www.malwaredomains.com/wordpress/?page_id=6#Bind
    http://www.malwaredomainlist.com/forums/index.php?topic=174.0
    http://realsecurity.web.officelive.com/blocklists.aspx



    I think I will run the script on one of my server and download the result with the router without doing the optimisation.
    It's so much faster on a real computer if I want to parse more lists ^^;

    I updated 3.9 with this changes in mind.
    You can run ADBLOCK.sh on Ubuntu if you change the first line by #!/bin/bash
    The idea is to run ADBLOCK.sh on a server and upload the result on a ftp server (the script can do that),
    then download it with the router, which has OPTIMISE="N" because the file is already optimised.
    The settings on the router is:
    Code:
    OPTIMISE="N"
    GETS="0"
    TRIM_BEGIN=3
    S0="http://example.com/hosts"
    
    changelog for 3.9:
    - added OPTIMISE="Y", you can choose to remove or not duplicated entries
    - added FTP upload support
    - moved NIP outside the base64 block, if someone wants to redirect to another address (a local http server for example).
    - added ROUTER="Y", set it to "N" if you run it on a server, it won't try to restart dnsmasq.
     
  8. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    The example provided on that site matches what the adblock currently does
    Code:
    address=/local/127.0.0.1
    And after restarting dnsmasq, *.local gets resolved to 127.0.0.1.

    DD-WRT wiki got few examples to block ip subnet and ranges with optional logging
     
  9. srouquette

    srouquette LI Guru Member

    Yes, it's the DNS Cache Poisoning method. But if you use the hosts file method, it's like:
    Code:
    127.0.0.1 example.com
    If you want to block every subdomain, you have to write it like that:
    Code:
    127.0.0.1 *.example.com
    But it's not really important, it's better to use DNS Cache Poisoning...



    ok thanks, I'll try something with these examples :)
     
  10. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    hostfile syntax is shorter.

    I always wondered if the configuration/hosts file were stored verbatim in memory or if they were converted to a fixed-overhead representation.

    If it works it might worth checking dnsmasq memory footprint differences with cache-size=0 and equal number of hosts.
     
  11. srouquette

    srouquette LI Guru Member

    I wondered the same thing, that's why I kept "/tmp/hosts" with the hosts file method, I wasn't sure.
    But I think everything is stored in a hash table, that's why dnsmasq can load 400k in 3k of memory with the dns poisoning method.
     
  12. srouquette

    srouquette LI Guru Member

    I tried to block IP with iptables, but it's slow and it doesn't work, iptables was killed with a "Memory allocation problem" ^^;;

    Here is the code:
    Code:
    ## IP Blocker v1.0
    
    IPB="/tmp/ip_blocker.sh"
    {
    cat <<'ENDF' >$IPB
    #!/bin/sh
    
    GETS="1 2"
    S1="http://www.malwaredomainlist.com/hostslist/ip.txt"
    S2="http://sucuri.net/blacklist/MS-iplist.txt"
    
    IP="/tmp/ip"
    
    if [[ -f $IP ]]; then
    for i in $(cat $IP); do
    iptables -D FORWARD -d $i -j DROP
    done
    rm -f $IP
    fi
    
    for i in $GETS; do
    eval url="\$S$i"
    if wget $url -O - | tr -d "\r" >> $IP ; then
    logger IPBLOCKER: $url
    else
    logger IPBLOCKER ERROR: cannot get $url
    fi
    done
    
    sort -u -o $IP $IP
    
    TOT=$(wc -l < $IP)
    logger IPBLOCKER: $TOT entries
    
    
    for i in $(cat $IP); do
    iptables -I FORWARD -d $i -j DROP
    done
    
    ENDF
    }
    
     
  13. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    No luck here as well.

    With only 500 IP it needs minutes to insert the addresses but it is blazingly fast to remove them. I don't get it :confused:

    By chance I found out that malwaredomainlist (S3) is currently blocking rapidshare :eek:



    Code:
    IPB="/tmp/ip_blocker.sh"
    {
    cat << 'ENDF' >$IPB
    #!/bin/sh
    #set -x #debug
    GETS="1"
    MAX=100
    #http://www.malwaredomainlist.com/mdl.php?search=rapidshare&colsearch=All&quantity=50 
    S1="http://www.malwaredomainlist.com/hostslist/ip.txt" #blacklist rapidshare
    S2="http://sucuri.net/blacklist/MS-iplist.txt"
    
    
    IP="/tmp/ip"
    service dnsmasq restart
    CNTA=$(date +%s)
    count=1
    if [[ -f $IP ]]; then
    for i in $(cat $IP); do
    [ $count -gt $MAX ] && break
    iptables -D FORWARD -d $i -j DROP
    let count=count+1
    done
    CNTB=$(date +%s)
    logger "IPTABLES -D $(($CNTB-$CNTA)) sec"
    rm -f $IP
    iptables -t filter -L FORWARD 
    exit
    fi
    
    
    
    count=0
    for i in $GETS; do
    eval url="\$S$i"
    if wget $url -O - | tr -d "\r" >> $IP ; then
    logger IPBLOCKER: $url
    else
    logger IPBLOCKER ERROR: cannot get $url
    fi
    let count=count+1
    done
    #service wan stop
    
    [ $count == 1 ] || sort -u -o $IP $IP
    TOT=$(wc -l < $IP)
    logger IPBLOCKER: $TOT entries
    
    CNTA=$(date +%s)
    count=1
    for i in $(cat $IP); do
    [ $count -gt $MAX ] && break
    iptables -I FORWARD $count -d $i -j DROP
    let count=count+1
    done
    CNTB=$(date +%s)
    logger "IPTABLES -I $(($CNTB-$CNTA)) sec"
    #service wan start
    iptables -t filter -L FORWARD 
    ENDF
    }
    
    chmod +x $IPB
    $IPB
     
  14. srouquette

    srouquette LI Guru Member

  15. Toastman

    Toastman Super Moderator Staff Member Member

    Even google is now blocking complete domains because ONE member of that domain has malware. This is getting ridiculous.
     
  16. ~nephelim~

    ~nephelim~ Networkin' Nut Member

  17. QSxx

    QSxx Addicted to LI Member

    sites.google.com was blocked too couple of days ago, not sure if it still is...

    I had to whitelist it to get some stuff off ONE of the sites hosted there
     
  18. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    Probably due to unmanned list management but truly enough it is bothersome to have to watch out for the whole mess.
     
  19. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    looks like S3 (malwaredomainlist) is still blocking it
     
  20. srouquette

    srouquette LI Guru Member

    3.9a: now using ncftpput if you run it on Ubuntu

    sadly, the nc optim doesn't work on Ubuntu. The format may be different, gen.last is empty.
     
  21. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    For unknown reasons it looks like nc cannot support its own manpage examples :confused:

    Code:
     echo -n[B][COLOR="Red"]e[/COLOR][/B] "GET / HTTP/1.0\r\n\r\n" | nc host.example.com 80
    I was not able to get redirect method to work either.

    Code:
    nc host.example.com 1234 < filename.in
    
    I'm running ubuntu on a VM not sure if it matters. :confused:

    nc syntax look the same.:confused:
     
  22. srouquette

    srouquette LI Guru Member

  23. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    I made some progress removing netcat-openbsd and installing netcat-traditional (1.10.38)

    Now I found out that there are differences in echo invocation

    I'm currently reading info coreutils 'echo invocation'

    It looks like
    :wall:

    echo -ne command breaks inside scripts and works fine on the console. :mad:

    ATM using
    Code:
    [B]env[/B] echo -ne "HEAD $P1 HTTP/1.1\r\nHost: $H1\r\nConnection: close\r\n"
    print a correct output but it would be possible to use only
    Code:
    echo "HEAD $P1 HTTP/1.1\r\nHost: $H1\r\nConnection: close\r\n"
    I will check again if -ne is absolutely needed for tomato. (EDIT: it is)

    EDIT: Tomato might be not posixly_correct but env echo -ne "HEAD $P1 HTTP/1.1\r\nHost: $H1\r\nConnection: close\r\n\r\n" works fine on build 52 as well.

    It is unclear what else will turn out. I mean... even echo... :flabbergasted:
     
  24. srouquette

    srouquette LI Guru Member

    haha yes, I read something about stuff not working the same way in a script, I think nc has this problem aswell :)
    Don't lose too much time, the script still works, even without these optimisations.
    The slowest part is to upload the generated file ^^;
    But the whole script takes 10 sec I think on my server, we are really far from the 4-6 min on the router :)
     
  25. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    This will probably the last of them so I'll look at the full script tomorrow.

    I got some issue with double square brakets and == :

    [[ "$time" == "" ]] won't work here but [ "$time" = "" ] does.

    type [[ says it is a shell builtin but the script say [[ :not found :confused:

    Edit: got it. I was using #!/bin/sh . It turns out #!/bin/bash work fine provided netcat-traditional is used and netcat-openbsd uninstalled.
     
  26. srouquette

    srouquette LI Guru Member

    yes, you have to replace sh by bash at the beginning of the script.

    #!/bin/bash
     
  27. kalel90

    kalel90 Networkin' Nut Member

    It seems when i use the mvps hosts list my memory drops to nothing and causes some severe problems. Im not sure why since none of the other scripts i had tried before caused this.
     
  28. srouquette

    srouquette LI Guru Member

    mmmh... which router do you have ? WRT54G ?
    What changed between 2.9 and 3.9 is that we don't kill dnsmasq before parsing the sources anymore, which means you may have less memory to parse it...
    If it's the problem, I may revert it back...
     
  29. kalel90

    kalel90 Networkin' Nut Member

    I have a wrt54gl and it goes from 3mb free to nothing in about 4 min.
     
  30. QSxx

    QSxx Addicted to LI Member

    On wrt54gl you can't use those huge host-lists, there's simply not enough room in RAM. Those can be used on 32mb models like some versions of WRT54GS or *G-TM and ofcourse RT-N16 and line of MIPSR2 routers (more ram, more space for hosts :) )

    EDIT: On the other hand, it seems that mvps list isn't that huge after all, and my old WRT54G v2 copes with it with no trouble... How are your other settings? Anything stealing RAM? I'm asking about stuff like DHCP server, QoS, Access Restrictions, Wireless Filter.... in short, all the services that also require RAM to run...
     
  31. srouquette

    srouquette LI Guru Member

    Yep, the MVPS isn't one of the huge list, AdBlock with the default settings should run on a WRT54GL (that's what I use).
    Do you only have GETS="1 2 3 4" in your settings ? (just to be sure)
     
  32. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    It might need additional tests but it could be possible to add memory checks/contrants without forcefully stopping dnsmasq in all cases

    An $OFFSET value (to be determined) would be needed to account for additional overhead which should include also the size of the next list not yet downloaded (it might need to include also some overhead for processing).

    It would have been possible to test memory constraints even without actually downloading the lists but S1 server provides no content-length field for http head requests.

    A less reliable way would be to use handcrafted custom values to estimate a worst case size for each list before download (and finally add memory overhead for script processing)

    Code:
    #BEWARE THIS IS NOT AN ADBLOCK
    
    OFFSET=2097152 # 2MB extra memory to add to $gen size or to be subtracted from free memory
    
    GETS="1 2 3 4" 
    S1="http://pgl.yoyo.org/as/serverlist.php?hostformat=nohtml"
    S2="http://www.malwaredomains.com/files/justdomains"
    S3="http://www.malwaredomainlist.com/hostslist/hosts.txt"
    S4="http://www.mvps.org/winhelp2002/hosts.txt"
    S5="http://hosts-file.net/hphosts-partial.asp"
    S6="http://hostsfile.mine.nu/Hosts"
    S7="http://support.it-mate.co.uk/downloads/hosts.txt"
    S8="http://someonewhocares.org/hosts/hosts"
    GEN="/tmp/gen"
    TRIM_BEGIN=3
    
    TRIM() {
    sed '
    s/\#.*$//
    s/^127\.0\.0\.1[ \t]*//
    s/[ \t]*$//
    s/^::1[ \t]*//
    s/localhost$//
    /^$/d'
    }
    #FM=$(cat /proc/meminfo|awk '/^Mem:/ {print $4+$7}') #free memory
    for i in $GETS; do
    eval url="\$S$i"
    [ $i -ge $TRIM_BEGIN ]&&TR="TRIM"||TR="cat"
    if wget $url -O - |tr -d "\r" |$TR  >> $GEN ; then
    logger ADBLOCK: $url
    else
    logger ADBLOCK ERROR: cannot get $url
    fi
    SZ=$(($(ls -l $GEN|awk '{print $5}') + $OFFSET)) # memory mapped $GEN file size
    FM=$(cat /proc/meminfo|awk '/^Mem:/ {print $4+$7}') # hope /proc/meminfo support is ubiquitous
    echo $SZ $FM
    [ $SZ -ge $FM ] && service dnsmasq stop
    done
    
    rm -f $GEN
    Before/after free-memory values can be logged at each major list processing step for diagnostic purposes
     
  33. srouquette

    srouquette LI Guru Member

    It's hard to know how much memory the generated file will use.
    The problem is the awk pipe with sort, it should use a certain amount of memory...
    Because it's multiple commands with pipe, everything stay in memory while it's generated (I suppose).
     
  34. kalel90

    kalel90 Networkin' Nut Member

    The only thing i had going when i tested the script was the dhcp server but i had qos turned off at the time. Not to mention ive used an earlier version of this script that worked fine even with qos on.
     
  35. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    I'm not sure what happens with multiple pipes but I guess it cannot be worse than using multiple files, after all even files are stored in volatile memory.

    I hope the overhead will be equal or strictly proportional to the list size with some differences caused by different parsing according to $USEHOSTS.

    Such complex setup might worth only as an optional way to not force a dnsmasq stop at the beginning of the script, the worst case being an overestimated offset that free memory in most cases.

    Each time dnsmasq is stopped the adblock should parse the lists again ($GEN.md5 won't apply)
     
  36. QSxx

    QSxx Addicted to LI Member

    It might sound like stupid solution or even not-worth-the-time but it usually helps. Go for full NVRAM reset (in Configuration tab), then reconfigure whole router from the scratch... I know it's a ton of work with all settings and so on but sometimes it's the only thing that will help...

    If you don't feel like it, keep this as last solution :) We'll try to figure out if something else can be done... :)
     
  37. srouquette

    srouquette LI Guru Member

    I also have some trouble sometimes with AdBlock, that's why I don't run it too often or manually. It works fine if you let it do its job during the night, it can take its time.
    But during the testing, where I had to restart all the time the script manually, sometimes it would crash the router.
    And that's why it may be a better solution, if you have multiple routers to update, to upload the result of one of them on a ftp, and down the result on the others without optimising it.

    Does it still crash the router even after reboot? let it do its job during 10 min. We don't kill dnsmasq anymore so that you can browse during the optimisation.
     
  38. kalel90

    kalel90 Networkin' Nut Member

    I have tried the clear nvram idea already and rebooting it just causes the same thing to happen over and over it runs completely out of ram then dies pretty much.
     
  39. srouquette

    srouquette LI Guru Member

    Does it start sorting the hosts before crashing ?
     
  40. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    If I've not misunderstood your previous log, you are running Tomato speedmod v120 and the log was captured at 16:06:36 probably after a reboot due to router crash.


    Does the router run out of ram few minutes after adblock ran or does this happen after many hours? or maybe during the day just after a WAN reconnect (eg Status\Overview disconnect/connect button)?

    It might be useful to confirm if the router halt/reboot at some specific point during adblock execution or if this happens when adblock is not running.

    You might need to enable an external syslog server under Tomato Administration\Logging
    [​IMG]

    If you have a PC you can install Syslog Watcher Personal Edition on the PC whose IP you specified in Tomato Administration\Logging

    These informations might help to narrow down the possible issue by comparing the changes in the two versions:

    What was the most recent script version you ran without issues?

    What script version you were using when this issue occurred?
    What options were you using for such script version?
     

    Attached Files:

  41. kalel90

    kalel90 Networkin' Nut Member

    It runs of of ram within 5-8 minutes of turning the router on. Im running victeks mod for 1.28.
     
  42. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    A faulty router or bad flash perhaps? :confused:

    Please test the v3.9a script as it is, after updating to Tomato RAF 1.28.8515 K2.4 again.

    After updating Tomato and before testing the adblock script again, please paste & execute
    Code:
    cat /proc/meminfo|awk '/^Mem:/ {print $4+$7}'
    in Tomato Tools\System and post the results here.
     
  43. mrplow

    mrplow Networkin' Nut Member

    Is there an easy to to temporarly disable adblocking or a way to find out which domain is blacklisted for a website, for example using boxee with adblocking watching some of the online content fails because there are required adds during the show, it works fine if I remove the script and reboot the router.
    Also having the whitelist on the usb like pixelserv would be nice since my script is too big to add any more now and it seems silly to make a server just to download a tiny txt file from.
     
  44. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    Restarting dnsmasq (eg clicking Save button in Advanced>DHCP / DNS) will completely unload the adblock/blacklist until adblock is run again (stopping and then restarting WAN connection or typing /tmp/ADBLOCK.sh in tomato console will do)

    It should be possible to use pastebin provided you won't make your pastebin post public.
    By setting Post exposure to Private such URL will be known to you alone.

    It will be possible to modify your pastebin post by accessing its URL (http://pastebin.com/POSTID) but this will generate a new pastebin post (the DOWNLOAD link of such new post should be pasted in adblock)

    Once the whitelist is posted on pastebin it is possible to copy a link titled DOWNLOAD in adblock WURL="http://pastebin.com/download.php?i=POSTID" and use USEWHITELIST="R" option

    EDIT:Sorry guys my mistake. RAW link doesn't actually provide a raw file but includes the text prefromatted in a webpage.
    DOWNLOAD works as expected.
     
  45. mrplow

    mrplow Networkin' Nut Member

    thanks nephelim, all works great, tricky with the pastebin there
    I figured out netstat so I think I can track down any domains I need to whitelist to get my video streaming working
     
  46. mrplow

    mrplow Networkin' Nut Member

    damn well maybe its not working perfect from terminal

    Code:
    oot@tomato-router:/tmp/home/root# /tmp/ADBLOCK.sh 
    ifconfig: SIOCSIFADDR: File exists
    Connecting to pgl.yoyo.org (95.172.9.82:80)
    -                    100% |**********************************| 45756  --:--:-- ETA
    Connecting to www.malwaredomains.com (139.146.167.25:80)
    -                    100% |**********************************|   161k 00:00:00 ETA
    Connecting to www.malwaredomainlist.com (143.215.130.61:80)
    -                    100% |**********************************| 99234  00:00:00 ETA
    Connecting to www.mvps.org (209.68.48.119:80)
    -                    100% |**********************************|   608k 00:00:00 ETA
    Connecting to pastebin.com (173.236.52.197:80)
    -                    100% |**********************************|   539  --:--:-- ETA
    sed: unsupported command /
    sed: unsupported command /
    sed: unsupported command /
    sed: unsupported command /
    sed: unsupported command >
    sed: unsupported command >
    sed: unsupported command e
    
    Done.
    
    dnsmasq: missing " at line 2 of /tmp/gen
     
  47. tmr250z

    tmr250z Addicted to LI Member

    I'm getting an error as well when using the RAW url of my whitelist on pastebin:

    Code:
    Nov 16 21:52:53 router user.notice root: ADBLOCK: http://pgl.yoyo.org/as/serverlist.php?hostformat=nohtml
    Nov 16 21:52:53 router user.notice root: ADBLOCK: http://www.malwaredomains.com/files/justdomains
    Nov 16 21:52:54 router user.notice root: ADBLOCK: http://www.malwaredomainlist.com/hostslist/hosts.txt
    Nov 16 21:52:57 router user.notice root: ADBLOCK: http://www.mvps.org/winhelp2002/hosts.txt
    Nov 16 21:52:57 router user.notice root: ADBLOCK: whitelist http://pastebin.com/raw.php?i=pE9hQZqV
    Nov 16 21:53:06 router user.notice root: ADBLOCK: 31672 entries
    Nov 16 21:53:06 router user.notice root: ADBLOCK: sorting hosts...
    Nov 16 21:53:26 router user.notice root: ADBLOCK: hosts sorted.
    Nov 16 21:53:26 router user.notice root: ADBLOCK: 1 entries
    Nov 16 21:53:26 router daemon.info dnsmasq[514]: exiting on receipt of SIGTERM
    Nov 16 21:53:27 router daemon.crit dnsmasq[1144]: missing " at line 1 of /tmp/gen
    Nov 16 21:53:27 router daemon.crit dnsmasq[1144]: FAILED to start up
    Nov 16 21:53:27 router user.notice root: ADBLOCK ERROR: restarting dnsmasq...
    I don't get this error when I store my whitelist on Dropbox and use that url instead. I doublechecked to see if I was following your instructions correctly and I seem to be, so I don't why it's not working.
     
  48. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    @ mrplow and tmr250z: Sorry guys. My early instructions were incorrect.

    DOWNLOAD link on pastebin post will not mess the list like RAW link does.

    RAW link doesn't actually provide a raw file but includes the text preformatted in a webpage so the list will only "look fine" in a web-browser (sorry again :blush:) though RAW will actually include extra text that will disturb whitelisting.

    Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    
    	<html xmlns="http://www.w3.org/1999/xhtml">
    
    		<head>
    
    			<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
    
    			<title>RAW OUTPUT GUPCLqq8</title>
    
    			<meta name="robots" content="noindex, nofollow" />
    
    		</head>
    
    		<body>
    
    			<pre>[B]sites.google.com[/B]</pre>
    
    		</body>
    
    	</html>
    DOWNLOAD link will provide a plain text file.
     
  49. tmr250z

    tmr250z Addicted to LI Member

    No worries, nephelim. :)

    And thanks, now I have another way to store my whitelist, if I ever decide to get rid of Dropbox.
     
  50. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    You're welcome.
    I've been looking into no-account-required dropbox alternatives for a while. :smile:

    http://toofiles.com/ will work for (small?) binaries as well provided the url used for downloading begins with http://toofiles.com/en/rawfilesdownload-

    Such download url is provided after clicking on this icon

    [​IMG]

    This will open a new download page. The actual direct-download link will be below "You have requested to download" message.

    [​IMG]
     

    Attached Files:

  51. jochen

    jochen LI Guru Member

    That depends on the port forwardings on your router. If you forward port 80 to your pixelserv ip/port, than it would be accessible from internet. But what should this be good for?

    I have my own webserver on 192.168.1.2 (Asus WL-HDD with Openwrt Firmware). The server is lighttpd with some virtual hosts for some subdomains. The default points to a virtual host with only a 404 error page. This error page is a php script that delivers empty html pages or 1-pixel gifs for my adblocking purposes. It also tracks attempts from hackers trying to hack my webserver. I can distinguish them, because hackers try to access my server through its IP address. Real page requests always have a valid URL with one of my subdomains, and they don't go to the default host. To slow down hackers I also have a little "sleep(600)" for them in my script. :biggrin:
     
  52. mstombs

    mstombs Network Guru Member

    Current default build of pixelserv only listens on the lan interface br0. I don't see exactly how hackers could get hold of pixelserv local IP, but some sites can detect ad blocking in place, so might guess the ad domain is diverted to a webserver so insert 'ads' with malicious code?
     
  53. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    :eek: didn't think about that. Maybe a forged url in a img tag?

    EDIT: as far I understand release pixelserv won't parse the http request in any way so there is no way a forged request would work.

    This type of attack reminded me of http://www.gnucitizen.org/blog/flash-upnp-attack-faq/ :frown:
    It might be OT but is there any advice about that apart disabling upnp and or nat-pmp? Besides does that paper still applies nowadays?

    EDIT: Good. Tomato's miniupnpd already fends off the scariest part of such attacks. :)

    Some linksys firmwares were affected though. They even allowed port forwarding to any external server located on the Internet.
    Code:
    WRT54G v2.2   fw 3.03.9
    WRT54G v2.2   fw 4.20.7
    WRT54G v2.2   fw 4.20.8
    WRT54GS v1.0  fw 2.09.1
    WRT54GS v1.0  fw 4.70.6
    
     
  54. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    to host a pixelsev service for all friends over the internet? :biggrin:

    I have remote web access for tomato webif disabled but after reading your post I wondered what could have happened if I had it enabled.
     
  55. DeORC

    DeORC Serious Server Member

  56. mrplow

    mrplow Networkin' Nut Member

    No that would just forward the tomato interface. You'd have to forward port 80 to the ip pixelserv is running on. But if you didn't already know that I'd suggest otherwise.

    Not only would it hammer your router but the whole point of pixelserv is to be on a local network.
     
  57. ~nephelim~

    ~nephelim~ Networkin' Nut Member


    Of course I won't attempt that for the same reason I don't enable remote access to Tomato webif (well I did for a short time just to make sure what a nmap scan would turn out to be). I guess it might be an option for those using VPN though.

    I don't have a formal knowledge about networking and even if I can manage port forwarding for a physical host I didn't really grasp what could have been when the service was running on the same router albeit with a different ip (as per jochen and your clarification)

    At this point I got that the interfaces like br0 (as per mstombs explanation ) are kind like a different physical host and the internet facing interface would be ppp0.

    Also tomato upnp service won't allow forwarding for any IP other than the one which make the request (and even in that case only for ports greater than 1024) so there won't be any chance a malicious webpage could ever use a flash applet to forward pixelserv service (and other unrelated PC critical services) over the internet.

    I thought for a moment that a forged url in a webpage could still somewhat attempt something but as far I understood pixelserv don't parse image urls so there was no chance to begin with :)

    I haven't fiddled with Tomato configuration for days now and everything appear to be running fine.

    I've been running adblocking + pixelserv and lists S1 to S4 with 3 daily updates parsed though mawk ( mawk steps take only 60 seconds) and it looks like the list are constantly changed at least every 6 hours.
     
  58. srouquette

    srouquette LI Guru Member

    I suppose S2 and S3 are updated more often, there are anti-malware block lists.
     
  59. mstombs

    mstombs Network Guru Member

    There was one version that did to only respond to image requests...

    pixelserv has to "read" the whole url request line before closing the connection - to avoid the OS sending aggressive RST messages - but nothing is done to the data so any vulnerability would be down to the system library functions. The request is read in 1kB chunks, there's no assumption on the max size of the request so I don't think there's any possibility of "buffer overflow" of the type I've seen mentioned every month in microsoft security patches!

    pixelserv is not a real web server there's no way of retrieving other files or executing cgi/php etc scripts, but does run as "root" so could execute arbitrary code if there was a way of buffer overflow. dnsmasq reduces its priority to run as user "nobody" to reduce potential for such unidentified bugs to be exploited.

    Biggest "vulnerability" I see is the potential for DOS attack, in test my routers can respond to about 100 requests per second, hit the router with more than this and the router will eventually run out of resources, or at very least degrade its prime function of routing.

    See comments from Toastman and others - "connection storms" from the LAN by malware are believed to be a current method of crashing routers, possibly via dnsmasq. dnsmasq is also the program most often shut down by router "out of memory killer", possibly due to the fact it runs at low priority.
     
  60. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    Sorry. I don't really have much experience with programming languages so I missed the reading part.

    Code:
    /* clean way to flush read buffers and close connection */
    if (shutdown (new_fd, SHUT_WR) == 0) {
        while ( read (new_fd, buf, sizeof buf) > 0 );
    }
    As you mentioned there shouldn't be any chance for anything.
    Nor even system library functions would affect sizeof and there is no chance a bad system library will break read (if ever that were to happen I guess the router won't even reach the point to run wanup scripts)

    I didn't think about that.
    Wouldn't it be possible to add some sort of instance counter (and a max instance user defined option) to prevent this from occurring?
    But it doesn't looks something more that a nuisance. And chances for such occurrences would be slim to begin with.

    EDIT: I guess some ipfilters command mentioned in the connection storms topic would be the most appropriate solution.

    I guess this could be also related to malware like Downadup that had version generating upt to 500 udp/dns requests for different domains on each infected pc (from a pool of 50000) in the LAN. By default dnsmasq has a limit of 150 concurrent requests though.

    Later Downadup versions also used massive udp scanning to create a private P2P to download "updates".

    I just found the related topic i'll start reading asap.
     
  61. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    It kinda surprised me that over the last week no update was skipped but
    truly enough It's a good thing to have such domain updates as early is possible.
     
  62. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    Would this be the correct way to use iptables to enforce a connection limit for pixelserv?
    Code:
    PXL_IP="192.168.1.2"
    lip=$(nvram get lan_ipaddr)
    lnm=$(nvram get lan_netmask)
    
    iptables -I INPUT -p tcp  -s $lip/$lnm  -d $PXL_IP --dport 80  -j DROP
    iptables -I INPUT -p tcp  -s $lip/$lnm  -d $PXL_IP --dport 80 -m limit --limit 50/s --limit-burst 50 -j ACCEPT
     
  63. srouquette

    srouquette LI Guru Member

    I don't know about that, I'm not good with iptables :)
     
  64. mstombs

    mstombs Network Guru Member

    Code:
    /* clean way to flush read buffers and close connection */
    if (shutdown (new_fd, SHUT_WR) == 0) {
        while ( read (new_fd, buf, sizeof buf) > 0 );
    }
    I copied that from somewhere, there also equivalent in the perl, I hope sizeof is converted at compile time, maybe should use CHAR_BUF_SIZE as a constant to be sure!

    It should keep reading till EOF or other error returned, but most requests are fairly small, so expect to fail on second read

    There's also a variable in the config which limits queued requests in the kernel
    #define BACKLOG 30
    I think that's just inherited from the perl version.

    There may be a limit of 16 spawned sub-processes - but not sure where/how!

    iptables command looks good, maybe could remove port check even to limit anything attacking anything on router?

    There's a little script I use in the download (from Linux PC) to time 500 consecutive pixel requests - I have also launched several copies in parallel while monitoring "top" on the router - during testing... I guess it needs to be updated to count no of failures to see if rate limit can work...
     
  65. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    It should work fine. I even checked with a modified hello world to print sizeof buf over ubuntu.

    It looks like standard approach the only difference being it doesn't need to store the number of byes read.

    I might be wrong but the only part that spawn a subprocess would be

    Code:
    if ( !fork () ) { 
    /* this is the child process */
    close (sockfd); /* child doesn't need the listener */
    
    ...
    
    But since the queue is 30 shouldn't this generate up of 29 additional instances? :confused:



    I attempted to test with
    Code:
    #!/bin/bash
    PXL_IP="192.168.1.2"
    for i in {1..500}
    do
    echo -e "HEAD / HTTP/1.1\r\nHost: $PXL_IP\r\nConnection: close\r\n"|nc -z $PXL_IP 80
    done
    Without rate limiting I can see at most two pixelserv processes.

    Using the rate limit it looks worse :confused:
    Running ps multiple times I can see multiple pixelserv (even 51 instances)
     
  66. mstombs

    mstombs Network Guru Member

    Its possible old copies already gone before ps get s to the end of the list, I assumed some kernel limit to number of sub-processes - not queue of connections waiting to be accepted. Will investigate further.

    Can you confirm they do eventually go away? There was a problem in an earlier version of the code, where they didn't always, and I found tomatousb kernel versions generally much faster at clearing up old connections ("netstat -an" on router) to which each instance attached.
     
  67. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    I thought the queue could indirectly affect the maximum number of spawned instances.
    It probably still does somewhat but since the queued requests get contrinually handled the limit is not strict as I thought.

    EDIT: Usually the instances go away. In some cases 4-6 instances remain unterminated (and in netstat all remaining PXL_IP got FIN_WAIT2) . I'm using build 52 nousb std.

    Downgrading --limit-burst to 1 still let many pixelserv instances in a ps output.
    using netstat without rate limiting all connections to PXL_IP appear as TIME_WAIT
    with rate limits there is a wider range of different states.

    I modified the script to add runtime
    Code:
    #!/bin/bash
    PXL_IP="192.168.1.254"
    CNTA=$(date +%s)
    for i in {1..500}
    do
    echo -e "HEAD / HTTP/1.1\r\nHost: $PXL_IP\r\nConnection: close\r\n"|nc -z $PXL_IP 80
    done
    CNTB=$(date +%s)
    
    echo Runtime $(($CNTB-$CNTA)) sec
    Without rate limiting it takes 17 sec

    With rate limiting (burst = 1) 172 sec

    Though rate limit affect runtime the ps output make it look like the requests get passed to pixelserv in nearly simultaneous batches at a fixed rate.
     
  68. mstombs

    mstombs Network Guru Member

    I think you should try changing your iptables command to only drop new connection requests. an example with "-m state --state NEW" example (on different port) here:-

    http://infodepot.wikia.com/wiki/Asiablock

    If you watch the comms between browser and pixelserv, there's quite a polite conversation going on!

    I thought I had fixed FIN_WAIT2 - do they go after 15 seconds or so?
     
  69. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    A PC reboot apparently fixed FIN_WAIT2 which was occurring more frequently along with zombie pixelserv.

    Zombie pixelserv (which regenerate FIN_WAIT2 as soon it expires) occurs more often while testing iptables rules.

    Without custom iptables rules none of this appear to occur (though I tested more frequently countless of iptables rule variants)

    I tested (as per asiablock)
    Code:
    PXL_IP="192.168.1.2"
    lip=$(nvram get lan_ipaddr);lnm=$(nvram get lan_netmask)
    iptables -I INPUT -p tcp --syn -s $lip/$lnm  -d $PXL_IP --dport 80 -j DROP
    iptables -I INPUT -p tcp  -s $lip/$lnm  -d $PXL_IP --dport 80  -m state --state NEW  -m limit --limit 60/s --limit-burst 60 -j ACCEPT
    iptables -L INPUT
    the burst rate doesn't appear to affect the maximum number of concurrent pixelserv like in previous posts.
    These rules will cause at least one zombie pixelserv (+ FIN_WAIT2 )

    I also tested (as per Stop brute force attacks with these iptables examples)

    Code:
    PXL_IP="192.168.1.2"
    lip=$(nvram get lan_ipaddr);lnm=$(nvram get lan_netmask)
    iptables -I INPUT -p tcp -s $lip/$lnm -d $PXL_IP --dport http -m state --state NEW -m recent --update --seconds 1 \
    --hitcount 60 -j DROP
    iptables -I INPUT -p tcp -s $lip/$lnm -d $PXL_IP --dport http -m state --state NEW -m recent --set
    

    Even with those I still get one zombie pixelserv. This rule don't trigger so many concurrent pixelserv instances as the early examples in previous posts I made.

    Rule issues aside. I noticed that in nc output (without the -z argument) few replies are missing the first H charachter (TTP instead of HTTP)
     
  70. mstombs

    mstombs Network Guru Member

    Well you've given me a way to generate those "TIME_WAIT2"s so it proves the 'fix' I had using "SO_LINGER2" doesn't work. The dormant processes are not true "zombies", but I have now caught a couple....
     
  71. ~nephelim~

    ~nephelim~ Networkin' Nut Member


    Did you get a missing character from few replies (TPP/1.1 200 OK) as well?
    I was wondering it it is only a nc artifact.

    I just read the definition of zombie from wikipedia. I wasn't able to come with a different name at the time.:blush:
     
  72. mstombs

    mstombs Network Guru Member

    I didn't get any output from nc ... on ubuntu
    I do from nc on unslung slug, but then the for loop of script doesn't work...
     
  73. srouquette

    srouquette LI Guru Member

    Yep, all you have to do is put the script in WAN Up and reboot your router. It's already pre-configured, I just explained what it does if someone wants to tweak it.
     
  74. der_Kief

    der_Kief Super Moderator Staff Member Member

    Hi,

    Is this script safe ? No backdoors or anythng else? I'm in doubt with the encrypted part :( Sorry but i'm a liitle paranoid with security issues :biggrin:

    der_Kief
     
  75. dkirk

    dkirk LI Guru Member

    The malwaredomains site mentions on the home page that we should be downloading from a mirror:

    Please download files from mirror if possible: http://mirror1.malwaredomains.com/files/

    Is there any reason we aren't with this script?
     
  76. srouquette

    srouquette LI Guru Member

    @der_Kief: I posted the encrypted part under the main script, you can generate it yourself if you want.
    I will add a note about that :)

    @dkirk: ah ok, I didn't know. At first we used the mirror, then we switched to www.
    I will set back the mirror, thanks for the feedback.


    I updated TomatoUSB to build 53 and dnsmasq doesn't work anymore, does anyone else experience this problem ?
     
  77. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    I ran it on build 53 for K2.4 and it worked fine. I even reset the connection to launch it twice in a row.

    I had some unrelated issue with the new build for K2.4 so I tested after resetting NVRAM and disabling QOS.
     
  78. srouquette

    srouquette LI Guru Member

    ok thanks. I rolled back to build 52 because there were some problems in 53, I'll try again with the next build.
     
  79. tmr250z

    tmr250z Addicted to LI Member

    Dnsmasq works for me with Adblock on build 53, but I did notice something odd though. Before adblock runs, the cachesize is 1500, but after it's running the cachesize drops down to 150.

    All my settings are exactly the same as they were in build 52. I cleared the NVRAM and manually restored them.

    From the log:

    Code:
    Dec 31 19:00:08 router daemon.info dnsmasq[477]: started, version 2.55 cachesize 1500
    Dec 31 19:00:28 router daemon.info dnsmasq[521]: started, version 2.55 cachesize 1500
    Nov 29 17:59:56 router daemon.info dnsmasq[1108]: started, version 2.55 cachesize 150
    Does anyone notice something similar?
     
  80. dkirk

    dkirk LI Guru Member

    I am running VicTek 8652. I have in the log the initial 1500 and then a second 2048 but that second one is coming from the ADD_CONF="Y" setting in AdBlock. Try setting that value to Y and see what happens.
     
  81. Beast

    Beast LI Guru Member

    Im haveing problems with Qos, keeps erroring out with invalid ports specified. Im using Toastman's Qos settings. For now im just going to disable QOS.
    I also see the cache size set to 150. In the 53 notes he states he has removed the cache size setting form the gui and says to set it in the costume setting area.
     
  82. tmr250z

    tmr250z Addicted to LI Member

    Yes, when I set the ADD_CONF value to Y, the cachesize is 2048 after Adblock is loaded, but that's only because Adblock changes it to that. I've always left ADD_CONF set to N, so that the cache would be the default size implemented by TomatoUSB. In build 52, the default size was 4096, in build 53 it's 1500. And that's the size it should remain with ADD_CONF turned off. But somehow it reverts to 150 after Adblock is loaded. That's really strange because 150 is the default cachesize in Original Tomato…
     
  83. srouquette

    srouquette LI Guru Member

    Yes, he removed the cache size settings, but I don't know if he removed the other settings (dhcp-authoritative, log-async).

    http://tomatousb.org/changelog

    "Dnsmasq: restored TFTP support in all editions, added support for scripts to Extras editions, removed cache size settings from GUI (set to 1500 by default, can be overridden via Custom Configuration)."
     
  84. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    only dhcp-authoritative is there. no log-async
     
  85. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    I see what you mean.

    If ADD_CONF=N you'll get cache=1500 while tomato itself restarts dnsmasq (eg GUI Advanced >DHCP / DNS) and 150 when adblock start dnsmasq using dnsmasq --conf-file command.

    That is a result of the new design in build 53.

    When no cache size setting is specified in dnsmasq.custom , Build 53 will override dnsmasq default (150) during normal operation ( or when service dnsmasq start command is used) but will leave full control over cache size to plain dnsmasq command

    When build 53 optimization is active ps output will result in dnsmasq -c 1500 --log-async so it might even be possible to detect this and warn adblock users to enable ADD_CONF
     
  86. srouquette

    srouquette LI Guru Member

    I'm currently arguing with them about this problem and the previous crash I only had.
    http://tomatousb.org/forum/t-287572/build-53-problem-with-dnsmasq

    They recommend to add "conf-file=..." in custom dns conf, that's what we (sorta) do when you USEHOSTS, but we still duplicate /etc/dnsmasq.conf to add this line, while ray123 directly add it to the main conf.
    I think you already mentioned we should do something like that too.

    What would happen if there's a problem in the hosts file, would it crash dnsmasq ?
    If you put this line in the conf and try to restart dnsmasq but it crashes, you may not be able to start it again...

    So, what do you think we should do about that, nephelim ?
    And sometimes I like to disable adblock to test some stuff, I put the adblock script on the LED button to restart dnsmasq with or without it.
    It seems to be impossible if you add this line to the default conf.
     
  87. ~nephelim~

    ~nephelim~ Networkin' Nut Member


    I used the alternate loading way so far for mere cosmetic reasons (else I didn't get QOS details to resolve LAN IPs).

    I will check if it would be possible to add cache and async options directly to dnsmasq command (at glance it didn't work) but the original script ran fine with ADD_CONF=Y (I will doublecheck).

    EDIT: the additional parameters are added to the alternate config files so there would be no problem for dnsmasq.conf if these files contains errors.

    EDIT2: The way build 53 load the cache optimization is not carried by changing dnsmasq.conf and dnsmasq.custom (those files are left unchanged when dnsmasq cache 1500 is active)
     
  88. srouquette

    srouquette LI Guru Member

    What do you mean by alternate loading way ? :)
    So, ADD_CONF=Y doesn't crash dnsmasq anymore if there are duplicate entries ?
     
  89. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    The dnsmasq.custom workaround paired with service dnsmasq start.

    It appear possible to duplicate dhcp-authoritative without failing dnsmasq start


    Code:
    service dnsmasq stop
    cat /etc/dnsmasq.conf > /etc/dnsmasq.test
    echo "dhcp-authoritative"  >> /etc/dnsmasq.test
    echo "dhcp-authoritative"  >> /etc/dnsmasq.test
    echo "dhcp-authoritative"  >> /etc/dnsmasq.test
    dnsmasq  --conf-file=/etc/dnsmasq.test
    The current way works fine

    Code:
    service dnsmasq stop
    cat /etc/dnsmasq.conf > /etc/dnsmasq.test
    echo "dhcp-authoritative"  >> /etc/dnsmasq.test
    echo "cache-size=2048"  >> /etc/dnsmasq.test
    echo "log-async=5"  >> /etc/dnsmasq.test
    dnsmasq  --conf-file=/etc/dnsmasq.test

    It should be also possible to add the commands directly.


    Code:
    service dnsmasq stop
    cat /etc/dnsmasq.conf > /etc/dnsmasq.test
    dnsmasq  --cache-size=1024 --conf-file=/etc/dnsmasq.test
    It would be also possible to add some compliance test. (if dnsmasq --test -C $GEN ; then )

    It is not really strict though.

    Code:
    service dnsmasq stop
    cat /etc/dnsmasq.conf > /etc/dnsmasq.test
    echo "address = /foo.bar/  0.0.0.0"  >> /etc/dnsmasq.test
    echo "address=  / /0.0.0.0"  >> /etc/dnsmasq.test
    dnsmasq  --cache-size=1024 --conf-file=/etc/dnsmasq.test
     
  90. srouquette

    srouquette LI Guru Member

    ok, thanks for the feedback :)
    I'll see what I can do when I'll have some time.
     
  91. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    You're welcome. :)

    There will be a new build for K2.4 which solves the QOS issue mentioned earlier by Beast.

    Probably tomorrow if no other critical issue is confirmed meantime.
     
  92. srouquette

    srouquette LI Guru Member

    yea, but we'll still have to do something about how adblock load the conf.
    it changes everytime there's a new build lately :-/
     
  93. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    One more thing:

    It should be possible to chain more hosts on one line

    Code:
     address=/host1/host2/0.0.0.0
    so it would be possible to decrease memory footprint until the config is loaded.

    each line of dns poisoning conf add 16 bytes to each address.

    eg: Grouping 5 addresses on 22579 hosts will consume 289 kb less (4/5 overhead missing)
     
  94. srouquette

    srouquette LI Guru Member

    nice :)
    isn't there a difference in the domain resolution speed if we use this ?
    I don't know how dnsmasq manages the configuration, if it creates a tree or something...
     
  95. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    There should be no speed advantage.

    I didn't account that memory dynamics during script execution are still obscure.

    When it reach that address=/host/0.0.0.0 step in the code there should be only one file (mv -f $TMP $GEN in OPT() ) but if at any time the memory usage during OPT execution(awk+sort) is double the initial host list (full $TMP + full $GEN ) any memory reduction after that would be useless. :unsure:

    I gave a look at /proc/kcore and found the addresses written in plaintext (so probably no hash is used for matching cached hosts during resolve) but it looks like hosts are part of a structured data since they appear to be padded with a variable number of binary data.

    Copying /proc/kcore with winscp on build53 won't stop. :confused:

    I recall that in build 52 it stopped after 16MB.

    EDIT: I tested a second time and it worked fine.
    Hex output looks like
    Code:
    ads.reviewcentre.com
    ........Y......5À¨.þ
    ....................
    ....................
    ........@ÃW.........
    ........ØÃW.....!...
    adserver.revision3.c
    om......Y......5À¨.þ
    ....................
    ....................
    ........¸ÃW.........
    ........HÃŽW.........
    www.revisitors.com..
    Y......5À¨.þ........
    ....................
    ....................
    0ÃŽW.................
    ¸ÎW.........
     
  96. srouquette

    srouquette LI Guru Member

    ok. no need to change this if we don't gain anything :)
     
  97. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    after all chance for advantages is doubtful considering that awk/sort probably cause the highest peak of memory usage.

    I read tomatousb.org topic. I guess teddy_bear point was that dnsmasq could be restarted for reasons outside ad-block script control.

    The condition implicit in the approach they described is also to not delete adblock configuration files so they would be loaded again if tomato restart dnsmasq thus preventing dnsmasq in-memory blacklist to be lost and adfiltering to be inactive until the next wanup or cron update.
     
  98. seraphsf

    seraphsf Addicted to LI Member

    I'm not sure this is the same as zombie processes but when I run the ps command in the Tools\System Commands I see a bunch of /tmp/pixelserv processes. They don't die and they start to grow to a point where I have to kill the process as memory starts to get low.

    ...
    18271 root 488 S /tmp/pixelserv 192.168.1.2
    18505 nobody 3316 S dnsmasq --conf-file=/tmp/gen
    19045 root 488 S /tmp/pixelserv 192.168.1.2
    19500 root 488 S /tmp/pixelserv 192.168.1.2
    19790 root 488 S /tmp/pixelserv 192.168.1.2
    19892 root 488 S /tmp/pixelserv 192.168.1.2
    19893 root 488 S /tmp/pixelserv 192.168.1.2
    19905 root 488 S /tmp/pixelserv 192.168.1.2
    19908 root 488 S /tmp/pixelserv 192.168.1.2
    19925 root 488 S /tmp/pixelserv 192.168.1.2
    19941 root 488 S /tmp/pixelserv 192.168.1.2
    19944 root 488 S /tmp/pixelserv 192.168.1.2
    19968 root 488 S /tmp/pixelserv 192.168.1.2
    20312 root 1088 S httpd -s
    20313 root 1160 S /bin/sh /tmp/.wxrTLdlm
    20317 root 1156 R ps ​


    Is there something I can do to get rid of these zombies?
     
  99. srouquette

    srouquette LI Guru Member

    Yep, I understand that.
    And ray123 seems to confirm in his last post that dnsmasq will quit if it can't load his custom file. I wonder if he understands what it implies...
    Mistakes happen and someone can leave an error in a hosts file, it already happened to me multiple times. So if the default dnsmasq settings contains an error, dnsmasq will quit, he won't be able to restart it easily, he will have to delete some lines in his conf file.
     
  100. ~nephelim~

    ~nephelim~ Networkin' Nut Member

    It would be appropriate to script a failsafe approach even when using dnsmasq.custom.
    There is no really need to delete all or part of dnsmasq.custom, though.
    Replacing the additional adblock file with a 0 byte one (rm+touch) will work just fine.
     

Share This Page