Aug 142015
 

Thursday Malware bytes reported on an ad server pushing malware via various exploits.

Checked my network and I’m already blocking adspirit.de at the router.  I have no idea why more people don’t do this, likely not all that many are running linux based routers or don’t have access. For those that do, here’s my simple script which runs weekly:

#!/bin/sh
mkdir /tmp/hostupdate
cd /tmp/hostupdate
wget http://winhelp2002.mvps.org/hosts.txt

# copy local host definitions into hosts file first
cp /etc/hosts.local /etc/hosts

# we only want the host lines, no local host or comments.
grep -vE ‘localhost|#’ hosts.txt >> hosts.clean

# change 127.0.0.1 to blackhole server
sed ‘s/127.0.0.1/127.0.0.255/g’ hosts.clean >> /etc/hosts

# cleanup
cd /etc
rm -Rf /tmp/hostupdate

/etc/init.d/dnsmasq restart

Because I have other blocks and static hosts, I have a hosts.local file in /etc/ that is added to the hosts and obviously this system is my DHCP and DNS server for my local network.  People could of course shoot themselves in the foot a variety of ways, mostly by using a hardcoded DNS.. however if someone wants to do that.. so be it..