Thursday Malware bytes reported on an ad server pushing malware via various exploits.
Checked my network and I’m already blocking adspirit.de at the router. I have no idea why more people don’t do this, likely not all that many are running linux based routers or don’t have access. For those that do, here’s my simple script which runs weekly:
# copy local host definitions into hosts file first
cp /etc/hosts.local /etc/hosts
# we only want the host lines, no local host or comments.
grep -vE ‘localhost|#’ hosts.txt >> hosts.clean
# change 127.0.0.1 to blackhole server
sed ‘s/127.0.0.1/127.0.0.255/g’ hosts.clean >> /etc/hosts
rm -Rf /tmp/hostupdate
Because I have other blocks and static hosts, I have a hosts.local file in /etc/ that is added to the hosts and obviously this system is my DHCP and DNS server for my local network. People could of course shoot themselves in the foot a variety of ways, mostly by using a hardcoded DNS.. however if someone wants to do that.. so be it..