Aug 142015

Thursday Malware bytes reported on an ad server pushing malware via various exploits.

Checked my network and I’m already blocking at the router.  I have no idea why more people don’t do this, likely not all that many are running linux based routers or don’t have access. For those that do, here’s my simple script which runs weekly:

mkdir /tmp/hostupdate
cd /tmp/hostupdate

# copy local host definitions into hosts file first
cp /etc/hosts.local /etc/hosts

# we only want the host lines, no local host or comments.
grep -vE ‘localhost|#’ hosts.txt >> hosts.clean

# change to blackhole server
sed ‘s/’ hosts.clean >> /etc/hosts

# cleanup
cd /etc
rm -Rf /tmp/hostupdate

/etc/init.d/dnsmasq restart

Because I have other blocks and static hosts, I have a hosts.local file in /etc/ that is added to the hosts and obviously this system is my DHCP and DNS server for my local network.  People could of course shoot themselves in the foot a variety of ways, mostly by using a hardcoded DNS.. however if someone wants to do that.. so be it..