Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » security » pihole
Trace:
internet:security:pihole

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
internet:security:pihole [2019/08/04 19:04]
gcooper 		internet:security:pihole [2021/10/29 10:50]
gcooper
Line 12: Line 12:
  
 https://freek.ws/2017/03/18/public-pi-hole/ https://freek.ws/2017/03/18/public-pi-hole/
 +
 +**CLI**: https://discourse.pi-hole.net/t/the-pihole-command-with-examples/738
 +
 +**Blocklist List**: https://firebog.net/
 +
 +===== Flush DNS Cache =====
 +
 +<file>
 +pihole restartdns reload-lists
 +</file>
  
 ===== Update ===== ===== Update =====
Line 37: Line 47:
 Pi-Hole seems to work fine with only **port 53 (TCP and UDP)** exposed publicly. Pi-Hole seems to work fine with only **port 53 (TCP and UDP)** exposed publicly.
  
-Port 80 needs to be open for the web administration.+Port 80 needs to be open for the web administration, and probably SSH as well.
  
-We use CSF firewall for bastion hosts.+In the CSF firewall, **we do not globally open these ports**, we only open them up to the US using: 
 + 
 +<file> 
 +CC_ALLOW_PORTS = US 
 +CC_ALLOW_PORTS_TCP = 53,22 
 +CC_ALLOW_PORTS_UDP = 53 
 +</file> 
 + 
 +==== Botnet Attack ==== 
 + 
 +=== IP Address List ===
  
-==== Attack ====+:!: You can use this with Mikrotik routers and other devices.
  
-Create an IP list from the last two days:+Create an IP list from the last two days using ''ELDERJUSTICE'' as the search term:
  
 <file> <file>
-cat /var/log/pihole.log |grep query |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq > evildoers.txt +cat /var/log/pihole.log |grep query |grep -v 127.0.0.1 |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq > evildoers.txt 
-cat /var/log/pihole.log.1 |grep query |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq >> evildoers.txt+cat /var/log/pihole.log.1 |grep query |grep -v 127.0.0.1 |grep ELDERJUSTICE | cut -d" " -f9 |sort | uniq >> evildoers.txt
 </file> </file>
 +
 +=== CSF ===
 +
 +We use CSF firewall for bastion hosts.
 +
 +:!: ''LF_SELECT = 0'' means that the rule will block all ports.
  
 RegEx to find IP of attacker of ELDERJUSTICE.GOV: RegEx to find IP of attacker of ELDERJUSTICE.GOV:
Line 60: Line 86:
 </file> </file>
  
-Insert+Inserting this will temporarily block the attacker for one week (604800 seconds)
  
 <file> <file>
Line 79: Line 105:
 </file> </file>
  
-Reboot needed?+Restart CSF:
  
 +<file>
 +csf -ra
 +</file>
 +
 +===== Recursive DNS =====
 +
 +<note important>Add recursion **after** your Pi-Hole is already up and running to your satisfaction.</note>
 +
 +https://docs.pi-hole.net/guides/unbound/
 +
 +The default Pi-Hole is a **forwarding** DNS server.  It forwards queries to upstream DNS servers.
 +
 +The All Around DNS Solution adds **recursion**.   This is important in certain circumstances where queries are limited by IP address, such as free DNSBLs.
 +
 +===== Exclude Some Clients =====
 +
 +:!: Use the **firewall** to block abusive external (recursive) clients.
 +
 +https://www.vikash.nl/exclude-client-devices-with-pi-hole-5/
 +
 +===== Troubleshooting =====
 +
 +If the admin web interface gets wonky, try this as a temporary fix:
 +
 +<file>
 +pihole -f
 +</file>
 +
 +Also try giving PHP more RAM.  The default is 128M, but you can give a lot more depending on your server's physical resources:
 +
 +<file>
 +vim /etc/php/7.2/cgi/php.ini
 +
 +memory_limit = 1024M
 +</file>
internet/security/pihole.txt · Last modified: 2023/02/03 11:00 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki