SOCNET

Go Back   SOCNET: The Special Operations Community Network > Areas of Expertise > Technology and Communications

Reply
 
Thread Tools Display Modes
  #1  
Old 25 April 2020, 17:21
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: USA
Posts: 8,849
Block (most) bull-crap

I wrote this today for my Mom. She was complaining about sites that had crap advertisements and annoying other little things. While you can do a lot with some browser plugins that block these kinds of things, this script is at a different level of the stack, notably, your computer.

My mom likes to use Chrome for some things and Safari for others, so instead of duplicating the effort trying to protect both individually, I nipped the bud at the system level.

If you want to get extra slick, this can be popped into your router to protect all systems connecting to your wireless. Need to have something like DD-WRT installed though.

Note #1: this isn't revolutionary. The script sets things up, grabs a decent large list of advertising and malware domains, and then shoves it into your HOSTS file, thus blocking them.
Congrats, I just saved you from $10/month subscription to some lame anti-malware service.

Note #2: this is written for Unix/Linux/MacOS. You'll have to tweak it if you want to do the same on your Windows box.

1. Open a text editor and paste the below quoted text into a file; save it as block.sh
2. Open Terminal (MacOS) and type: chmod u+x block.sh (then hit enter)
3. Type: sudo ./block.sh (then hit enter)
4. Verify your hosts file is populated with all the juicy domains by typing: cat /etc/hosts
5. Profit

Another nerd here can audit the script for a thumbs up that I'm not setting up a reverse shell or introducing some kind of backdoor

Quote:
#!/bin/bash
if ! [ $(id -u) = 0 ]; then
echo "The script need to be run as root." >&2
exit 1
fi

if [ $SUDO_USER ]; then
real_user=$SUDO_USER
else
real_user=$(whoami)
fi
#
mkdir "$HOME/hosts-block"
curl https://raw.githubusercontent.com/St...s/master/hosts > "$HOME/hosts-block/bad.txt"
sudo cat "$HOME/hosts-block/bad.txt" > /etc/hosts
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #2  
Old 26 April 2020, 00:57
assertnull's Avatar
assertnull assertnull is offline
Confirmed User
 
Join Date: May 2011
Location: SE Texas
Posts: 3,122
Any reason not to use $EUID in the first if?
The sudo at the end would be unnecessary if the script itself is run with sudo, no?

I've seen weird behavior with whoami vs logname.
This sucks on my phone. Only other bit, if you're running via Cron, use -s (i.e. curl -k -s $someuri -o ~/hosts-block/bad.txt

Don't see any security concerns though

EDIT: wow, I had no idea euid wasn't universally supported. Nevermind that one!
Reply With Quote
  #3  
Old 26 April 2020, 08:31
Tracy's Avatar
Tracy Tracy is offline
Been There Done That
 
Join Date: Feb 1997
Location: West
Posts: 11,512
I say again, I love this site.
Reply With Quote
  #4  
Old 26 April 2020, 08:32
Tracy's Avatar
Tracy Tracy is offline
Been There Done That
 
Join Date: Feb 1997
Location: West
Posts: 11,512
Any thoughts to making this a stickie?
Reply With Quote
  #5  
Old 26 April 2020, 09:15
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: USA
Posts: 8,849
Quote:
Originally Posted by assertnull View Post
The sudo at the end would be unnecessary if the script itself is run with sudo, no?
Correct. Habit.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #6  
Old 26 April 2020, 09:27
chokeu2's Avatar
chokeu2 chokeu2 is offline
Involuntary Yoga Guy
 
Join Date: Sep 2002
Location: Atlanta
Posts: 3,383
Good one dude. I’d buy you some jerky for that one!

He’s not even kidding about knee capping the malware thieves.
__________________
Latus iustus inferni ,Latus mallum coeli
Donum diaboli, Constatia angeli

"Let's make this weird", ~Mike2CW
Reply With Quote
  #7  
Old 26 April 2020, 10:00
firstshirt's Avatar
firstshirt firstshirt is offline
Been There Done That
 
Join Date: Jul 2011
Location: Montucky
Posts: 1,274
2 questions.

Does it matter where block.sh is saved?
Should macs running os catalina save as block.zsh?
__________________
"A sober man's thoughts are a drunken man's words" - unk.
Reply With Quote
  #8  
Old 26 April 2020, 10:06
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: USA
Posts: 8,849
Quote:
Originally Posted by firstshirt View Post
2 questions.

Does it matter where block.sh is saved?
Should macs running os catalina save as block.zsh?
Doesn’t matter where it’s saved.

zsh and bash are different brands, same product: cli shells. You’ll be able to run this on any version of macOS.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #9  
Old 26 April 2020, 10:06
chokeu2's Avatar
chokeu2 chokeu2 is offline
Involuntary Yoga Guy
 
Join Date: Sep 2002
Location: Atlanta
Posts: 3,383
Quote:
Originally Posted by firstshirt View Post
2 questions.

Does it matter where block.sh is saved?
Should macs running os catalina save as block.zsh?
My Linux chops need a severe refresh but I THINK I had a similar issue on my ex-wifeís mac a few weeks ago.
If I remember correctly this is what fixed it.

Open the terminal application.
- List available shells by typing cat /etc/shells.
- To update your account to use bash run chsh -s /bin/bash.
- Close terminal app.
- Open the terminal app again and verify that bash is your default shell.

If thatís wrong, its not far off, one of the code Jediís like CV should be by as soon as he has enough coffee, and gets last night scrounge out of his face hair.
__________________
Latus iustus inferni ,Latus mallum coeli
Donum diaboli, Constatia angeli

"Let's make this weird", ~Mike2CW
Reply With Quote
  #10  
Old 26 April 2020, 10:08
chokeu2's Avatar
chokeu2 chokeu2 is offline
Involuntary Yoga Guy
 
Join Date: Sep 2002
Location: Atlanta
Posts: 3,383
Quote:
Originally Posted by chokeu2 View Post
My Linux chops need a severe refresh but I THINK I had a similar issue on my ex-wife’s mac a few weeks ago.
If I remember correctly this is what fixed it.

Open the terminal application.
- List available shells by typing cat /etc/shells.
- To update your account to use bash run chsh -s /bin/bash.
- Close terminal app.
- Open the terminal app again and verify that bash is your default shell.

If that’s wrong, its not far off, one of the code Jedi’s like CV should be by as soon as he has enough coffee, and gets last night scrounge out of his face hair.
Since CV is paying attention, I’ll ask a question too:
CV, having done that worked after the update on the mac I did it too, could that have caused problems anywhere else after a fresh update?
Specifically, Office on the mac started acting weird; could that have caused a app error if the app may not have been freshly updated?
__________________
Latus iustus inferni ,Latus mallum coeli
Donum diaboli, Constatia angeli

"Let's make this weird", ~Mike2CW
Reply With Quote
  #11  
Old 26 April 2020, 10:11
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: USA
Posts: 8,849
Changing your default shell shouldn’t have any meaningful effect to non-power users.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #12  
Old 26 April 2020, 10:12
chokeu2's Avatar
chokeu2 chokeu2 is offline
Involuntary Yoga Guy
 
Join Date: Sep 2002
Location: Atlanta
Posts: 3,383
Quote:
Originally Posted by CV View Post
Changing your default shell shouldn’t have any meaningful effect to non-power users.
I didn’t think so either. So it’s likely a simple issue of mixing MS and Mac. Gotta say, Mac’s winning the battle of going back to Mac, from MS personally...
Thank you.
__________________
Latus iustus inferni ,Latus mallum coeli
Donum diaboli, Constatia angeli

"Let's make this weird", ~Mike2CW
Reply With Quote
  #13  
Old 26 April 2020, 10:32
firstshirt's Avatar
firstshirt firstshirt is offline
Been There Done That
 
Join Date: Jul 2011
Location: Montucky
Posts: 1,274
Quote:
Originally Posted by CV View Post
Doesnít matter where itís saved.

zsh and bash are different brands, same product: cli shells. Youíll be able to run this on any version of macOS.
The reason I asked - I saved the file on my desktop. Running the provided script returns the following:

chmod u+x block.sh
chmod: block.sh: No such file or directory
__________________
"A sober man's thoughts are a drunken man's words" - unk.
Reply With Quote
  #14  
Old 26 April 2020, 10:36
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: USA
Posts: 8,849
Open TextEdit and paste that quoted text into the file. Save it and make sure it has the .sh extension and not .txt. In Terminal, make sure you're in the same directory as that file. Type: ls -la
You should see the file you created listed. If not, it was saved somewhere else.

Edit:
More detailed.
1. Open TextEdit. Copy/paste that text I quoted originally into it and save the file as block.sh. Save it to you Desktop
2. Open Terminal and type: cd Desktop/
3. Type: chmod u+x block.sh and hit enter
4. Continue on...
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #15  
Old 26 April 2020, 11:32
firstshirt's Avatar
firstshirt firstshirt is offline
Been There Done That
 
Join Date: Jul 2011
Location: Montucky
Posts: 1,274
Quote:
Originally Posted by CV View Post
Open TextEdit and paste that quoted text into the file. Save it and make sure it has the .sh extension and not .txt. In Terminal, make sure you're in the same directory as that file. Type: ls -la
You should see the file you created listed. If not, it was saved somewhere else.

Edit:
More detailed.
1. Open TextEdit. Copy/paste that text I quoted originally into it and save the file as block.sh. Save it to you Desktop
2. Open Terminal and type: cd Desktop/
3. Type: chmod u+x block.sh and hit enter
4. Continue on...
Thanks
__________________
"A sober man's thoughts are a drunken man's words" - unk.
Reply With Quote
  #16  
Old 26 April 2020, 15:40
Steve788 Steve788 is offline
Registered User
 
Join Date: May 2018
Location: GA
Posts: 205
I'm new to the DD-WRT stuff, but this sure looks interesting!

Just started running a GL iNet GL-MT300N v2, USB
tethered to a Visible phone. Prior to using the router,
I was showing upload volumes MUCH higher than
downloads--just doing web surfing/forums/Amazon/
eBay traffic.

With the router installed, now seeing "normal"
ratios (way more downloaded, than uploaded).
So, that seems good.

Poking around router admin page, found two things:
there's a "firewall" section, and it appears--blank.
Second, it seems like there are options to load/run stuff,
to mod router's parameters.

But, I'm sketchy on this...ideas?

https://openwrt.org/toh/gl.inet/gl.inet_gl-mt300n_v2
Reply With Quote
  #17  
Old 26 April 2020, 17:08
CV's Avatar
CV CV is offline
Authorized Personnel
 
Join Date: Apr 2003
Location: USA
Posts: 8,849
Openwrt is based on Linux, so you can add or modify the /etc/hosts file as described above. I'm not familiar with the User Interface and do nearly everything via command-line, so in this case you'll want to learn about SSH and how to connect to the device to perform the actions describe in my first post.

The added benefit, that I alluded to, is that any device connecting through the Openwrt device will have the same protections, instead of having to modify each individual computer's hosts file. However, when they connect to a different network, said benefits are lost. This is the plus-minus of doing it host based, versus on the router.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #18  
Old 27 April 2020, 22:58
assertnull's Avatar
assertnull assertnull is offline
Confirmed User
 
Join Date: May 2011
Location: SE Texas
Posts: 3,122
The router idea /may/ not work, depending on if it uses dnsmasq, unbound, etc etc.

I know unbound doesn't use /etc/hosts, and a quick Google suggests -h arg for dnsmasq ignores it - whether OpenWRT invokes with the arg or not, don't know. Will try to remember to check Merlin's dnsmasq when I get home.

Anything that relies on glibc resolver library should use it if nsswitch is configured accordingly.

I don't see it going away any time soon for clients, but nameservers less so.

There's bound to be a clever way to fold this list directly into dns without folks having to cobble together a nameserver. That is, assuming it's even necessary (i.e. *wrt using a ns that ignores hosts file)

Then again, this may just be fear porn (x-thread points).

Edit: here we go. This suggests OpenWRT uses knot? Interesting. We benchmarked it to hell and back, figuring if it was good enough for cloudflare, good enough for us. Unbound+dnsdist destroyed it for our workload. https://www.reddit.com/r/openwrt/com...e_hosts_entry/
Reply With Quote
  #19  
Old 28 April 2020, 23:05
assertnull's Avatar
assertnull assertnull is offline
Confirmed User
 
Join Date: May 2011
Location: SE Texas
Posts: 3,122
Expanding on the router idea: for anyone running the Merlin firmware on an Asus router:
https://github.com/RMerl/asuswrt-mer...sing-Pixelserv

The nuts and bolts: pixelserv replaces ads with... nothing. No connerrors, just nothing. First I've heard of it, looks promising - https://github.com/kvic-z/pixelserv-...-pixelserv-tls

It *does* look like it's predicated on a nameserver parsing the hosts file. But instead of sending to loopback, it sends to a tiny webserver that s/.*//g on all ads.

When I'm done feeding half the planet I think I'll grab a new router for my parents' place. They used to run my company's endpoint security product, but we got acquired, and that product is now dead.
Reply With Quote
  #20  
Old 29 April 2020, 09:53
Steve788 Steve788 is offline
Registered User
 
Join Date: May 2018
Location: GA
Posts: 205
Hmmm...may slide the router modding to back burner for
a bit, and tackle something a bit easier, like figuring out
how women think...
Reply With Quote
Reply

Thread Tools
Display Modes

Our new posting rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 08:45.
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, vBulletin Solutions Inc.
Socnet.com All Rights Reserved
© SOCNET 1996-2020