Blocking Bad Ad/Malware/Malicious Code/Servers at the Router

I am new here but wanted to contribute what I feel is a big help with bad hosts, adware, spyware, malicious software, and bad servers.

I added the code below to my routers "Startup" and "DNSMasq" entries. It uses the hosts file from Welcome to the MVPs.org home page! to block these bad hosts (servers). It is basically doing the same thing as adding the hosts file to your system locally but this way, you only have to maintain the list on the router.

The way the code is written, it automatically refreshes the file from mvps.org each time you boot your router. I have my router on a scheduled boot each night to refresh the list for any updates added by mvps.org. I have been using this since last August and am very hapy with the results.

The code:

"Startup"
---------
_rogue=0.0.0.0
echo -e "#!/bin/sh\nn=1\nwhile sleep 60\ndo\n\twget -q -O - http://www.mvps.org/winhelp2002/hosts.txt | grep \"^127.0.0.1\" | grep -v localhost | awk '{print \"$_rogue\\\t\"\$2}' | tr -d '\\\015' >/tmp/dlhosts\n" >/tmp/write_dlhosts
echo -e "\t[ \`grep -il doubleclick /tmp/dlhosts\` ] && break\n\t[ \$n -gt 5 ] && break\n\tlet n+=1\ndone\n[ -e /jffs/hosts ] && cat /jffs/hosts >>/tmp/dlhosts\n[ -e /opt/etc/hosts ] && cat /opt/etc/hosts >>/tmp/dlhosts\nkillall -HUP dnsmasq" >>/tmp/write_dlhosts
chmod +x /tmp/write_dlhosts
/tmp/write_dlhosts &

"DNSMasq"
----------------
addn-hosts=/tmp/dlhosts

You will know you have it working because the blocked ads and banners will show up as "Internet Explorer cannot display the web page". I have a small program I run on my server to intercept the calls and send a blank pixel to the requesting system thus eliminating the "Internet Explorer cannot..." message. Instead of the error message, a nice clean blank block is shown making the page look nicer.

Note: There are a couple of applications designed to intercept these calls as well that are *freeware*. Pixelserv and AdServer are the ones I know of.

I am running a third-party firmware on my router (DD-WRT) and it is working great with this in place. If anyone has any questions, I will do the best I can to answer them. I got the code from the DD-WRT forums so I thank the good people who provided a way to do this at the router.

I hope this helps others!

Chris

I thought I would post a screen-shot of the AdServer program running on my server to show the number of intercepts. These numbers have been collecting for about two weeks (since I reset them). I am astounded at the counts :eek:

I got some questions on another board about exactly where in the router GUI to add this code so I have attached some screen-shots to help anyone not familiar. Be sure to click on "Apply" or "Save" at the very bottom of the router GUI to save the code and make it active.

Other notes:
-------------
o The file from mvps.org is about 700k (about 500 printed pages) so you need enough memory left in your router for it to load.

o Give the router time to download and process the file from mvps.org. This can take anywhere from 30 seconds to 3 minutes depending on the speed of your connection and the actual CPU on the router itself. Patients!

o If you use Spybot Search & Destroy or similar to "Immunize" your system, keep doing it! This works well using both solutions to protect yourself.

o If you want to look at the threads on DD-WRT to see where I got this code, visit these links below. You need to sign-up to view the threads though (free). Be warned! These guys on the DD-WRT forms are "hard-core" programmers and do not speak anything but geek!

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=47515&highlight=adblock
and
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=20346&highlight=adblock

o If you decide to add AdServer or PixelServ to clean up the error messages mentioned above, set up a fixed IP on your server and substitute that IP in the _rogue variable in the "Startup" script. If you notice, mine is set up in the screen-shots below.

I'll add any other notes as I find they are needed.