AB-Solution - The Ad Blocking Solution

[eclp]

I have a small suggestion, if more than cosmetics, but as an improvement - but for a better overview in the router's syslog I would like to see the following. And not just because I'm a decent person... just like tidying it up. Thanks to the great forum I am able to use as a noob the different scripts, first of all AB-Solution, Skynet, DNSCrypt and QoS from @FreshJR. But every developer "cooks his own soup" ("kocht hier sein eigenes Süppchen", one would say in German), at least as far as the issue in the syslog is concerned. In my opinion, @Adamm has implemented this most clearly. If I would be able to change small things with the "simpler" scripts, this would not be possible with AB-Solution, for example.

Oct 14 01:24:05 DNSCrypt: [INFO] dnscrypt-proxy started for boot services
Oct 14 01:24:13 Adaptive QoS: [INFO] Modification Script Started
Oct 14 01:26:06 Skynet: [INFO] Startup Initiated... ( banmalware autoupdate )
Oct 14 01:26:07 DNSCrypt: [Complete] Start dnscrypt-proxy for normal operations
Oct 14 01:27:16 Adaptive QoS: [Complete] Changing container for Unidentified Traffic & Applying Custom Rules
Oct 14 01:27:16 Adaptive QoS: [Complete] Changing minimum alloted bandwidth per QoS category to user defined percentages
Oct 14 01:26:20 Skynet: [INFO] Lock File Detected (start banmalware autoupdate) (pid=1165) - Exiting
Oct 14 01:26:59 Skynet: [Complete] 134859 IPs / 1936 Ranges Banned. 134859 New IPs / 1936 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked!

[INFO], [Complete], [Error]

I am aware of how hard you work on these scripts and how much time it takes. If I agree with this proposal, this request to lean too far out of the window, you simply consider it to be pointless.
Thank you all very much!

 

[thelonelycoder]

I have a small suggestion, if more than cosmetics, but as an improvement - but for a better overview in the router's syslog I would like to see the following. And not just because I'm a decent person... just like tidying it up. Thanks to the great forum I am able to use as a noob the different scripts, first of all AB-Solution, Skynet, DNSCrypt and QoS from @FreshJR. But every developer "cooks his own soup" ("kocht hier sein eigenes Süppchen", one would say in German), at least as far as the issue in the syslog is concerned. In my opinion, @Adamm has implemented this most clearly. If I would be able to change small things with the "simpler" scripts, this would not be possible with AB-Solution, for example.

Oct 14 01:24:05 DNSCrypt: [INFO] dnscrypt-proxy started for boot services
Oct 14 01:24:13 Adaptive QoS: [INFO] Modification Script Started
Oct 14 01:26:06 Skynet: [INFO] Startup Initiated... ( banmalware autoupdate )
Oct 14 01:26:07 DNSCrypt: [Complete] Start dnscrypt-proxy for normal operations
Oct 14 01:27:16 Adaptive QoS: [Complete] Changing container for Unidentified Traffic & Applying Custom Rules
Oct 14 01:27:16 Adaptive QoS: [Complete] Changing minimum alloted bandwidth per QoS category to user defined percentages
Oct 14 01:26:20 Skynet: [INFO] Lock File Detected (start banmalware autoupdate) (pid=1165) - Exiting
Oct 14 01:26:59 Skynet: [Complete] 134859 IPs / 1936 Ranges Banned. 134859 New IPs / 1936 New Ranges Banned. 0 Inbound / 0 Outbound Connections Blocked!

[INFO], [Complete], [Error]

I am aware of how hard you work on these scripts and how much time it takes. If I agree with this proposal, this request to lean too far out of the window, you simply consider it to be pointless.
Thank you all very much!

I have looked into that and did use it in a beta version, 3.8 I believe, for a new option.
However, that log format requires me to change them not only in all scripts but also in the ones already in /jffs/scripts/. Since those in jffs are not normally touched even if you update AB I would have to rewrite them to make all of AB's log output consistent.

I have abandoned that "project" during that beta test and made a note to do it in the next major release, AB-Solution 4.0, which is still a ways out.
AB 4.x will change so much that a complete new install will be necessary anyway. There may be a migration script from 3.9 to 4.x if I have the time and motivation, we'll see.

 

[thelonelycoder]

Nearly missed it and a mildly interesting fact: As is tradition, this is my three thousandth post.

 

[thelonelycoder]

For those testing pixelserv-tls KL-test2, the -l option has been added to the available switches in the ps menu in the addon file pixelserv-tls.add.

There is no version change, enter 12 into the AB-Solution UI to re-download all addons.

See this thread for more info: https://www.snbforums.com/threads/p...bserver-for-adblock.26114/page-27#post-352295

 

[Xentrk]

Just one VPN Client (on this router with this firmware: I now run Tomato Shibby on it, and this Firmware can support 2 VPN Clients to be configured, but only one can run at a time. Now I have on the OpenVPN Client configured the option "Accept DNS configuration" to "Disabled", and the DNS doesn't leak. As there is no Kill Switch on Tomato for VPN, I am doing that by blocking all the interfaces except TUN on the firewall.)

I am willing to try XWRT-Vortex + ABSolution on this R7000 as I would like to have HTTP&HTTPS ad-blocking on the TUN IF (Tomato doesn't support it), QOS on the TUN (Tomato seemingly doesn't support it on the TUN IF, but Lede does - I have Lede on another router), and Policy Rules (or something similar for to have some IP/Clients over VPN and some others routed to WAN/Internet - i.e. Netflix blocks my VPN provider DNS and I think it can detect the location as well and blocks my VPN's IP - such selective routing is possible with Lede, but not with Tomato or at least I do not know how to do it, unfortunately Lede doesn't work on my R7000), but as I have limited time to fiddle around and change firmwares back and forward, I am firstly trying to understand the possibilities and the options of XWRT/Merlin FW, before doing the switch and investing time in having a working configuration on the XWRT.

I did some research on the dns leak issue when using policy rules and saw others complaining about the issue on the DD-WRT and Tomato forums as well. My provider can get around the Netflix VPN block with the purchase of a private IP. It works for me even though my DNS leaks.

 

[Raphie]

after running "12" my pixelserver still says

pixelserv-tls version: v35.HZ12.Kk compiled: Sep 25 2017 19:44:15 options: 192.168.1.2

is this correct?

For those testing pixelserv-tls KL-test2, the -l option has been added to the available switches in the ps menu in the addon file pixelserv-tls.add.

There is no version change, enter 12 into the AB-Solution UI to re-download all addons.

See this thread for more info: https://www.snbforums.com/threads/p...bserver-for-adblock.26114/page-27#post-352295

 

[2992]

I did some research on the dns leak issue when using policy rules and saw others complaining about the issue on the DD-WRT and Tomato forums as well. My provider can get around the Netflix VPN block with the purchase of a private IP. It works for me even though my DNS leaks.

Netflix was just an example. I also have some radio stations which can only be streamed locally/regionally. And other websites.
The idea is to fix this situation or find some solution at the router level, not at the (VPN or local) provider level... and block all those pesky ads on all interfaces if possible.

 

[thelonelycoder]

after running "12" my pixelserver still says

is this correct?

That's correct, if you want to test the pixelserv test versions you have to install the binary manually.
- Go to the GitHub page and download the version for your router: https://github.com/kvic-z/pixelserv-tls/releases
- For ARM routers it's pixelserv-tls.Kl-test2.Entware-ng.armv7softfloat.zip and for MIPS select pixelserv-tls.Kl-test2.mips.zip.
- Extract the zip file and copy the the dynamic file in the /dist/ directory and place it in /opt/bin/ on your router.
- Then stop pixelserv-tls on the router in AB-Solution by disabling ad-blocking with a.
- Rename the existing pixelserv-tls to pixelserv-tls-kk and rename the newly copied test version to pixelserv-tls
- Set permissions 0755 to pixelserv-tls
- Enable ad-blocking

 

[mikeone]

Hey guys,

how can I disable the -z option I can't see it though I am having the last version, well how can I set the cert to Nobody ?

Thanks

 

[thelonelycoder]

Hey guys,

how can I disable the -z option I can't see it though I am having the last version, well how can I set the cert to Nobody ?

Thanks

If you have ever set -z, you can disable it the same way you set it. In ps select "3. Add or remove pixelserv switches" and remove the switch and apply the change.
Note that I have removed the option to set -z as the file path is hard coded into several scripts in AB-Solution. Because of that, setting a differing path than the standard /opt/var/cache/pixelserv would create problems.

If you disable and enable ad-blocking it will change the owner of /opt/var/cache/pixelserv to nobody. Older certs are owned by the root user, newly generated certs by nobody.
That is not a problem, but if you must, run this in a terminal to set the owner to nobody for all:

chown -R nobody /opt/var/cache/pixelserv

 

[Xentrk]

Netflix was just an example. I also have some radio stations which can only be streamed locally/regionally. And other websites.
The idea is to fix this situation or find some solution at the router level, not at the (VPN or local) provider level... and block all those pesky ads on all interfaces if possible.

There are some example scripts that do this in the Selective Routing thread.
https://www.snbforums.com/threads/selective-routing-with-asuswrt-merlin.9311/page-29#post-349474

 

[jimf]

https://www.ab-solution.info/faq-reader/how-to-exclude-a-client-from-ad-blocking.html

@thelonelycoder, thanks this is awesome!

 

[quant88]

Hey guys,
Any idea what the message is directing to? AB solution is running fine though.

This updates installed Entware packages

Collected errors:
* opkg_conf_load: Could not create lock file /opt/var/lock/opkg.lock: Invalid argument.
Installed versions:
opkg version 0.1.8

---------------------------------------------------

1. show pixelserv info
2. show installed packages
3. update pixelserv
4. update and upgrade pixelserv
5. update installed packages
6. update and upgrade installed packages

 

[thelonelycoder]

Hey guys,
Any idea what the message is directing to? AB solution is running fine though.

This updates installed Entware packages

Collected errors:
* opkg_conf_load: Could not create lock file /opt/var/lock/opkg.lock: Invalid argument.
Installed versions:
opkg version 0.1.8

---------------------------------------------------

1. show pixelserv info
2. show installed packages
3. update pixelserv
4. update and upgrade pixelserv
5. update installed packages
6. update and upgrade installed packages

Try this, deleting the lock folder and make new, set rights to it:

rm -rf /opt/var/lock/
mkdir /opt/var/lock
chmod 0755 /opt/var/lock/

Then run one of the options again:
5. update installed packages
6. update and upgrade installed packages

 

[iManuB]

I made a hard reset to the router, formatted the USB stick with the three partitions in EXT2 (AB-Solution, Entware for Pixelserv-tls and Skynet). I just installed AB-Solution and Pixelserv, but it looks like something does not work as it should.

For example, if I go on yahoo.com, I have this announcement:



The image brings the following url: beap-bc.yahoo.com.

I tried to manually insert it into the blacklist, but AB-Solution says it's already present.

Before I did not have this problem. I also tried to erase NVRAM.

How can I see if it's all 100% working?

Thanks so much!

 

[thelonelycoder]

I made a hard reset to the router, formatted the USB stick with the three partitions in EXT2 (AB-Solution, Entware for Pixelserv-tls and Skynet). I just installed AB-Solution and Pixelserv, but it looks like something does not work as it should.

For example, if I go on yahoo.com, I have this announcement:



The image brings the following url: beap-bc.yahoo.com.

I tried to manually insert it into the blacklist, but AB-Solution says it's already present.

Before I did not have this problem. I also tried to erase NVRAM.

How can I see if it's all 100% working?

Thanks so much!

Did you clear your OS and browser cache? Try that first.
Then use the follow the logfile function f, option 1 to see if blocking works.
The blocked domains are the colored entries.

 

[iManuB]

Did you clear your OS and browser cache? Try that first.
Then use the follow the logfile function f, option 1 to see if blocking works.
The blocked domains are the colored entries.

Thanks.

I cleaned up with Ccleaner and, for security, came in with another browser.
Anything! The damn stays there.

Oct 18 18:02:56 dnsmasq[15522]: /tmp/mnt/AB-Solution/adblocking/blocking_file y.analytics.yahoo.com is 192.168.2.2
Oct 18 18:02:56 dnsmasq[15522]: /tmp/mnt/AB-Solution/adblocking/blocking_file geo.query.yahoo.com is 192.168.2.2
Oct 18 18:02:56 dnsmasq[15522]: query[A] csc.beap.bc.yahoo.com from 192.168.2.36
Oct 18 18:02:56 dnsmasq[15522]: /tmp/mnt/AB-Solution/adblocking/blocking_file csc.beap.bc.yahoo.com is 192.168.2.2
Oct 18 18:02:56 dnsmasq[15522]: /tmp/mnt/AB-Solution/adblocking/blocking_file geo.yahoo.com is 192.168.2.2
Oct 18 18:02:56 dnsmasq[15522]: /tmp/mnt/AB-Solution/adblocking/blocking_file yrtas.btrll.com is 192.168.2.2
Oct 18 18:02:56 dnsmasq[15522]: /tmp/mnt/AB-Solution/adblocking/blocking_file shim.btrll.com is 192.168.2.2

The image url is: https://beap-bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3dHZmbHJuMihnaWQkNDRRX0JURXdMaktiZnU4LldlZDhBQy5tTnprdU5BQUFBQUJyNEJMdixzdCQxNTA4MzQyNzg0NjI1NjkwLHNpJDMyMDc1MzIsc3AkMjE0MjE1Mzc1NSxjdCQyNSx5YngkTFA5cUFuX0xxZFpvMWZ0bFRtYzhadyxsbmckaXQtaXQsY3IkNjk4NTY4MzUzMix2JDIuMCxhaWQkM1NtVEdncklFdW8tLGJpJDM3MjkyOTUzMixtbWUkMzQ2NzI2NzEwNjM2NDgyMzc0MSxyJDAscmQkMTM0Mm41cXQyLHlvbyQxLGFncCQ0NzA0ODI1MzIsYXAkTUFTVCkp/0/*https://bs.serving-sys.com/serving/...ck&pli=22838483&PluID=0&ord=1508342784.908948

 

[ColinTaylor]

@iManuB The URL you provided goes to bs.serving-sys.com before redirecting it to beap-bc.yahoo.com. Perhaps you should be blocking bs.serving-sys.com?

https://en.wiki-domains.net/wiki/serving-sys.com#bs.serving-sys.com

 

[thelonelycoder]

Thanks.

I cleaned up with Ccleaner and, for security, came in with another browser.
Anything! The damn stays there.

Oct 18 18:02:56 dnsmasq[15522]: /tmp/mnt/AB-Solution/adblocking/blocking_file y.analytics.yahoo.com is 192.168.2.2
Oct 18 18:02:56 dnsmasq[15522]: /tmp/mnt/AB-Solution/adblocking/blocking_file geo.query.yahoo.com is 192.168.2.2
Oct 18 18:02:56 dnsmasq[15522]: query[A] csc.beap.bc.yahoo.com from 192.168.2.36
Oct 18 18:02:56 dnsmasq[15522]: /tmp/mnt/AB-Solution/adblocking/blocking_file csc.beap.bc.yahoo.com is 192.168.2.2
Oct 18 18:02:56 dnsmasq[15522]: /tmp/mnt/AB-Solution/adblocking/blocking_file geo.yahoo.com is 192.168.2.2
Oct 18 18:02:56 dnsmasq[15522]: /tmp/mnt/AB-Solution/adblocking/blocking_file yrtas.btrll.com is 192.168.2.2
Oct 18 18:02:56 dnsmasq[15522]: /tmp/mnt/AB-Solution/adblocking/blocking_file shim.btrll.com is 192.168.2.2

The image url is: https://beap-bc.yahoo.com/yc/YnY9MS4wLjAmYnM9KDE3dHZmbHJuMihnaWQkNDRRX0JURXdMaktiZnU4LldlZDhBQy5tTnprdU5BQUFBQUJyNEJMdixzdCQxNTA4MzQyNzg0NjI1NjkwLHNpJDMyMDc1MzIsc3AkMjE0MjE1Mzc1NSxjdCQyNSx5YngkTFA5cUFuX0xxZFpvMWZ0bFRtYzhadyxsbmckaXQtaXQsY3IkNjk4NTY4MzUzMix2JDIuMCxhaWQkM1NtVEdncklFdW8tLGJpJDM3MjkyOTUzMixtbWUkMzQ2NzI2NzEwNjM2NDgyMzc0MSxyJDAscmQkMTM0Mm41cXQyLHlvbyQxLGFncCQ0NzA0ODI1MzIsYXAkTUFTVCkp/0/*https://bs.serving-sys.com/serving/...ck&pli=22838483&PluID=0&ord=1508342784.908948

Is pixelserv-tls running? See if it shows the stats page:
http://192.168.2.2/servstats

 

[thelonelycoder]

@iManuB The URL you provided goes to bs.serving-sys.com before redirecting it to beap-bc.yahoo.com. Perhaps you should be blocking bs.serving-sys.com?

https://en.wiki-domains.net/wiki/serving-sys.com#bs.serving-sys.com

I use the shooter40sw blocking file to test this and bs.serving-sys.com is included in one of the hosts files.
I'm not seeing any ads on yahoo at all, except the videos they show in yahoo mail.