AB-Solution - The Ad Blocking Solution

[thelonelycoder]

Hello!
Thank you so much for this wonderful and necessary program!
Perhaps the program menu in Russian?

That is too much work, very hard to maintain and way too complicated for a shell script.
Since this is a one man project I decided against it for AB-Solution 4.0.
I only speak two languages and if I have to depend on someone else to translate it, it makes collaboration too complicated.

 

[elorimer]

I can give you part of the answer. A tracert to your pixelserv address will always show the first entry in your blacklist. Have a look at #839 in the pixelserv thread, and some posts before and after that. https://www.snbforums.com/threads/p...bserver-for-adblock.26114/page-42#post-362018

 

[thelonelycoder]

So can you explain why anbtr.com is constantly always listening?

Also a tracert to my ab-solution pixelserver 192.168.1.3 always shows anbtr.com. If I do a tracert to anbtr.com it shows my pixelserver ip of 192.168.1.3. I'm really confused. Especially why that darn website is constantly listening.

As @elorimer said, the first domain entry in the blacklist is the one listed as listening, on behalf of pixelserv-tls.
The reason why is because the blacklist is loaded after the blocking file into Dnsmasq. In its list, the blacklist comes first, then the blocking file.

This domain is listed twice in Netstat: As <domain>:www for port 80 and <domain>:https on port 443 if you have standard pixelserv-tls ports in use.
Nothing to worry about in that area, you can now concentrate how to tweak your brothers devices/behavior

 

[Davidncali001]

Thank you elorimer and thelonelycoder for your answers and reassurance. It was very helpful!

David

 

[MasterBash]

So I tried this on my RT-AC86U and it kills my connection... sometimes.
When I do a factory default on the router and enable all features afterward I am left with 175mb of ram. However, when I try to install ab-solution with big host file(s), I often get out of memory during the installation. Not only that, but it keeps trying to repeat the process over and over and I am unable to actually use the menu to choose another host file. This is the time where my internet randomly stops working (I can still connect to putty and router, but not any websites...)

Not only that, but despite trying to install AB-Maximum, which does not lower my memory below 80mb during the installation, I still get these out of memory errors.

Same happened when I installed pixelserv. It could not install due to a lack of memory, yet I used entware to manually install it and everything went fine.

So today I installed a swap file to make sure everything runs ok. I did not try to install a bigger host file to block more stuff, as I got only 30mb left of ram left with a swap file and a host file that blocks around ~480k, I am kinda afraid that if I try to install AB-Maximum or even the "Large" filter, my internet will stop working period. I do have DNSCrypt to install also and maybe I will try out Skynet too so I will definitely be very low on memory...

 

[thelonelycoder]

So I tried this on my RT-AC86U and it kills my connection... sometimes.
When I do a factory default on the router and enable all features afterward I am left with 175mb of ram. However, when I try to install ab-solution with big host file(s), I often get out of memory during the installation. Not only that, but it keeps trying to repeat the process over and over and I am unable to actually use the menu to choose another host file. This is the time where my internet randomly stops working (I can still connect to putty and router, but not any websites...)

Not only that, but despite trying to install AB-Maximum, which does not lower my memory below 80mb during the installation, I still get these out of memory errors.

Same happened when I installed pixelserv. It could not install due to a lack of memory, yet I used entware to manually install it and everything went fine.

So today I installed a swap file to make sure everything runs ok. I did not try to install a bigger host file to block more stuff, as I got only 30mb left of ram left with a swap file and a host file that blocks around ~480k, I am kinda afraid that if I try to install AB-Maximum or even the "Large" filter, my internet will stop working period. I do have DNSCrypt to install also and maybe I will try out Skynet too so I will definitely be very low on memory...

This is a discussion topic all over here: The 86U has poor memory management. Learn to live with it until this is solved.

I don't understand why you would select repeatedly the largest blocking file when you know you run out of memory.
But then you create a swap file and don't trust it? Make it 1GB, that is plenty and you will never run out of memory again.

And just to make this clear: The Large blocking file is smaller than the Maximum. I would hope the names and wording in the selection make this more than obvious.

 

[MasterBash]

lol, I know the difference between AB-Maximum and Large, I don't know why u assume I don't. I said I am afraid of installing the AB-Maximum one and even the large one is making me a bit afraid, even tho it is lower in size.

And also I am not sure where I said I am"repeatedly selecting" the large one when I know I run out of memory. I said the app is creating a loop that tries to install the big filters once it fails to install the first time. No matter which option I would select or press e to try and exit or whatever, it would simply loop and try to re-dl the host files. Other than that the only time I tried to install the large one was during a factory reset to test things out, which worked out, until I enabled features on my router. How would I know if its could be working or not if I don't test things out?

The "I don't trust it" part is mostly about the app, as I find it weird that I "run out of memory" with 100mb left, yet entware apps install just fine. Pixelserv-tls being one example of it installing fine in entware but refusing to in ab-solution. However, if it is truly a rt-ac86u problem then ill just stop experimenting as it is working good right now

 

[Xentrk]

Good article

https://techcrunch.com/2017/12/27/t...-are-taking-silent-anti-ad-blocking-measures/

 

[thexile]

I just noticed that ab-solution slows down my Internet connection drastically at least on speedtest.net. I'm on 1 Gbps fibre connection and using an AC68U. Without AB-Solution, I can hit close to 1 Gbps. However with AB-Solution, the benchmark speed drops to 15 Mbps/200 Mbps. Is this behaviour normal?

 

[Xentrk]

I just noticed that ab-solution slows down my Internet connection drastically at least on speedtest.net. I'm on 1 Gbps fibre connection and using an AC68U. Without AB-Solution, I can hit close to 1 Gbps. However with AB-Solution, the benchmark speed drops to 15 Mbps/200 Mbps. Is this behaviour normal?

What about beta.speedtest.net? Malwarebytes throws a lot of alerts when I use the Speedtest sites. Plus, it is able to circumvent host based ad blocking, ads even when using ABS. dslreports.com is an alternative.

 

[thexile]

What about beta.speedtest.net? Malwarebytes throws a lot of alerts when I use the Speedtest sites. Plus, it is able to circumvent host based ad blocking, ads even when using ABS. dslreports.com is an alternative.

I tested on beta.speedtest.net and I do not use Malwarebytes. In fact I have no AV except for Windows Defender.

 

[DonnyJohnny]

There was a time where i used Comodo Internet Security firewall, my speed test never past 500mbps. Once removed, 1 hit 900mbps. If there is some kind of software firewall filtering stuff, maybe a slow computer may slow down the speed test.

Currently I am using AB-solution, SkyNet, Dnscrypt on my AC68U, i am about to hit 800-900mbps in speedtest using flash/html5.

Definitely something is restricting the testing but i doubt it is ab-solution as it is just a dns blocking tool and should not be restricting speed. At most you will see site not able to load or slower in loading due to pixelserv-tls generating cert. But that it...

Have you check it you are testing with the right server? how about other speed test site?

 

[Xentrk]

Have you check it you are testing with the right server? how about other speed test site?

Good point. On one of my VPN tunnels, this and other sites do not detect the right geo loacation and default to a server much farther away. I have to manually change it to the correct location.

 

[thelonelycoder]

lol, I know the difference between AB-Maximum and Large, I don't know why u assume I don't. I said I am afraid of installing the AB-Maximum one and even the large one is making me a bit afraid, even tho it is lower in size.

And also I am not sure where I said I am"repeatedly selecting" the large one when I know I run out of memory.

Well, it sais so here, the often gives it away:

However, when I try to install ab-solution with big host file(s), I often get out of memory during the installation.

Pixelserv-tls being one example of it installing fine in entware but refusing to in ab-solution. However, if it is truly a rt-ac86u problem then ill just stop experimenting as it is working good right now

That might be because you already use a large blocking file and the little more memory AB-Solution uses to install pixelserv-tls with all its checks brings your router to the limit.
Otherwise I see no reason why ps would not install through AB, the commands I use are the same as when you run opkg install...
What AB does and opkg not is to set optimized settings in the pixelserv-tls start script.
And opkg also does not change the ps listening IP to the one AB sets.

 

[elorimer]

Good article

https://techcrunch.com/2017/12/27/t...-are-taking-silent-anti-ad-blocking-measures/

Agreed. It is worth reading the paper these articles were based on. It looked to me like the entirety of their work was based on browser-based adblockers, so not completely applicable to ab-solution and pixelserv-tls. Especially since they set about detecting anti-anti-adblocking by assuming that websites that loaded more slowly with adblocking enabled than without were being affected by the anti-anti response. With ab-solution and pixelserv, the opposite is true.

It looked to me like the anti-anti responses took several forms:

1. They simply reported back to the mothership that ad blocking was in place (nytimes.com).
2. They reported back and then served up a "please whitelist me" message. Here we can see whether ab-solution and pixelserv are triggering the anti-anti. Clearly some sites are triggering, but because pixelserv results in a non-zero element, it may be that ab-s plus pixelserv don't trigger some sites that ab-s alone does.
3. They reported back and then served up a static substitute ad. Nothing to be done about that, and generally those don't bother me.
4. They triggered a substitute javascript. That bothers me a lot.

Anyway, I took away from the underlying paper the conclusion that ab-s plus pixelserv are much more effective and less intrusive than browser-based adblockers, and also more likely to not trigger a response. I would be interested in a more knowledgeable take on the matter.

 

[thelonelycoder]

I just noticed that ab-solution slows down my Internet connection drastically at least on speedtest.net.

That is physically near impossible. It will block domains, but has almost no affect on the speed of your internet connection.
Dnsmasq has to think a millisecond longer to decide whether to forward the request to an upstream DNS server or let the blocking file/blacklist resolve a domain, but that is all.

 

[martinr]

Getting to grips with AB-Solution and pixelserv-tls, after previously having run a malicious-domain and ad blocking DNS server on a Raspberry Pi (not Pi Hole).

Everything seems to be working as it should, except I wanted to see what Pixelserv looks like in action - not that I expect to see a single pixel, especially on a small iPhone. So I entered the pixelserv address into a browser (192.168.1.2:443).

In Safari I see:

Safari cannot open the page because it could not establish a secure connection to the server.

With Firefox:

The owner of 192.168.1.2 has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site.


And another browser reports:

An SSL error has occurred and a secure connection to the server cannot be made.

I can ping the pixelserv server, and an internal port scan shows Ports 80 and 443 are listening. And 192.168.1.2/servstats pulls up the stats page.

I was expecting to see a blank page (with a single pixel in the middle) with 192.168.1.2:443 rather than those browser error messages.

So do I need to fix something or is the response as expected?

Thanks.

 

[thelonelycoder]

Getting to grips with AB-Solution and pixelserv-tls, after previously having run a malicious-domain and ad blocking DNS server on a Raspberry Pi (not Pi Hole).

Everything seems to be working as it should, except I wanted to see what Pixelserv looks like in action - not that I expect to see a single pixel, especially on a small iPhone. So I entered the pixelserv address into a browser (192.168.1.2:443).

In Safari I see:

Safari cannot open the page because it could not establish a secure connection to the server.

With Firefox:

The owner of 192.168.1.2 has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site.


And another browser reports:

An SSL error has occurred and a secure connection to the server cannot be made.

I can ping the pixelserv server, and an internal port scan shows Ports 80 and 443 are listening. And 192.168.1.2/servstats pulls up the stats page.

I was expecting to see a blank page (with a single pixel in the middle) with 192.168.1.2:443 rather than those browser error messages.

So do I need to fix something or is the response as expected?

Thanks.

There is no reason for pixelserv-tls to respond to an empty http or https request for the reason there's nothing to act upon for the built in web-server.
pixelserv-tls reacts to certain requests like ad pictures, js files and such.

It will respond with the stats request on both protocols:
http://<pixelserv IP>/servstats
https://<pixelserv IP>/servstats
However, to respond on the secure https protocol, you need to import the certificate into your device/browser.
The procedure is described in the wiki, look under import:
https://github.com/kvic-z/pixelserv-tls/wiki/Create-and-Import-the-CA-Certificate

To get the cert off of the router, you can use the AB backup function, it includes the cert needed or get the ca.crt from /opt/var/cache/pixelserv/

Edit: I keep forgetting to add that you can test it with any blocked domain in AB-Solution, as for example with doubleclick.net:
https://doubleclick.net/ad.jpg

It will throw an error if this is the first time the domain has been requested, pixelserv-tls needs to create the cert first for that domain. Subsequent requests for https://doubleclick.net/ad.jpg will show you the 1x1 pixel.

 

[martinr]

There is no reason for pixelserv-tls to respond to an empty http or https request for the reason there's nothing to act upon for the built in web-server.
pixelserv-tls reacts to certain requests like ad pictures, js files and such.

It will respond with the stats request on both protocols:
http://<pixelserv IP>/servstats
https://<pixelserv IP>/servstats
However, to respond on the secure https protocol, you need to import the certificate into your device/browser.
The procedure is described in the wiki, look under import:
https://github.com/kvic-z/pixelserv-tls/wiki/Create-and-Import-the-CA-Certificate

To get the cert off of the router, you can use the AB backup function, it includes the cert needed or get the ca.crt from /opt/var/cache/pixelserv/

Edit: I keep forgetting to add that you can test it with any blocked domain in AB-Solution, as for example with doubleclick.net:
https://doubleclick.net/ad.jpg

It will throw an error if this is the first time the domain has been requested, pixelserv-tls needs to create the cert first for that domain. Subsequent requests for https://doubleclick.net/ad.jpg will show you the 1x1 pixel.

Many thanks, @lonelycoder for the detailed explanation. That makes sense now. I did first search for “how to check or test if pixelserv is working” and, not finding anything, I then came up with the flawed idea outlined above.

Thanks again

Martin

 

[thelonelycoder]

Getting to grips with AB-Solution and pixelserv-tls, after previously having run a malicious-domain and ad blocking DNS server on a Raspberry Pi (not Pi Hole).

If not Pi-Hole, then what were you using and what was the reason to abandon it?

Thanks
thelonelycoder / Martin (my given name also)