Diversion Diversion - the Router Ad-Blocker

[Sas]

Install the Pixekserv CA in your client machine following the instructions in the wiki: https://github.com/kvic-z/pixelserv...ificate#import-pixelserv-ca-on-client-devices

Importing the CA is recommended for a smoother experience. The message is saying that the app does not recognize the Certificate Authority that signed the SSL certificate for the blocked domain cdn.segment.com (it’s in the Standard blocklist). Once you import the CA, it will be trusted and the messages should disappear.

If the error persists after doing that you can whitelist cdn.segment.com in Diversion (el option).

I THOUGHT I had completely trusted that cert, but upon closer examination I noticed that while it was indeed added to my system keychain, it was NOT fully trusted. Changing those settings has resolved my issue. Thanks!

 

[thelonelycoder]

Did malwarebytes just remove all their hosts files? I get redirected to a 404 page: https://www.malwarebytes.com/browserguardpha.txt

Example:
https://hosts-file.net/ad_servers.txt

EDIT:
https://forums.malwarebytes.com/topic/257401-inquiry-regarding-automated-processing-of-hosts-files/

I'm not using words to express my disappointment, let's just say it would contain a lot of #!@$ characters
I'm looking into it ASAP, Diversion uses these lists for the Large Medium and Plus hosts.

 

[thelonelycoder]

I believe Skynet dropped the ipset lists that contained these destinations once the Plus hosts option was available, because there were too many false positives in Skynet back in the day. I don't think Skynet changes its behavior today if you do or don't have Plus hosts enabled. Maybe @Adamm can offer the history of that transition.

@Adamm asked me to add the Plus option into Diversion, to cut down on false positives and off load a large number of domains to where to Diversion that better handles domains.
We'll sort the HpHosts/Malwarebytes desaster out as soon as possible.

 

[Rici]

Hi all,

Since my USB stick died and I now have another one attached to my RT-AC86U: How to get rid of the remainders from my previous Diversion, Skynet, pixelserv etc. installation?

As it looks like, some stuff - such as amtm - survived the USB stick swap and router reboot, since I haven't had to install them again, because they were already there.
Thus I want to make sure I get a fresh start and no complications from previous installation leftovers.

How to perform such a fresh start?

 

[thelonelycoder]

Hi all,

Since my USB stick died and I now have another one attached to my RT-AC86U: How to get rid of the remainders from my previous Diversion, Skynet, pixelserv etc. installation?

As it looks like, some stuff - such as amtm - survived the USB stick swap and router reboot, since I haven't had to install them again, because they were already there.
Thus I want to make sure I get a fresh start and no complications from previous installation leftovers.

How to perform such a fresh start?

amtm resides in /jffs/ and /usr/sbin/ which are non-volatile directories on the router.

Diversion and Skynet will fix things during install, no need to remove any files. pixelserv-tls will be installed during the Diversion install.

 

[thelonelycoder]

@Adamm asked me to add the Plus option into Diversion, to cut down on false positives and off load a large number of domains to where to Diversion that better handles domains.
We'll sort the HpHosts/Malwarebytes desaster out as soon as possible.

@Adamm and I have decided to remove the Plus hosts functionality in Skynet and Diversion.
We may revisit this topic sometime in the future but for the time being the functionality and files will be auto-removed in Diversion with the next update.

 

[Ubimo]

What about the false positives and off load?

 

[thelonelycoder]

What about the false positives and off load?

Corona will take care of that, I'm sure
Those were outbound blocks from Skynet, offloaded to Diversion for simplicity. There is or will be an IP based equivalent blacklist out there, someone just has to find it. It then can be used in Skynet directly.

 

[thelonelycoder]

http://sysctl.org/cameleon/hosts

FYI: This file is no longer updated.

 

[HairyA00]

FYI: This file is no longer updated.

Removing it, I went from 93,470 domains to 83,625. I may keep it around (for now), but appreciate the heads up.

 

[thelonelycoder]

Diversion 4.1.11 is now available

What's new in Diversion 4.1.11
- The d menu now has a Diversion restart option
- Fixes bug where the Mimimal blocking list is renamed to Custom when blocking list fast switch fs is enabled.
- The update function now also runs some essential router settings checks, just as the install function does.
- Removes blocking file Plus hosts functions and files (for Skynet), this feature has been discontinued. The hosts-file.net domain no longer serves hosts files.
- Removes any hosts-file.net host in the hostslist and hostslist_fs files.
- Medium blocking file now uses hostfiles.frogeye.fr first-party trackers instead of hosts-file.net ad_servers. This comes only into effect when (re)selecting the list.

How to update
Use u to update to this latest version.

 

[Ubimo]

During the update I get this, "no such file or directory", should I worry?

 i  Initializing Diversion

  ✔  blocking list
grep: /opt/share/diversion/list/hostslist_fs: No such file or directory

  i  Restarting Dnsmasq
  i  Waiting for Dnsmasq to restart...
  ✔  Dnsmasq restarted

  i  Checking dnsmasq.conf entries
  ✔  Additional hosts

  i  Checking cron jobs
  ✔  cron file found
  ✔  blocking list update

  ✔  Diversion Lite v4.1.11 auto-update complete

 

[thelonelycoder]

During the update I get this, "no such file or directory", should I worry?

 i  Initializing Diversion

  ✔  blocking list
grep: /opt/share/diversion/list/hostslist_fs: No such file or directory

  i  Restarting Dnsmasq
  i  Waiting for Dnsmasq to restart...
  ✔  Dnsmasq restarted

  i  Checking dnsmasq.conf entries
  ✔  Additional hosts

  i  Checking cron jobs
  ✔  cron file found
  ✔  blocking list update

  ✔  Diversion Lite v4.1.11 auto-update complete

No, it's just a coding sloppiness.
Edit: Fixed.

 

[machinist]

I'm new to Diversion, and this is the setup I would like (ideally):

Have ad-blocking enabled on my TV (for YouTube etc.) and not for anything else (no other device on the network)

Is this possible? If so, how would I go about this? Would it be possible using specific ports somehow?

I looked in the manual and couldn't find anything describing this. My apologies if this is not the place to ask.

 

[HairyA00]

I'm new to Diversion, and this is the setup I would like (ideally):

Have ad-blocking enabled on my TV (for YouTube etc.) and not for anything else (no other device on the network)

Is this possible? If so, how would I go about this? Would it be possible using specific ports somehow?

I looked in the manual and couldn't find anything describing this. My apologies if this is not the place to ask.

It's possible with DNS filter. Set the global filter to go somewhere else upstream, like 9.9.9.9 and set each client on the network in the exceptions at the bottom. You'd be doing the opposite of what the FAQ says:
https://diversion.ch/faq-reader/how-to-exclude-a-client-from-ad-blocking.html

You cannot block YouTube ads with a DNS sinkhole:
https://diversion.ch/faq-reader/can-diversion-block-youtube-ads.html

 

[Rici]

amtm resides in /jffs/ and /usr/sbin/ which are non-volatile directories on the router.

Diversion and Skynet will fix things during install, no need to remove any files. pixelserv-tls will be installed during the Diversion install.

Thank you!

Since I seem to be able to get to the former (suspected to be corrupted) USB stick again - at least briefly: Where the Diversion whitelist / blacklist files are stored?

 

[dugaduga]

I am using archive.org's backups of host-file hosts... why don't you use backup urls? those domains could remain malicious for decades. Is there going to be any problem or lesser functionality using these lists with the latest version of diversion & skynet? would be nice if you left that as an option for people who use backup urls.

 

[Khadanja]

What are these entries in my screenshot? Why mine always 0?

 

[GregS]

What are these entries in my screenshot? Why mine always 0?

You haven't manually added anything to those lists, to explicitly whitelist or blacklist a domain.

 

[SomeWhereOverTheRainBow]

What are these entries in my screenshot? Why mine always 0?

whitelist, blacklist, and wildcardblacklist