[Release] AB-Solution 3 - The Ad Blocking Solution

[Netbug]

A standard install of Ab-solution will mean that when a requested host matches the blacklist, dnsmasq will forward to the DNS request to 0.0.0.0 ( null address) instead of to the upstream DNS server. In this case the ad content will simply not be returned. With pixelserv installed, dnsmasq will forward a blacklisted DNS request to the pixelserv IP address instead. Pixelserv will then return a 1x1 pixel transparent image instead of the ad content. the tls (or transport layer security) enhancement means the pixelserv can deal with https requests as well.

Cheers that explains it well, just set it up.

 

[wer55]

Hello, I installed AB solution 3 but I'm having many errors. I have AC56U router configured in Access Point mode (maybe this is the problem) with FW 380.64, when I did the installation some files couldn't be downloaded and I have to do it mannualy (wget), these are some of the errors:

What do you want to do? e

exiting AB-Solution
checking installation state

hosts file needs an update, running now
in silent mode

[: Custom: unknown operand
[: disabled: unknown operand
sed: /adblocking/.config/ab-solution.cfg: No such file or directory
sed: /adblocking/.config/ab-solution.cfg: No such file or directory
hosts-adblock file not found

checking ab-solution.cfg
file found
content looks good

checking update-hosts.add

checking rotate-logs.add

checking cron job hosts update

checking cron job log rotate

checking symlink state
file found
content looks good

checking dnsmasq.conf
/etc/dnsmasq.conf file not found

Errors found.
Read the check's output for clues.


-------------------- Message ---------------------

AB-Solution found errors in your installation.
This needs to be fixed before leaving.

Error(s) found. Type 22 and hit [Enter]
--------------------------------------------------

Hit [Enter] to check now


checking AB-Solution installation

checking /jffs/scripts/dnsmasq.postconf
file found
content looks good

checking /jffs/scripts/post-mount
file found
content looks good

checking ab_dnsmasq_postconf.sh
file found
content looks good

checking white and black list
files found, no further checks

checking hosts-adblock
./ab-solution.sh: line 54: 5: Bad file descriptor

thanks in advanced

 

[thelonelycoder]

Hello, I installed AB solution 3 but I'm having many errors. I have AC56U router configured in Access Point mode (maybe this is the problem) with FW 380.64, when I did the installation some files couldn't be downloaded and I have to do it mannualy (wget), these are some of the errors:



thanks in advanced

AB-Solution only works in Router mode, none of the other modes (AP, Media Bridge ...) use the local DHCP Server and dnsmasq.
The latter is an absolute must for AB-Solution to work.

The Router Mode will be checked in the upcoming 3.1 update.

 

[wer55]

AB-Solution only works in Router mode, none of the other modes (AP, Media Bridge ...) use the local DHCP Server and dnsmasq.
The latter is an absolute must for AB-Solution to work.

The Router Mode will be checked in the upcoming 3.1 update.

thanks,

 

[stambeccuccio]

When final 3.1?

 

[Netbug]

Turned logging on and noticed in log i get for example:

Jan 12 19:38:11 pixelserv[10625]: adserver.adtechus.com _.adtechus.com missing
Jan 12 19:38:11 pixelserv[9981]: cert _.adtech.de generated and saved
Jan 12 19:38:13 pixelserv[9981]: cert _.adtechus.com generated and saved
Jan 12 19:40:09 pixelserv[10720]: cdn.static.zdbb.net _.static.zdbb.net missing
Jan 12 19:40:09 pixelserv[10721]: insight.adsrvr.org _.adsrvr.org missing
Jan 12 19:40:09 pixelserv[10723]: radar.cedexis.com _.cedexis.com missing
Jan 12 19:40:09 pixelserv[9981]: cert _.static.zdbb.net generated and saved
Jan 12 19:40:09 pixelserv[10724]: s.adroll.com _.adroll.com missing
Jan 12 19:40:10 pixelserv[9981]: cert _.adsrvr.org generated and saved
Jan 12 19:40:11 pixelserv[9981]: cert _.adroll.com generated and saved

Jan 12 19:41:58 pixelserv[10820]: cdn.boomtrain.com _.boomtrain.com missing
Jan 12 19:41:58 pixelserv[10821]: ( 4) 192.168.1.50: tru.am GET /scripts/custom/mobilenations.js HTTP/1.1
Jan 12 19:41:58 pixelserv[10823]: ( 4) 192.168.1.50: ads.servebom.com GET /tmnhead.js HTTP/1.1
Jan 12 19:41:58 pixelserv[10825]: (15) 192.168.1.50: trends.revcontent.com GET /serve.js.php?w=14011&t=rc_755&c=1484250118344&width=1259 HTTP/1.1
Jan 12 19:41:58 pixelserv[10827]: (14) 192.168.1.50: z-na.amazon-adsystem.com GET /widgets/onejs?MarketPlace=US HTTP/1.1
Jan 12 19:41:58 pixelserv[10831]: d1z2jf7jlzjs58.cloudfront.net _.cloudfront.net missing
Jan 12 19:41:58 pixelserv[10832]: www.googletagmanager.com _.googletagmanager.com missing
Jan 12 19:41:58 pixelserv[10833]: dnn506yrbagrg.cloudfront.net _.cloudfront.net missing
Jan 12 19:42:00 pixelserv[9981]: cert _.boomtrain.com generated and saved
Jan 12 19:42:00 pixelserv[9981]: cert _.cloudfront.net generated and saved

What does this mean exactly? i assume it's all fine just would like to understand what it sort of means.

Cheers.

 

[tomsk]

Turned logging on and noticed in log i get for example:



What does this mean exactly? i assume it's all fine just would like to understand what it sort of means.

Cheers.

These are certificates that are being generated on the fly for new https requests... subsequent visits will use the same certs.... perfectly normal

 

[thelonelycoder]

Turned logging on and noticed in log i get for example:



What does this mean exactly? i assume it's all fine just would like to understand what it sort of means.

Cheers.

This is normal pixelserv-tls log output, it needs to creates the certificate file for that domain.
They are stored in /opt/var/cache/pixelserv and are bound to the ca.crt file in the same directory.

 

[thelonelycoder]

When final 3.1?

The 'Done features / bugs' list is at 25 items at the moment.
There are a few more I'd like to add during beta testing, as those are not complicated to implement.
Beta testing begins any day now.

Speaking of which, I have a couple of participant spots open if anyone to play with AB is interested.

 

[Netbug]

These are certificates that are being generated on the fly for new https requests... subsequent visits will use the same certs.... perfectly normal

Ok thanks, good to here

This is normal pixelserv-tls log output, it needs to creates the certificate file for that domain.
They are stored in /opt/var/cache/pixelserv and are bound to the ca.crt file in the same directory.

Thank you

 

[eighteen]

I believe thats because you have DNSSEC active, it gives me those results there when the site does not support DNSSEC

It is almost always appearing in the ab-solution log, several times a minute and on different sites.

Does it have anything to do with DNSSec?

 

[eighteen]

That is indeed a log output because of dnscrypt.
Check your logs what it says before and after that message for the domain.

It appears in different ways, but you have an example below:

Jan 12 21:24:09 dnsmasq[3710]: forwarded init-p01st.push.apple.com to
127.0.0.1
Jan 12 21:24:09 dnsmasq[3710]: validation result is INSECURE
Jan 12 21:24:09 dnsmasq[3710]: reply www.apple.com is <CNAME>
Jan 12 21:24:09 dnsmasq[3710]: reply www.apple.com.edgekey.net is <CN
AME>
Jan 12 21:24:09 dnsmasq[3710]: reply www.apple.com.edgekey.net.global
redir.akadns.net is <CNAME>
Jan 12 21:24:09 dnsmasq[3710]: reply e6858.dsce9.akamaiedge.net is 10
4.94.190.92
Jan 12 21:24:09 dnsmasq[3710]: validation result is INSECURE
Jan 12 21:24:09 dnsmasq[3710]: reply edge-mqtt.facebook.com is <CNAME>
Jan 12 21:24:09 dnsmasq[3710]: reply mqtt.c10r.facebook.com is 31.13.
73.3

 

[thelonelycoder]

It appears in different ways, but you have an example below:

Jan 12 21:24:09 dnsmasq[3710]: forwarded init-p01st.push.apple.com to
127.0.0.1
Jan 12 21:24:09 dnsmasq[3710]: validation result is INSECURE
Jan 12 21:24:09 dnsmasq[3710]: reply www.apple.com is <CNAME>
Jan 12 21:24:09 dnsmasq[3710]: reply www.apple.com.edgekey.net is <CN
AME>
Jan 12 21:24:09 dnsmasq[3710]: reply www.apple.com.edgekey.net.global
redir.akadns.net is <CNAME>
Jan 12 21:24:09 dnsmasq[3710]: reply e6858.dsce9.akamaiedge.net is 10
4.94.190.92
Jan 12 21:24:09 dnsmasq[3710]: validation result is INSECURE
Jan 12 21:24:09 dnsmasq[3710]: reply edge-mqtt.facebook.com is <CNAME>
Jan 12 21:24:09 dnsmasq[3710]: reply mqtt.c10r.facebook.com is 31.13.
73.3

As this is not related to AB, please ask in a new or existing thread relating to DNSSEC or maybe even dnscrypt.

 

[visortgw]

The 'Done features / bugs' list is at 25 items at the moment.
There are a few more I'd like to add during beta testing, as those are not complicated to implement.
Beta testing begins any day now.

Speaking of which, I have a couple of participant spots open if anyone to play with AB is interested.

I'd be happy to assist again!

 

[eighteen]

How do I block Instagram ads?

 

[thelonelycoder]

How do I block Instagram ads?

Enable Logging, then (f) and option 3: Set as filter term your devices IP address.
Look at what goes by and determine which domain you want blocked.
Enter that in the blacklist and process it.
Repeat until you're happy.

 

[tomsk]

Enable Logging, then (f) and option 3: Set as filter term your devices IP address.
Look at what goes by and determine which domain you want blocked.
Enter that in the blacklist and process it.
Repeat until you're happy.

Something for a future enhancement perhaps.......have AB look at DNS requests and suggest possible ad domains.

 

[thelonelycoder]

Something for a future enhancement perhaps.......have AB look at DNS requests and suggest possible ad domains.

You describe what the hosts-adblock does...
Those are very likely ad domains, if I correctly understand what AB is supposed to do

 

[tomsk]

You describe what the hosts-adblock does...
Those are very likely ad domains, if I correctly understand what AB is supposed to do

Its fantastic that we have the amalgamated list which probably catches most of the ad traffic anyway. I was thinking about something outside of that where we have AB watching the pattern of requests outside of that list and saying to itself... "you know what.. this particular domain looks suspiciously ad-like to me... i'll flag it up as a possible ad domain".... then maybe on a weekly basis it collates its guesses and reports them out.
The nebulous thought just popped into my head when you replied to @eighteen query just now. I'll go and have lie-down now till it wears off

 

[thelonelycoder]

Its fantastic that we have the amalgamated list which probably catches most of the ad traffic anyway. I was thinking about something outside of that where we have AB watching the pattern of requests outside of that list and saying to itself... "you know what.. this particular domain looks suspiciously ad-like to me... i'll flag it up as a possible ad domain".... then maybe on a weekly basis it collates its guesses and reports them out.
The nebulous thought just popped into my head when you replied to @eighteen query just now. I'll go and have lie-down now till it wears off

AB-Solution 4(TM) will be one hell of an ad-blocker if I add all the stuff you, other members and me thought as a 'nice thing to have' feature.
I've added your text to the appropriate list.