At Home Malware (and Online Ads) Protection

by Ashes

As we know, even the most security-aware person can be subject to redirects, mis-clicks, etc.  So when I found a host file online containing known malware websites, I immediately wanted to load this file onto my Ubuntu machine to protect it.  However, I have a lot of other devices on my network as well, including my media computer for streaming movies and wireless devices such as tablets and phones.  Loading a hosts file onto each one of these devices and updating them every time the malware hosts file was updated online would be more work than I wanted to do.

Having DD-WRT on my home router would be the answer to zero work after the initial configuration.

To implement my solution, I used SSH to connect to my router.  In the root's home directory I then wrote the following script:

#!/bin/bash
wget -O ~/malware_hosts.txt http://www.malwaredomainlist.com/hostslist/hosts.txt
wget -O ~/ad_hosts.txt http://www.winhelp2002.mvps.org/hosts.txt
cp -f /tmp/hosts /tmp/hosts.bkp
cat ~/malware_hosts.txt > /tmp/hosts
cat ~/ad_hosts.txt >> /tmp/hosts
rm -f ~/malware_hosts.txt
rm -f ~/ad_hosts.txt
killall dnsmasq
dnsmasq --conf-file=/tmp/dnsmasq.conf

To explain this script to those who may not understand, the script downloads the updated malware hosts file from www.malwaredomainlist.com and, for good measure, another list with advertising domains.

It then creates a backup of the current hosts file and copies the contents of the downloaded malware hosts file and advertising hosts file into the proper hosts file to be read by the operating system.

After this happens, the script then removes the two downloaded files, kills the current DNS service, and restarts it so that the hosts file can be properly read.

I then ran the script to ensure that it did not error out as well as making sure the malware and advertisement website list was copied into the hosts file.  After it did not error out and everything was a go, I created a weekly cron job.

I added a file update_malware_blocks into the /tmp/cron.d directory with the proper configuration so that it runs weekly.

Some additional notes on this configuration:

  1. The /tmp directory gets reset every time the router is rebooted.  If you have to reboot your router, you will have to re-implement the steps above.

  2. The home directory for root on DD-WRT is in the /tmp/root directory.

  3. Your clients must be set to use your router as your DNS server.  Then, of course, use OpenDNS servers to further resolve requests by putting their IP addresses into your router settings via the web GUI.

Code: malware-stop.sh
Return to $2600 Index