Online Security

Hi Folks,

Just installed Pi-hole and using it on my network, amazing how many blocks from normal surfing occur.

I don't want to sound paranoid but online security is an important issue - the basis of Pi-hole is similar to replacing the hosts file on client computer. These files are maintained by enthusiasts in the open community.

How open are public host files and, maybe Pi-hole, to phishing attacks?

Geffers

You can trust pihole. You can view it's code. Also adlists just provide a list of ad serving domains, you can view them.
Just change default password for pi and set one for web interface, change default SSH keys and don't forward ports unnecessarily.

Not to mention some users actually detected intrusion on their network with pihole!

Pi-hole just uses the domains from the ad lists, so even if a list tried redirecting you to a different IP address, Pi-hole will ignore it and just take the domain (redirected to itself).

Are you asking if the sites hosting the hosts files are prone to phishing attacks? And concerning Pi-hole, are you asking if our software is prone to phishing attacks?

We designed Pi-hole to block advertisements, but it works just as well to block known phishing and malware sites. We act as a private DNS server, usually installed on your own private network.

I can answer better if I understand what you mean.

Thank you, didn't think Pi-Hole was a problem, was just wondering about method of redirecting.

Geffers

Being new to Pi-Hole was just thinking out loud.

I find online security fascinating but technical knowledge not quite good enough to fully understand methods

Can see Pi-Hole can be an aid to security but was wondering about the sites that host the 'hosts' files.

Geffers

There's been a Feature Request to move to https for the lists that support it, and were looking at that. But the question I've had is the attack vector, since the lists are just plain text and end up as hosts files on the Pi-hole, other than having domains that shouldn't be blocked suddenly appear, I'm not sure what the possible bad actor actions would be.

If there was a bad list submitted, we'd hear about it quickly, and all that would need to be done is to comment out that list in adlists.list and pihole -g to flush out the bad list.

I agree that we should use https if its available, but that's mostly just being good consumers and not totally a security issue.

1 Like

Thanks Dan,

Very interesting program, am using it enthusiastically and viewing statistics.

Geffers

Thanks, and if you have any thoughts about the security or how we can be better, let us know. We're always open to new ideas or suggestions!