Menu
What's new
By:
Filters Better Search

pixelserv pixelserv - A Better One-pixel Webserver for Adblock

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Don't forget to download the 'libopenssl_1.0.2n-1c_XXXX-2.6.ipk' file FIRST !!!
[Substitute XXXX with the right Architecture for your router]
Once the 'opkg --force-depends remove libopenssl' command is run it will prevent downloading of the new file.
Unless you install 'wget-nossl' FIRST which has no dependency on the ssl lib running and download the file using that.
[All info 'pulled together' from various posts in this thread , Thanks kvic :) ]
 
up for more than 30 days and more than 1 million requests handled, 1.8% memory is being used and all of these are happened with no problem. :)

index.png
 
pattiri said:
up for more than 30 days and more than 1 million requests handled, 1.8% memory is being used and all of these are happened with no problem. :)

View attachment 13466
Click to expand...

Congrats on hitting one million! :D

To celebrate, I offer you and everyone a bug fix beta..

2.1.2-test.1

This test version fixed missing client IP addresses in some situations when you enable log LEVEL 2 to capture failed handshakes for security check.

This is helpful for people using a script (like mentioned here) to parse and highlight only new suspicious connections.

Pls use the usual one-liner script to install the beta.
 
kvic said:
Congrats on hitting one million! :D

To celebrate, I offer you and everyone a bug fix beta..

2.1.2-test.1

This test version fixed missing client IP addresses in some situations when you enable log LEVEL 2 to capture failed handshakes for security check.

This is helpful for people using a script (like mentioned here) to parse and highlight only new suspicious connections.

Pls use the usual one-liner script to install the beta.
Click to expand...

A new BETA so soon?? I thought you were on your well deserved vacation lol
 
Asad Ali said:
A new BETA so soon?? I thought you were on your well deserved vacation lol
Click to expand...

This version will be only a bug fix release. No new features. It resolves the missing client ip addresses like in the logs below:
Code: 
Jun 10 10:29:36 Phaeo pixelserv-tls[949]: handshake failed: unknown cert. client :39171 server googleads.g.doubleclick.net
Jun 10 10:30:12 Phaeo pixelserv-tls[949]: handshake failed: unknown cert. client :39182 server t.appsflyer.com
Jun 10 10:30:23 Phaeo pixelserv-tls[949]: handshake failed: unknown cert. client :39188 server googleads.g.doubleclick.net

Putting up a beta so that more people could try and report its effectiveness. With this fix, known breaks could be suppressed in reports produced by scripts.

Do you parse logs to catch and check new breaks btw?
 
kvic said:
Added. If you can't see previous messages, let me know.
Click to expand...

Perfect thank you, and the first message I see is your instructions post so I assume there's no previous messages before that.
 
In the past few days I accumulated mysterious increments on slu, so turned on log LEVEL 5 to inspect. Accidentally caught this:

Code: 
Jun 14 21:17:34 Phaeo pixelserv-tls[17673]: handshake failed: client 192.168.1.104:62382 server ping.ublock.org. Lib(20) Func(138) Reason(227)

According to uBlock@76b89c0, this 'phone home' feature was added to uBlock (not uBlock Origin) back in April.

It seems always happen regardless uBlock enabled in your browser or not as long as it's installed. Time to move away from uBlock to uBlock Origin if you still need client side filtering.

Btw, the above pixelserv-tls log entry was moved to log LEVEL 5. I'm thinking of moving back to log LEVEL 2. A script can parse and gather some useful info out of such entries.
 
kvic said:
Time to move away from uBlock to uBlock Origin if you still need client side filtering.
Click to expand...

uBlock Origin is the original uBlock extension, still maintained by the original developer. uBlock is a fork of uBlock Origin, perpetrated years ago in an attempt to defraud the original developer and monetize the extension by seeking donations and removing credit. No one should be using anything but uBlock Origin to begin with.
 
kvic said:
A better criterion will be (client ip, server name) tuple that is only doable from within pixelserv-tls with a new feature implemented. This will be more precise on what to suppress. Other clients accessing the same server can still go though.
Click to expand...

Can we expect to see this feature implemented in pixelserv-tls anytime soon lol?
 
Asad Ali said:
Can we expect to see this feature implemented in pixelserv-tls anytime soon lol?
Click to expand...

I thought the script is a better solution. pixelserv-tls for speedy capture of 'raw' data. The script handles parsing of 'raw' data and tabulation of info in batch mode. :D
 
kvic said:
I thought the script is a better solution. pixelserv-tls for speedy capture of 'raw' data. The script handles parsing of 'raw' data and tabulation of info in batch mode. [emoji1]
Click to expand...

Yup but that's cosmetic lol and still messed up the slu's since the actual rouge client/server tuple are not blocked.
 
Asad Ali said:
Yup but that's cosmetic lol and still messed up the slu's since the actual rouge client/server tuple are not blocked.
Click to expand...

It's not. In v2.1, clients without CA imported will register in both slu and uca.

So e.g. if people care about the "clean" slu (which is meaningless IMO), one can get it by slu - uca.
 
kvic said:
It's not. In v2.1, clients without CA imported will register in both slu and uca.

So e.g. if people care about the "clean" slu (which is meaningless IMO), one can get it by slu - uca.
Click to expand...

In that case why not remove "slu" counter all together to make it look clean.
 
Asad Ali said:
In that case why not remove "slu" counter all together to make it look clean.
Click to expand...

slu - all handshake errors that contains two sub-categories uca, uce.
uca - CA not honoured (including devices without CA imported)
uce - server cert not hnoured

slu > uca + uce

slu serves its purpose and will stay. In future, we may add further sub-categories.
 
Hey @kvic or other guys can anyone of you who are using two instances of pixelserv-tls guide me a little on how to run/setup/install it on a single router?

Furthermore I'm using ABSolution as my blocking script so will it be compatible with this setup?
 
Last edited:
AB-Solution has option to install.
I did not know there was any reason to run two pixelserv within a network, as long as you are running on main router.
EDIT:
@Asad Ali Thank You for showing me another way this script is used.
 
Last edited:
You must log in or register to reply here.

Similar threads

MegaMango
dnsmasq-surrogate for RT-BE88U: Ad Blocking & Security Enhancement
Replies
2
Views
483
MegaMango
MegaMango
L
pixelserv SOLVED - Is PixelServ WebGui script trustworthy at the moment? Redirects to strange website...
Replies
10
Views
4K
gspannu
gspannu
thelonelycoder
Diversion Need help with selecting new set of filter lists / block lists for Diversion 5.0
2
Replies
21
Views
4K
thelonelycoder
thelonelycoder
blacksheep
pixelserv Does "How to best run Pixelserv tls on asuswrt" still apply?
Replies
3
Views
3K
elorimer
E
garycnew
Entware [SOLUTION] Cross-Compile PixelServ-TLS 2.4 Entware Package via Debian Live DVD
Replies
13
Views
3K
garycnew
garycnew
Similar threads
Thread starter Title Forum Replies Date
C Diversion Pixelserv replacement Asuswrt-Merlin AddOns 2
L Is Diversion better than NextDNS, PiHole or AdGuard Home? Asuswrt-Merlin AddOns 10

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 797 (members: 20, guests: 777)
Top