AB-Solution - The Ad Blocking Solution

[thelonelycoder]

one Smart TV

One not so smart TV...

 

[Butterfly Bones]

One not so smart TV...

Oh God, don't get me started. After getting all this "smart" IoT devices, I've been going crazy with what they do in the syslog regarding pixelserv and skynet. Even watching the log file in AB-S gets me shaking my head. I never knew how true the saying "ignorance is bliss" is until now.

 

[thelonelycoder]

Oh God, don't get me started. After getting all this "smart" IoT devices, I've been going crazy with what they do in the syslog regarding pixelserv and skynet. Even watching the log file in AB-S gets me shaking my head. I never knew how true the saying "ignorance is bliss" is until now.

Then I have one word for you: Wireshark
Google "What is the best sedative for anxiety?" and take your favorite pill first, then google the word.
Alternatively, a parked and manned ambulance out front will also do.

 

[Butterfly Bones]

Then I have one word for you: Wireshark
Google "What is the best sedative for anxiety?" and take your favorite pill first, then google the word.
Alternatively, a parked and manned ambulance out front will also do.

Tried Wireshark but the version for Linux Mint disables remote logging and no entware version. I've been running tcpdump via entware on kvic's prompting and that is one thing that has opened my eyes to transgressions of "smart" and "Iot" and my android devices. I won't go into the ghastly details.

 

[deddc23efb]

At a convenient time, grab your sons iPad mini along with a link to such a video.
- Open AB-Solution and enter f, option 1.
- Open the youtube link on the iPad and look for lines "/adblocking/blocking_file domain.com is <blocking IP>" and make a good guess which "domain.com" is the one blocking it.
- Then whitelist the domain and process the file. If it works now you're done. Else remove it from the whitelist and whitelist the next best guess of "domain.com". Repeat until success.

Then return the iPad to the deprived son and have him check it for himself. Or, even better, make that a educational session for both of you and let him help doing it.

I too would like to understand from where entries are coming (see post 2748) especially when dealing with false positives.

I stumbled across a problem accessing forthentry.com (An Ontario tourist attraction ... I suspect it's not malware) With ab-solution enabled it is not accessible. I enabled follow the log and I see a DNS request when I go to the site, which comes back with the right address for the site.

When I dump the IP set on my router (ipset list | grep 192.124.249.18) , I find the IP address of the site marked as BanMalware. I suspect this is incorrect (I suppose it may be possible that the site has been hacked.... unlikely though):
192.124.249.18 comment "BanMalware"

When I grep for forthenry.com in the ab-solution storage directories (mounted on my USB stick) I don't find that name. I'm assuming it's not in the downloaded data files.

My ab-solution is configured with option 1 (standard). The version data is :
AB-Solution 3.11.1 by thelonelycoder
----------------------------------------------------
RT-AC3100 (armv7l) fw-384.3 @ 192.168.2.1
----------------------------------------------------
25,998 blocked domains 3 hosts files in use
171,506 t 1,735 w 17 n ads since Mar 25 19:39
----------------------------------------------------

It would be helpful to know where this entry originated when it was pushed into the ipset. Something like adding the original data file name to the comment perhaps.

/dedd

 

[thelonelycoder]

When I dump the IP set on my router (ipset list | grep 192.124.249.18) , I find the IP address of the site marked as BanMalware. I suspect this is incorrect (I suppose it may be possible that the site has been hacked.... unlikely though):
192.124.249.18 comment "BanMalware"

This is from Skynet, not AB-Solution.
AB-Solution does not and cannot block IP addresses.

 

[deddc23efb]

This is from Skynet, not AB-Solution.
AB-Solution does not and cannot block IP addresses.

You're quick! I just came back to say I'm pointing at the wrong software. Skynet is adding those entries!
Sorry for the noise.
/dedd

 

[Adamm]

I too would like to understand from where entries are coming (see post 2748) especially when dealing with false positives.

I stumbled across a problem accessing forthentry.com (An Ontario tourist attraction ... I suspect it's not malware) With ab-solution enabled it is not accessible. I enabled follow the log and I see a DNS request when I go to the site, which comes back with the right address for the site.

When I dump the IP set on my router (ipset list | grep 192.124.249.18) , I find the IP address of the site marked as BanMalware. I suspect this is incorrect (I suppose it may be possible that the site has been hacked.... unlikely though):
192.124.249.18 comment "BanMalware"

It would be helpful to know where this entry originated when it was pushed into the ipset. Something like adding the original data file name to the comment perhaps.

/dedd

https://github.com/Adamm00/IPSet_ASUS/wiki#applicationexe-or-websitecom-is-blocked

Without derailing the thread, the IP in question hosts 790+ websites, one of those websites having links to ransomware.

https://iplists.firehol.org/files/ransomware_feed.ipset - 192.124.249.18

While that doesn't necessarily mean the website you are visiting is the one that is compromised, due to the nature of shared hosting it only takes one bad apple to spoil the bunch and get everyone blacklisted.

 

[Protik]

@thelonelycoder, is there any advantage for AB if dnsmasq is replaced with FTLDNS (fork of dnsmasq by pihole devs, more detail)?

 

[Twiglets]

@thelonelycoder, is there any advantage for AB if dnsmasq is replaced with FTLDNS (fork of dnsmasq by pihole devs, more detail)?

Reading the links, isn't FTLDNS actually PiHole merged with a fork of dnsmasq ?
It is not just a replacement for dnsmasq therefore could not replace dnsmasq alone.

Please advise if I have misunderstood ?

 

[clvk07]

Try to ping either 209.244.0.3 (Level 3) or 8.8.8.8 (Google) from the SSH terminal.
If ping times out, find out why.

Resolved. I had static routes enabled (for some streaming services) which it was redirecting the google DNS to the router itself 192.168.1.1

 

[Raphie]

My iPhone x keeps pinging google DNS 8.8.8.8 every 30secs or so
My chromecast audio keeps on pinging some other 8.8.8.8 all the time.

 

[Spydawg]

this was working great until today..
I noticed adds today, loaded up putty and tried to open the ab-solution.
received following error.

[: /tmp/mnt/USB1: unknown operand
--> AB-Solution device change detected
--> fixing paths in files...
[: /tmp/mnt/USB1: unknown operand

can't load ab-solution.

Any ideas?

My router is a RT-AC3100 running Firmware Version:384.4_2

 

[Asad Ali]

this was working great until today..
I noticed adds today, loaded up putty and tried to open the ab-solution.
received following error.

[: /tmp/mnt/USB1: unknown operand
--> AB-Solution device change detected
--> fixing paths in files...
[: /tmp/mnt/USB1: unknown operand

can't load ab-solution.

Any ideas?

My router is a RT-AC3100 running Firmware Version:384.4_2

Test after reboot.

 

[Spydawg]

after reboot. getting lots of errors in router log..

Mar 26 17:01:32 kernel: Modules linked in: tdts_udbfw tdts_udb(P) tdts(P) nf_nat_sip nf_conntrack_sip nf_nat_h323 nf_conntrack_h323 nf_nat_rtsp nf_conntrack_rtsp nf_nat_ftp nf_conntrack_ftp ip6table_mangle sr_mod cdrom xt_hl xt_HL xt_length usblp thfsplus tntfs(P) tfat(P) ext2 ext4 crc16 jbd2 ext3 jbd mbcache usb_storage sg sd_mod scsi_wait_scan scsi_mod ip6t_LOG ip6table_filter jffs2 cdc_mbim qmi_wwan cdc_wdm cdc_ncm rndis_host cdc_ether asix cdc_acm usbnet mii ohci_hcd ehci_hcd usbcore nf_nat_pptp nf_
Mar 26 17:01:32 kernel: [<8005701c>] (unwind_backtrace+0x0/0xf8) from [<80077fc0>] (warn_slowpath_common+0x4c/0x64)
Mar 26 17:01:32 kernel: [<80077fc0>] (warn_slowpath_common+0x4c/0x64) from [<80077ff4>] (warn_slowpath_null+0x1c/0x24)
Mar 26 17:01:32 kernel: [<80077ff4>] (warn_slowpath_null+0x1c/0x24) from [<80104040>] (mark_buffer_dirty+0xac/0xcc)
Mar 26 17:01:32 kernel: [<80104040>] (mark_buffer_dirty+0xac/0xcc) from [<7f63050c>] (ext2_new_blocks+0x578/0x5b0 [ext2])
Mar 26 17:01:32 kernel: [<7f63050c>] (ext2_new_blocks+0x578/0x5b0 [ext2]) from [<7f6340ec>] (ext2_get_block+0x3e8/0x8b4 [ext2])
Mar 26 17:01:32 kernel: [<7f6340ec>] (ext2_get_block+0x3e8/0x8b4 [ext2]) from [<801053bc>] (block_prepare_write+0x1ec/0x584)
Mar 26 17:01:32 kernel: [<801053bc>] (block_prepare_write+0x1ec/0x584) from [<801058e8>] (block_write_begin+0x48/0x7c)
Mar 26 17:01:32 kernel: [<801058e8>] (block_write_begin+0x48/0x7c) from [<7f633b74>] (ext2_write_begin+0x3c/0x68 [ext2])
Mar 26 17:01:32 kernel: [<7f633b74>] (ext2_write_begin+0x3c/0x68 [ext2]) from [<800ae048>] (generic_file_buffered_write+0x198/0x248)
Mar 26 17:01:32 kernel: [<800ae048>] (generic_file_buffered_write+0x198/0x248) from [<800afda4>] (__generic_file_aio_write+0x270/0x540)
Mar 26 17:01:32 kernel: [<800afda4>] (__generic_file_aio_write+0x270/0x540) from [<800b00d4>] (generic_file_aio_write+0x60/0xd0)
Mar 26 17:01:32 kernel: [<800b00d4>] (generic_file_aio_write+0x60/0xd0) from [<800df284>] (do_sync_write+0xac/0xdc)
Mar 26 17:01:32 kernel: [<800df284>] (do_sync_write+0xac/0xdc) from [<800df96c>] (vfs_write+0xb4/0x148)
Mar 26 17:01:32 kernel: [<800df96c>] (vfs_write+0xb4/0x148) from [<800dfbf4>] (sys_write+0x40/0x70)
Mar 26 17:01:32 kernel: [<800dfbf4>] (sys_write+0x40/0x70) from [<80050ac0>] (ret_fast_syscall+0x0/0x30)
Mar 26 17:01:32 kernel: ---[ end trace 44460d36e4c7556e ]---
Mar 26 17:01:33 kernel: EXT2-fs (sda1): previous I/O error to superblock detected
Mar 26 17:01:33 kernel: sd 0:0:0:0: [sda] Unhandled sense code
Mar 26 17:01:33 kernel: sd 0:0:0:0: [sda]  Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Mar 26 17:01:33 kernel: sd 0:0:0:0: [sda]  Sense Key : Data Protect [current]
Mar 26 17:01:33 kernel: Info fld=0x0
Mar 26 17:01:33 kernel: sd 0:0:0:0: [sda]  Add. Sense: Write protected
Mar 26 17:01:33 kernel: sd 0:0:0:0: [sda] CDB: Write(10): 2a 00 00 00 08 00 00 00 08 00
Mar 26 17:01:33 kernel: end_request: I/O error, dev sda, sector 2048
Mar 26 17:01:33 kernel: Buffer I/O error on device sda1, logical block 0
Mar 26 17:01:33 kernel: lost page write due to I/O error on sda1
Mar 26 17:01:45 adaptive QOS: *- Clearing Iptables -*
Mar 26 17:01:46 rc_service: udhcpc 601:notify_rc start_firewall
Mar 26 17:01:47 dhcp_client: bound 192.168.2.11 via 192.168.2.1 during 432000 seconds.
Mar 26 17:01:47 miniupnpd[1040]: shutting down MiniUPnPd
Mar 26 17:01:48 kernel: registering ipv6 ROUTE target
Mar 26 17:01:48 nat: apply nat rules (/tmp/nat_rules_eth0_eth0)
Mar 26 17:01:48 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Mar 26 17:01:49 miniupnpd[11768]: HTTP listening on port 42809
Mar 26 17:01:49 miniupnpd[11768]: Listening for NAT-PMP/PCP traffic on port 5351
Mar 26 17:01:49 adaptive QOS: Applying  Iptables Rules
Mar 26 17:01:51 kernel: EXT2-fs (sda1): previous I/O error to superblock detected
Mar 26 17:01:51 kernel: sd 0:0:0:0: [sda] Unhandled sense code
Mar 26 17:01:51 kernel: sd 0:0:0:0: [sda]  Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Mar 26 17:01:51 kernel: sd 0:0:0:0: [sda]  Sense Key : Data Protect [current]
Mar 26 17:01:51 kernel: Info fld=0x0
Mar 26 17:01:51 kernel: sd 0:0:0:0: [sda]  Add. Sense: Write protected
Mar 26 17:01:51 kernel: sd 0:0:0:0: [sda] CDB: Write(10): 2a 00 00 00 08 00 00 00 08 00
Mar 26 17:01:51 kernel: end_request: I/O error, dev sda, sector 2048
Mar 26 17:01:51 kernel: Buffer I/O error on device sda1, logical block 0
Mar 26 17:01:51 kernel: lost page write due to I/O error on sda1
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] Unhandled sense code
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Sense Key : Data Protect [current]
Mar 26 17:01:52 kernel: Info fld=0x0
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Add. Sense: Write protected
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] CDB: Write(10): 2a 00 00 00 08 08 00 00 08 00
Mar 26 17:01:52 kernel: end_request: I/O error, dev sda, sector 2056
Mar 26 17:01:52 kernel: Buffer I/O error on device sda1, logical block 1
Mar 26 17:01:52 kernel: lost page write due to I/O error on sda1
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] Unhandled sense code
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Sense Key : Data Protect [current]
Mar 26 17:01:52 kernel: Info fld=0x0
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Add. Sense: Write protected
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] CDB: Write(10): 2a 00 00 00 08 20 00 00 08 00
Mar 26 17:01:52 kernel: end_request: I/O error, dev sda, sector 2080
Mar 26 17:01:52 kernel: Buffer I/O error on device sda1, logical block 4
Mar 26 17:01:52 kernel: lost page write due to I/O error on sda1
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] Unhandled sense code
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Sense Key : Data Protect [current]
Mar 26 17:01:52 kernel: Info fld=0x0
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Add. Sense: Write protected
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] CDB: Write(10): 2a 00 00 1c 08 20 00 00 20 00
Mar 26 17:01:52 kernel: end_request: I/O error, dev sda, sector 1837088
Mar 26 17:01:52 kernel: Buffer I/O error on device sda1, logical block 229380
Mar 26 17:01:52 kernel: lost page write due to I/O error on sda1
Mar 26 17:01:52 kernel: Buffer I/O error on device sda1, logical block 229381
Mar 26 17:01:52 kernel: lost page write due to I/O error on sda1
Mar 26 17:01:52 kernel: Buffer I/O error on device sda1, logical block 229382
Mar 26 17:01:52 kernel: lost page write due to I/O error on sda1
Mar 26 17:01:52 kernel: Buffer I/O error on device sda1, logical block 229383
Mar 26 17:01:52 kernel: lost page write due to I/O error on sda1
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] Unhandled sense code
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Sense Key : Data Protect [current]
Mar 26 17:01:52 kernel: Info fld=0x0
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Add. Sense: Write protected
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] CDB: Write(10): 2a 00 00 1c 08 48 00 00 08 00
Mar 26 17:01:52 kernel: end_request: I/O error, dev sda, sector 1837128
Mar 26 17:01:52 kernel: Buffer I/O error on device sda1, logical block 229385
Mar 26 17:01:52 kernel: lost page write due to I/O error on sda1
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] Unhandled sense code
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Sense Key : Data Protect [current]
Mar 26 17:01:52 kernel: Info fld=0x0
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Add. Sense: Write protected
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] CDB: Write(10): 2a 00 00 44 08 20 00 00 08 00
Mar 26 17:01:52 kernel: end_request: I/O error, dev sda, sector 4458528
Mar 26 17:01:52 kernel: Buffer I/O error on device sda1, logical block 557060
Mar 26 17:01:52 kernel: lost page write due to I/O error on sda1
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] Unhandled sense code
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Sense Key : Data Protect [current]
Mar 26 17:01:52 kernel: Info fld=0x0
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Add. Sense: Write protected
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] CDB: Write(10): 2a 00 00 a4 08 00 00 00 08 00
Mar 26 17:01:52 kernel: end_request: I/O error, dev sda, sector 10749952
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] Unhandled sense code
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Sense Key : Data Protect [current]
Mar 26 17:01:52 kernel: Info fld=0x0
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Add. Sense: Write protected
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] CDB: Write(10): 2a 00 00 a4 08 20 00 00 08 00
Mar 26 17:01:52 kernel: end_request: I/O error, dev sda, sector 10749984
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] Unhandled sense code
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Sense Key : Data Protect [current]
Mar 26 17:01:52 kernel: Info fld=0x0
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda]  Add. Sense: Write protected
Mar 26 17:01:52 kernel: sd 0:0:0:0: [sda] CDB: Write(10): 2a 00 00 a8 00 e8 00 00 08 00
Mar 26 17:01:52 kernel: end_request: I/O error, dev sda, sector 11010280
Mar 26 17:01:54 kernel: EXT2-fs (sda1): previous I/O error to superblock detected
Mar 26 17:01:54 kernel: sd 0:0:0:0: [sda] Unhandled sense code
Mar 26 17:01:54 kernel: sd 0:0:0:0: [sda]  Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Mar 26 17:01:54 kernel: sd 0:0:0:0: [sda]  Sense Key : Data Protect [current]

 

[Spydawg]

I updated to latest firmware on Sunday.. Firmware Version:384.4_2

 

[skeal]

I updated to latest firmware on Sunday.. Firmware Version:384.4_2

It looks like either drive failure or file system failure to me. Try re-partition and or format.

 

[Spydawg]

ok

 

[Spydawg]

Yes USB died..

Reinstalling AB_Solution.. Installed fine..

Get error now installing the pixelserv-tls


AB-Solution 3.11.2: pixelserv-tls install
checking your system
testing firmware capability: LAN IP port 80
router listens only on LAN IP port 80, continuing
testing if 'ifconfig br0 up' works on your system
this might take a few seconds to complete...
this appears to be working, continuing
checking port 443 availability
port 443 is available, continuing
found Entware entry in /jffs/scripts/post-mount
but Entware does not appear to be running.
Please investigate first.
---------------------------------------------------

Any help?

 

[skeal]

Yes USB died..

Reinstalling AB_Solution.. Installed fine..

Get error now installing the pixelserv-tls


AB-Solution 3.11.2: pixelserv-tls install
checking your system
testing firmware capability: LAN IP port 80
router listens only on LAN IP port 80, continuing
testing if 'ifconfig br0 up' works on your system
this might take a few seconds to complete...
this appears to be working, continuing
checking port 443 availability
port 443 is available, continuing
found Entware entry in /jffs/scripts/post-mount
but Entware does not appear to be running.
Please investigate first.
---------------------------------------------------

Any help?

Remove the entry in /jffs/scripts/post-mount relating to ABS. Re-run pixelserv-tls intsall. Something in the post-mount script that pixelserv-tls doesn't like. I think it's the reference to Entware.