What Really Happens On Your Network? Part Eight

Just last week, we had a post of things people have discovered happening on their networks.  But there is no shortage of these types of posts, so here is another collection of them or you can read previous iterations of these type of posts.

Read on to find out more to find out what people discovered happening on their networks, thanks to Pi-hole. Continue reading “What Really Happens On Your Network? Part Eight”

What Really Happens On Your Network? Part Seven

We’re back with the latest iteration of users discovering things on their network via Pi-hole.  This post is a compilation of things users have discovered over the past year.  Some were bad, some were interesting, and some were enlightening.  This isn’t the first time we’ve written a post like this, but we will try to go into more detail about what people have discovered and group together similar discoveries.  Below you’ll find previous renditions of this type of post.

Read on to find out more to find out what people discovered happening on their networks, thanks to Pi-hole.

Continue reading “What Really Happens On Your Network? Part Seven”

Mitigate A New CERT Vulnerability (#598349) With An Entry In /etc/hosts

There is a new CERT vulnerability that can leave you vulnerable to a Man-in-the-Middle attack.  You can mitigate this vulnerability today by adding these two lines to your /etc/hosts file:

0.0.0.0 wpad wpad.example.com 
:: wpad wpad.example.com

example.com is a stand in for your local domain.  So replace example.com with whatever your local domain is.

The essence of this vulnerability is that an attacker can add a device to the network named wpad and get a DHCP lease, thus inserting the name wpad.example.com in the local DNS pointing to the attacker’s machine.  The presence of that A record allows control of the proxy settings of any browser in the network.

You can learn more about the technology behind this attack at Google’s Project Zero page–it’s an older article, but gives some insight into the inner workings of the attack.

The next release of dnsmasq includes an option (dhcp-ignore-names) that can be used to mitigate the attack at the source, but we haven’t heard how Simon will act on this new vulnerability.

Since FTLDNS is just our fork of dnsmasq, we can easily merge in any upstream changes from him, but we wanted to let you know of the /etc/hosts fix that you can immediately implement.

Limited Edition Pi-hole Coins Are Now For Sale

Patrons got first dibs, but there are still plenty of coins available.

These coins are high quality, colored, and textured.  Check out the product page for more information.  Enjoy!

Proceeds from the sales will be used to further develop Pi-hole.

Coins, Patreon Feedback Round 2, Plus Our Fundraiser

Separate from Patreon: Collectable Coins Will Be For Sale

These are 2 inch metal coins with color and texture.  Only 300 have been made (seven of which have gone to the developers) and each one has a sequential number printed on it.

If these are a success, we will be designing and selling more coins, but this will be the only limited edition run with sequential numbering, so if you’re a collector or just a die hard fan, you’ll need to act fast.  We’ll do another blog post announcing when they are available for purchase.

Patreon Reward Levels

$15/month Mug-of-the-month Club

We are also running a mug-of-the-month tier for those willing to donate $15 a month.  Each month, we’ll ship out a mug with a new Pi-hole inspired design on it.  Here are just a few we’ve already had commissioned.

and more like these…

$10/month Sticker-of-the-month Club

Get a sheet of 24 stickers each month.

$1-5/month Thank You!

We can’t offer much at this price point, but we do appreciate your help.  You’ll get a special “Patron” flair on our user forums and/or Reddit.  You’ll also get access to our patron-only posts on Patreon.

Our Fundraiser

We’re attempting to raise $100,000 in an effort to develop Pi-hole even more. Patreon is an extended effort to offer you tangible rewards for supporting us.

One-time funding goal for developing full time, faster updates, faster bug fixes, quicker support response times, more features, more platforms natively supported…

$30,557 of $100,000 raised
$
Select Payment Method
Personal Info

Donation Total: $25.00 One Time

{amount} donation plus {fee_amount} to help cover fees.

ERROR:

If you’d like to support the development of Pi-hole, use the form above to send us a donation (monthly or a one-time).

You can also help us out by becoming a patron or purchasing items/services through our affiliate links below.

  • Bitcoin 33v5DGMGwYiDDJsKExksY1jhZbhGqF1SVe
  • Bitcoin Cash  qquhjgl9l5yfghu2kmw7q495m4xdgfc4q59zntpjmh
  • Ethereum 0x5Cd7f79D8D542847B2A313297037d3CAc1FeFBB4

We are all volunteers on the project and work on it in our free time.  Your donations will help support our infrastructure and keep us motivated to improve the product.

No registration is needed.

 

Results of the Pi-hole User Survey

Staying Free

Pi-hole will remain free in both meanings of the word: free of charge and open source.  We know the survey spooked many of your fears and you may have considered several worst case scenarios.  We heard you loud and clear, you don’t want us to charge money for Pi-hole and we won’t.

In it’s current state, Pi-hole is free of charge and can be used to protect your privacy–a human right to which everyone is entitled.  And we intend to keep it that way.  At the end of this article, you will find some information on how much it costs to run Pi-hole from month-to-month; something you wanted to know based on the survey.  This will be specific, including the salaries needed to allow us to develop full/part time and bring you more updates and features faster while also providing you better support.  It will also include the cost of support and QA/testing, marketing, research, business development, legal, operational, etc. Continue reading “Results of the Pi-hole User Survey”

Pi-hole User Survey

The survey is now complete.  Thanks to those who contributed.

Pi-hole has grown far beyond what any of us could have imagined.  As Pi-hole continues to evolve, we are looking at what Pi-hole is and if it’s meeting the demands of the market.  An experienced product manager has been helping us and has put together two surveys.  If you’re willing, please consider filling one of them out.

  • If you are already using Pi-hole, please fill out this short survey.
  • If you have not installed Pi-hole before, please fill out this short survey

Here is SurveyMonkey’s privacy policy if you are concerned about it.