# how do you harden ur gateway: ads/virus/spyware/hackers

## Garbz

Hi all

I use a linux box at home (several actually) and have a basic system for preventing malicious things, however this security is very lapse.  

Currently I have a linux router with exim for mail, and an iptables firewall that i wrote myself to handle nasties.  On my desktop computer i have simply run spyware programs once a month, and i have a custom hosts file which does wonders for blocking many ads, but isn't very effective overall.  Also I use mozilla and i'm generally secure to activex / other exploits.  I don't currently use virus solutions as i've educated the rest of the family in safe practices, and the router locks the nasties out rather nicely so we're pretty secure against that.

How do you secure youself against the nasties of the internet?

I'm really interested in server side solutions to keep the entire house secure.  Things such as:

1. How do you block ads via squid?

2. How do you block viruses via exim?

3. How do you block spam via exim? (i had trouble compiling spamassassin but that's a diff story).

4. How do you block spyware from the server?

5. Is there any other way that you can think of hardening your box?

----------

## farrioth

I also use the adservers in /etc/hosts trick, but not much else.  I get no spam and i've never had a virus.  Maybe i'm just lucky.

----------

## Regor

I block ads with squidguard and I use spambayes to deal with spam. Both are fairly effective and are in portage. 

I don't concern myself with viruses or spyware since I don't use badly designed OS's from convicted monopolists on the network.   :Razz: 

----------

## lagrima

question, is there a predefined most common list of ad servers that i can put to block on my host file?  where do you guys get that list?  is there a  app that automatically puts them there just like a pop up blocker instead it updates the blocked hosts?

----------

## farrioth

I'll post my list of ~17000 adservers if you want.  I can't remember where I got it.  I don't bother with putting them in automatically, if I ever get ads coming through (practically never) I add the host manually.

----------

## DooMi

 *Garbz wrote:*   

> 
> 
> (...) How do you secure youself against the nasties of the internet? (...)
> 
> 

 

you really should give spamassasin another try cus it really rocks. im using shorewall for my iptables stuff, it works nice. im not using squid cus im a webdev and so i have to deactivate it everytime im coding (webdevs dont like sites that are modified but dont seem to  :Wink: , and that sucks. for spyware termination im using spybot. its really nice and even better than adaware. i personally dont use anti-virus tools cus the main problem in viruses are the users. just teach your family or whoever u r living with they shouldnt click on every shit they see.  :Smile: 

so far.

----------

## lagrima

sweet thx farrioth or if its too much, just email me the list i would gladdly appreciate it.

----------

## ynef

 *lagrima wrote:*   

> question, is there a predefined most common list of ad servers that i can put to block on my host file?  where do you guys get that list?  is there a  app that automatically puts them there just like a pop up blocker instead it updates the blocked hosts?

 

If you have access to a Windows machine, SpyBot Search & Destroy (which you should have installed anyway) has one that you can copy to linux, since it looks just like it.

On another forum I visit, the general concensus seems to be that "huge hosts file = slower network access time", since the computer has to wade through the entire hosts file to see if the address you're typing is there or if it has to get it from a DNS server. The reasoning seems valid, but may not be a very big deal these days. Any comments?

----------

## farrioth

Here's a link to my adhosts list.

 *ynef wrote:*   

> 
> 
> On another forum I visit, the general concensus seems to be that "huge hosts file = slower network access time", since the computer has to wade through the entire hosts file to see if the address you're typing is there or if it has to get it from a DNS server. The reasoning seems valid, but may not be a very big deal these days. Any comments?
> 
> 

 

Having a large hosts file dosen't seem to make much difference in time to me.  I also add sites I visit often to the hosts file, as this if faster than using the DNS (of an ISP, not on my lan).

----------

## Garbz

I've not noticed any difference with large hosts file.

Btw this is mine: http://www.everythingisnt.com/hosts.html  found it a while ago.

So try spamassassin and squidguard.

I used to use spam assassin but my migration from exim 2 to 3 made it difficult with ACLs, so does anyone know of a webpage i can find information for getting my mail checked in exim?  So far i've had little sucess, since most of the articles i've found are either poorly written or for exim 2.

----------

## Diceman

just to make i get this straight. by making all of those ad servers point to 127.0.0.1, they never get through. i just copy and paste all those servers into my hosts file and go? dont want to screw anything up.(past what it is.  :Smile:   )

----------

## Garbz

that is exactly how it works!

i have come accros the occasion where i get a timeout because nothign could be found on port 80 and windows is to dumb to know that, so i pointed everything to my firewall instead.

----------

## jkcunningham

 *farrioth wrote:*   

> Here's a link to my adhosts list.
> 
> Having a large hosts file dosen't seem to make much difference in time to me.  I also add sites I visit often to the hosts file, as this if faster than using the DNS (of an ISP, not on my lan).

 

You can eliminate both these issues by running dnsmasq as well - its a dns proxy which speeds up dns queries to frequent sites by orders of magnitudes. 

-Jeff

----------

## gnuageux

If you google for /etc/hosts you should get some pages returned with up to date (I assume) host tables.

----------

