Adding Cryptojacking Campaign - Drupal Sites To Main Blocklist



Please can someone add the Cryptojacking Campaign - Drupal Sites, to the main pi-hole block list repository.




I took the hosts from the lists above and placed them on this pastebin.

It will never expire so go ahead and use it as an additional list. (manually updated)

I signed up for updates from that list, so once it gets updated I’ll update the pastebin too (i’ll still maintain pastebin for the ones using it).


you can also use @deHakkelaar’s list:

It auto updates itself. Simply add it to the block lists in your pi-hole and it will work.


That’s great thanks :slight_smile:


EDIT: Read down posts below this one for updates!!!

Put it in CRON like so:

sudo mkdir /var/www/html/lists

echo $((RANDOM % 60)) "2 * * * root curl -s '' | awk -F , '{print $1}' | tail -n +2 | tee /var/www/html/lists/cryptojacking_campaign.list.txt 2>&1 > /dev/null && curl -s '' | awk -F , '{print $1}' | tail -n +2 | tee -a /var/www/html/lists/cryptojacking_campaign.list.txt 2>&1 > /dev/null" | sudo tee /etc/cron.d/cryptojacking_campaign

sudo service cron reload

When CRON runs between 2 and 3 AM (randomized), the generated list will be written locally to “/var/www/html/lists/cryptojacking_campaign.list.txt

To create the list immediately instead of waiting for CRON to run:

curl -s '' | awk -F , '{print $1}' | tail -n +2 | sudo tee /var/www/html/lists/cryptojacking_campaign.list.txt 2>&1 > /dev/null && curl -s '' | awk -F , '{print $1}' | tail -n +2 | sudo tee -a /var/www/html/lists/cryptojacking_campaign.list.txt 2>&1 > /dev/null

On the Pi-hole admin page you can add below link as a list:



It syncs with the google sheet every hour as the list is still growing
… for the lazy ones :wink:

@Ukruler54321, maybe you could mention the source in your first posting:


I added the URL to adlists.list, which is in /etc/pihole will this do the trick?


That will do the trick.
If you run below one, the added URL will be imported into Pi-hole:

pihole -g

But I offered two automated alternatives as to relieve @RamSet from having to manually update that pastebin list whenever the google sheet gets updated.
If you dont want to setup cron like described above, you can use the link I provided as a list instead of the pastebin one:

And you dont need to edit the “adlists.list” file manually.
Instead use the web GUI to add the URL to the lists:



I updated the Pastebin list (and added the new host they added unders the second tab)

@deHakkelaar they started adding hosts to the second tab of the excel file.

You should update your contab to grab from there also :slight_smile:


I have deleted link from adlists.list.

Then added to the blocklist using the following command.

The terminal displays the “is not a valid argument or domain name!”



pihole -b adds a domain to the blacklist. It’s not the correct way to add it to your ad lists.

sudo nano /etc/pihole/adlists.list

at the end, save and run a

pihole -g

That should get you there :slight_smile:


I updated the cron instructions above, the cron line is a bit long now :wink:
and below list is generated every hour pulling in both sheets now:

pi@noads:~ $ curl -s | wc -l

pi@noads:~ $ curl -s | tail


Use the Pi-hole admin web GUI to add URL lists.
It will automatically pull all the blocked domains into Pi-hole.
The below link should get you there:



Thanks it worked


@deHakkelaar the spreadsheet has 5 pages. Does your list contain all of them?

Compromised Drupal properties (Source, Malwarebytes blog)


Concatenated all on the pastebin list.


Now it does:

pi@noads:~ $ curl -s | wc -l

And I moved shop to a VM thats got LetsEncrypt SSL:

Better test the URL in a browser first as my DNS change might not have propagated yet.
If you get a “Secure Connection Failed” messages or similar in the browser you need to wait a bit (DNS record TTL = 12 hours).
But as soon as you can load that https link in a browser, you can add it as a list in Pi-hole, and remove the old http one of course.
I’ll keep the old http one running for a while as well.

The crontab became too long so I scripted it and put that in a crontab:


curl -s '' | awk -F , '{print $1}' | tail -n +2 | tee /var/www/html/lists/cryptojacking_campaign.list.txt
curl -s '' | awk -F , '{print $1}' | tail -n +2 | tee -a /var/www/html/lists/cryptojacking_campaign.list.txt
curl -s '' | awk -F , '{print $1}' | tail -n +2 | tee -a /var/www/html/lists/cryptojacking_campaign.list.txt
curl -s '' | awk -F , '{print $1}' | tail -n +2 | tee -a /var/www/html/lists/cryptojacking_campaign.list.txt
curl -s '' | awk -F , '{print $1}' | awk -F '//' '{print$2}' | grep -v '^$' | tail -n +2 | tee -a /var/www/html/lists/cryptojacking_campaign.list.txt