Category: Web

Blocking Unwanted Connections with a Hosts File

On By Hans-Henry JakobsenIn Linux, Web, Windows

You can use a HOSTS file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers. This is accomplished by blocking the connection(s) that supplies these little gems. This is a simple script that downloads a new hosts file for your operating system and redirects all requests for unwanted connections to 127.0.0.1.
The new hosts file will reduce your bandwidth usage.

The following script will download the new hosts file, make a backup of your current file before the new hosts file is being used.
The new file will be used immediately after you have copied it. You can revert to your old hosts file by copying it back.

#!/bin/bash
wget -O /tmp/new-hostsfile.txt http://winhelp2002.mvps.org/hosts.txt
mv /etc/hosts /etc/hosts.backup
mv /tmp/new-hostsfile.txt /etc/hosts

A more detailed description of the script can be found on http://winhelp2002.mvps.org/hosts.htm.
This has been tested in Ubuntu 13.04 but will work on any operating system that uses a /etc/hosts file, like Windows and linux.

How to Remove Dashboard widgets in WordPress

On By Hans-Henry JakobsenIn Web

This is a quick way to remove dashboard widgets in WordPress. These are some of the widgets I hide on one of my WordPress installations by adding these lines to the theme functions.php file. To hide other widgets, view the source code for the Dashboard and search for their label value.

add_action('admin_init', 'rw_remove_dashboard_widgets');
function rw_remove_dashboard_widgets() {
 //remove_meta_box('dashboard_right_now', 'dashboard', 'normal');   // right now
 remove_meta_box('dashboard_recent_comments', 'dashboard', 'normal'); // recent comments
 remove_meta_box('dashboard_incoming_links', 'dashboard', 'normal');  // incoming links
 remove_meta_box('dashboard_plugins', 'dashboard', 'normal');   // plugins
 remove_meta_box('dashboard_quick_press', 'dashboard', 'normal');  // quick press
 remove_meta_box('dashboard_recent_drafts', 'dashboard', 'normal');  // recent drafts
 remove_meta_box('gbworld_dashboard_widget', 'dashboard', 'normal'); // your blog-activity
 remove_meta_box('blogplay_db_widget', 'dashboard', 'normal'); // blogplay.com widget
 remove_meta_box('dashboard_primary', 'dashboard', 'normal');   // wordpress blog
 remove_meta_box('dashboard_secondary', 'dashboard', 'normal');   // other wordpress news
 remove_meta_box('yoast_db_widget', 'dashboard', 'normal'); //yoast widget

Easy way to decode or decrypt eval gzinflate str_rot13 base64_decode variables

On By Hans-Henry JakobsenIn Scripting, Security, Web

If you download and install many WordPress themes you will sometimes find themes that have encrypted lines or variables in the footer part of the theme, in the functions.php file or other included theme files.
I do not trust these lines of code and would not use a theme without knowing what code is being run. Therefore I decode these lines to determine if this is a theme I would like to use or just delete it because it contains dangerous code. Most of the time these encrypted lines just contain copyright information the authors of the theme don’t want you to change.

This is an example of how a encrypted variable might look like

echo(str_rot13('shapgvba purpx_urnqre(){vs(!(shapgvba_rkvfgf("purpx_shapgvbaf")&&shapgvba_rkvfgf("purpx_s_sbbgre"))){rpub (\'Guvf gurzr vf eryrnfrq haqre perngvir pbzzbaf yvprapr, nyy yvaxf va gur sbbgre fubhyq erznva vagnpg< /sbag>< /o>\');}}'));

Wordpress eval decode

The easy way to show the contents of this variable is copy the entire line into a new PHP file and replace the eval command with echo and save the file into file decode.php

Then you run the PHP file like this

# php decode.php

The result in this example should be

function check_header(){if(!(function_exists("check_functions")&&function_exists("check_f_footer"))){echo (' < b>< font color=white size=4>This theme is released under creative commons licence, all links in the footer should remain intact< /font>');}}

I have included an image of the code in case it is not shown correctly in WordPress.
Wordpress eval result

I have written about this topic before, WordPress themes with eval and base64_decode lines but this is a much simpler way of showing the content of the unreadable variables.

PHP script to recreate empty WordPress post slugs

On By Hans-Henry JakobsenIn Scripting, Web1 Comment

This post describes how I managed to recreate empty WordPress 3.0 permalink post slugs with the post title of the blog posts using a slightly modified version of the script found on another blog post named Bulk update post slugs in a wordpress blog. This script became handy since some of my post slugs was missing permalink content because the content in my WordPress blog was migrated from an old PostNuke blog and was not SEO friendly.

The only change I did to the script was to use the PHP function rawurlencode() to encode the Norwegian letters æøå into a URL friendly URLs and change the formatting of how the changes was presented to the web browser. It is very important that you remember to make a backup of your WordPress database before you run this script. Just in case you need to revert your post slugs changes.

The script

// change this this to strip old slugs if needed:
//update wp_posts set post_name = '' where guid like '%.asp'
set_time_limit(20000);

/** Loads the WordPress Environment and Template, allowing wp functions like the_title() */
define('WP_USE_THEMES', false);
require('./wp-blog-header.php');

function bleach($which)
{
    $result = sanitize_title(get_the_title($which));
    return $result;
}

$dbhost = 'localhost';
$dbuser = 'username';
$dbpass = 'password';
$dbname = 'wordpress';

$sql = 'SELECT ID, post_title' . ' FROM `wp_posts`' . ' WHERE post_status = "publish"' . " and post_name = '' " . ' order by ID asc';

$db = mysql_connect($dbhost, $dbuser, $dbpass) or die('Could not connect: ' . mysql_error());
mysql_select_db($dbname);

$result = mysql_query($sql) or die('Query failed: ' . mysql_error());
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
    $id         = $row['ID'];
    $title      = $row['post_title'];
    $clean_slug = rawurlencode(bleach($id));

    echo "ID:{$row['ID']} " . "post_title : {$title} " . "sanitized : {$clean_slug}
";
    $sql_u = "UPDATE `wp_posts` SET post_name = '" . $clean_slug . "' " . 'WHERE ID = ' . $id;
    echo 'QUERY:' . $sql_u . '
';
    mysql_query($sql_u) or die('ERROR: ' . mysql_error());
    flush();
}
echo "";
mysql_close($db);

Save this PHP script in the root path of your WordPress installation. In my case I named it “regenerate_post_slugs.php” and ran it from my web browser by visiting the web address http://example.com/regenerate_post_slugs.php Remeber to add the <?php and ?> PHP tags in the beginning and end of the script.
The changes the script does to your WordPress database will be printed on your web browsers window. If the changes does not meet your post slug wishes, just revert to the backup you made before running this script.

This is an excerp from the result after running the script on my WordPress database

...
ID:1273 post_title : Presentasjon av spillere og kampoversikt klart! sanitized : presentasjon-av-spillere-og-kampoversikt-klart
QUERY:UPDATE `wp_posts` SET post_name = 'presentasjon-av-spillere-og-kampoversikt-klart' WHERE ID = 1273
ID:1274 post_title : Problemer på hjemmesiden! sanitized : problemer-pa-hjemmesiden
QUERY:UPDATE `wp_posts` SET post_name = 'problemer-pa-hjemmesiden' WHERE ID = 1274
...

You can download the script regenerate_post_slugs.php if you experience that some of the content is missing. Remember to rename it to .php

Redirect failing URLs to other webserver

On By Hans-Henry JakobsenIn Web

A typical FAQ about URL rewriting is how to redirect failing requests on webserver A to webserver B. Usually this is done via ErrorDocument CGI-scripts in Perl, but there is also a mod_rewrite solution. But notice that this performs more poorly than using an ErrorDocument CGI-script!

Place this in your httpd.conf og .htaccess file on the domain you want to redirect HTTP requests from
Solution
This is one possible solution but less flexible, and is less error safe

RewriteEngine on
RewriteCond   /your/docroot/%{REQUEST_FILENAME} !-f
RewriteRule   ^(.+)                             http://webserverB.dom/$1

The problem here is that this will only work for pages inside the DocumentRoot.

Source