I dont like advertisements… PI-Hole for Smartphones!

Well… I recently bought some PS3s because they’re cheap and the last console-generation (to my knowledge) that is (comparatively) easy to jailbreak. But thats another story. Its just the reason that made me do the things i want to tell now. I started youtube on my PS3 and… got advertisements.

Disclaimer on the beginning: I didnt manage to completely block youtube-ads with Pihole, so if thats your goal: dont bother reading further.

As i was trying to block youtube, i noticed its pretty effective against mobile advertisements on my phone.

There were several problems: The PI was only running behind a NAT in my LAN, and my phone isnt rooted so i couldnt set DNS-Resolvers globaly.

The first problem was resolved by me remembering a virtual server i have rented, and installing pihole there:

51.38.191.141

On that IP i am running the pihole now. After solving that problem, i quickly noticed another problem: PiHole doesnt seem to be able to block malicious clients, so i nearly instantaneously got traffic from two clients demanding IPs for “.” and “sl”.

I blocked them manually and havent got any problems with it so far, and i am unsure if it was just stupidity or malicious. Whatever – manually blocking ips doesnt scale well so i am happy that there were only two.

The second problem i had was, as mentioned above, that my phone isnt rooted and i couldnt simply change my DNS-Resolvers globally. I got around that problem by finding… an APP (who would have guessed).

The Problem is that i wanted to use pihole for more privacy and to use just the first that changes dns-servers isnt the best idea, probably as its possible for those to get quite some insight in my surfing (and app) habbits.

In the end i found the DNSChanger for IPv4/IPv6 Open source and ad-free (quite a name) from Frostnerd (https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger&hl=en&gl=US) that seems to be what it sais.

At least its open-source and adfree, and i had a (very) short glance into the code and it wasnt obviously harmfull.

The technique is quite interesting:

The app opens a (local) vpn and tunnels the traffic through that (locally) to change the DNS for all traffic. Quite elegant to circumvent the rooting-need. (Lets be honest: The only reason you cant just change your DNS is because of phone-advertisements, BUT in many regions VPNs are needed to not be hanged for watching porn or being gay while on your phone, so even the advertising-industry (google) left this loophole to get every bit of traffic through.)

Now i have an ad-free phone. I wonder how long (see the unanticipated problem) pihole will be running.

P.S.: Of course you can use my PI-Hole if you want – as long as its there. 😉

Docker – First steps and basic commands

As i have to use docker, i decided to write this (mostly for myself) to be able to look up useful docker things.

I got them from https://docker-curriculum.com/ – so visit there for more details!

Definitions:

Images: The blueprint and environment for containers

Containers: Are created from images with run and are the processes of the images (so to speak)

Commands:

#install container
docker pull $containername

#run container
docker run $container
docker run -d $container #detached
docker run -P $container #attach internal ports to random (outside) ports

##mostly used:
docker run -d -P --name $customname $container

#run container with terminal
docker run -it $container sh

#show containers
docker ps -a

#show used ports
docker port $customname

#stop containers
docker stop $customname #or container id

#delete exited containers (caution)
docker container prune

#show local images
docker images

Fixing WordPress error: Publishing failed.

On another wordpressinstallation i manage i began, after an update, to get the following error when i tried to publish a new page:

wordpress publishing failed. you are probably offline.

After some googleing i got the solution: the site address wasnt the one i configured, but apparently another one i configured for testing when i first installed that instance. i have no good idea why it reset, but the update failed and i had to reset it and ran it again. thats maybe the reason.

however….

the solution: after changing the site address to the correct value (the wordpress address was still correct) all worked.

Testing the DSGVO-conform embedding of a youtube-video (of myself)

As i plan to make more videos in the future, i want to test the dsgvo-conform embedding of my first youtube-video, as its not really relevant, yet.

I hate the dsgvo… Its good for privacy and all… But… i think its a little much… I have to add the picture for youtube manually…

I should look up another way to embed youtube or look up how expencive the fine would be… Maybe if the user agrees to the conditions at the start… We’ll see…

SSL on Apache2 (while using wordpress)

Sooo… I fixed it and i know what went wrong with ssl – and it was actually not that hard to fix.

To cut things short: If you are using wordpress and change the domain (or subdomain) in your vhosts, do it in the setting-menu of wordpress BEFORE. Else everything will break down and if you are trying to deploy ssl at the same time it will break down even more and you will get the most interesting error messages in your browser and much more other ambigious stuff…

But lets begin at the start.

As i am hosting some websites on my server with one ip, i have to use vhosts. If they are properly configured, its no problem – but my friend bought a new domain and wanted to migrate the wordpress-sites to the new domain and get https (so ssl encryption) for them for obvious reasons.

I used LetsEncrypt (https://wiki.debian.org/LetsEncrypt) because its free and relatively easy (very easy, to be honest). I know there were some fuckups in the past with it, but lets be plain: All i want is, that the little icon in your browser shows a green lock (or whatever symbol is used in your browser). Thats it. Its okay for me that the security isnt perfect, because i only care about the fact that the user isnt getting a “this site might be insecure” message or even worse, that the browser decides to not show the site at all. I probably have to apologize for my long sentences at this point – but i am german and as a german i can tell you: these sentences arent long at all… 😉

Back to topic: I use Letsencrypt and the certbot (“sudo apt install certbot” on debian) for getting my green lock in the browser.

The first thing to note:

For every domain there should be a certificate. (Subdomains excluded, obviously.)

Do not use the same certificate for different Domains!

The next thing to note:

Configure your vhosts (and webserver) beforehand – certbot needs all the sites you want to certify to be reachable.

If thats done, you can create your certificate with certbot:

sudo certbot --apache -d yourdomain.xyz -d www.yourdomain.xyz

All Subdomains should be in there (remember: www is a subdomain).

If you get another subdomain, you can expand the currently used certificate by ADDING the new subdomain to your certbot-line. Be careful to have all your existing domains in the line.

(You will then get prompted if you want to expand the certificate – thats what you want, then)

Anyway – You probably will get prompted if you want certbot change settings of your webserver. I dont recommend it, because it broke stuff – at least for me.

After you have run certbot, your vhosts will have gotten updated, as well.

If you encounter a problem, check your vhosts and if you chane something there, remember to reload or restart the server.

Here is my (slightly modified) conf for this site.

<VirtualHost *:80>
        ServerAdmin me@me.best
        ServerName diemo.best
        ServerAlias www.diemo.best
        DocumentRoot /var/www/mylocation
        <Directory /var/www/mylocation>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Require all granted
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
        LogLevel warn
       CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.diemo.best [OR]
RewriteCond %{SERVER_NAME} =diemo.best
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
        ServerAdmin me@me.best
        ServerName diemo.best
        ServerAlias www.diemo.best
        DocumentRoot /var/www/mylocation
        <Directory /var/www/mylocation>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Require all granted
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/diemo.best/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/diemo.best/privkey.pem
</VirtualHost>

Notice: Lines 34,35 and 36 were added by certbot – you should have the rest ready when you run certbot. (You’ll probably get an ssl-error but thats okay.)

Congratulations! You should now have working ssl.

P.S.: The certificates have to be updated every 90 days. Maybe i will write a post about that later.

Copying a Website with wget

Today I was asked to download an old website for archiving purposes.

I decided to use wget.

The command is:

wget --recursive --no-clobber --page-requisites --convert-links --html-extension --no-parent  http://www.domain.xyz

The function of the arguments is as follows:

–recursive -> Kinda obvious… follow links on the website to download more than just the index-page

–no-clobber -> do not download files that are already there.

–page-requisites -> download everything needed for displaying the page

–convert-links -> convert the links from the original to the now local copy (if you dont do that, clicking on a link will get you to the original site on the server…)

–html-extension -> converts other extensions to html, or in other words: makes remote scripts (visiter-counter for example) work on your local copy

–no-parent -> is used to tell wget not to follow links outside of the given domain (for example facebook-buttons etc.) only download subpaths of the given domain.

Thats it, basically… Easy… 😉