Disable (dot)php files from being executed (NGINX+PHP)

I am wondering if my configuration was executing the hacked dot files before removal.

Ubuntu 18.04 LTS + NGINX + PHP 7.4

My WordPress site got hacked. The malware created a copy of each file and named it .{filename} (mention the dot in front).

This is what the hacked directory looks like:
index.php (normal)
.index.php (hacked, being executed I guess)

This is what my vhost looks like:

# Deny access to hidden files
  location ~ /. {
      deny all;
  location ~* /(?:uploads|files)/.*.php$ {
    deny all;
  location ~ ^/wp-includes/(^/)+.php$ {
      deny all;

(*) I did not made any adjustments to the standard php.ini, except raising the max_execution_time and some other limits.

Do you think this was enough to prevent PHP of executing these hacked files?

WordPress fix
This command automatically removes all dot php files from the /var/www directory:
find /var/www/-type f -name .*.php # -delete # UNCOMMENT to actually delete

After that, I have deleted and manually downloaded new copies in /wp-content/plugins, /wp-content/themes, /wp-includes, /wp-admin and restored a back-up of /wp-content/uploads and /wp-content/languages. So yes, I think my WordPress site is clean now.

disable people picker 2010

I am using following “code” to disable people picker in custom edit form:

$("div(id$='_UserField_upLevelDiv')").attr("contentEditable",false);//Disabling People picker
$("span(id$='_UserField')").find("img").hide(); //hiding search field and check which are adjacent to people picker

Control is disabled but when there is something (or rather someone) in the field already, I can select that person and delete it by pressing delete on the keyboard.
Is there a way of restricting that behavior?

Just found out that it is working fine in IE10 but not in Chrome.

settings – How to disable mobile data, in a way that’s hard to re-activate, while still allowing mobile calls, for a child’s phone?

I want to disable mobile data in the phone settings for my child in a way that makes it hard to re-activate it. Just turning off the “mobile data” setting is far too tempting for them to undo.

What I’ve tried:

  1. Under Settings > Connections > Mobile Networks > Network Mode, I updated the setting to “2G only”, which disabled mobile data but also disabled mobile calling. So that doesn’t work.
  2. Under Settings > Connections > Mobile Networks > Access Point Names > Data, I tried changing the “APN” value and also (separately) tried changing the “Mobile virtual network operator value”, but mobile data still worked with either of those options changed.

Is there a different setting that will disable mobile data while still allowing mobile calls?

Am using Android 10 on a Samsung phone in New Zealand.

Sharepoint Online – Disable Versioning, or force onedrive to not clone objects

for OneDrive Versioning there is not OOB way available to disable it.

Can I disable versioning?
With these changes, the document library settings page will no longer support the ability to disable versioning or configure it to retain fewer than one hundred versions. Developer APIs, however, will still allow for setting any custom retention count and disabling versioning, however for the reasons stated above this is highly discouraged.

Reference link:https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/New-Updates-to-OneDrive-and-SharePoint-Team-Site-Versioning/ba-p/204390

You can delete some version history to save some space according to this article:

Note:The way mentioned in the article to disable versioning or set versions less than 100 is not available for now

plist – Custom Settings: disable Siri and Dictation

Using an MDM and creating a Configuration Profile with a custom settings I need to disable Siri and Dictation.

I did find (I hope) the correct custom plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <key>Assistant Allowed</key>
    <key>Ironwood Allowed</key>
    <key>Profanity Allowed</key>

But the part that I am not sure is what exact PREFERENCE DOMAIN The name of a preference domain (com.company.application) I need to use? This is confusing to me. Can I just use a generic name?

For example: com.mycompanyname.whateveriwant

or I need to specify the correct name?

Example: com.apple.whatisthecorrectname

Just in case the second example is the correct answer and after you provide me the correct answer, can you please explain to me how did you get there (what is the logic behind) so next time I know.

Thank you so much in advance for your help.

How to disable Facebook top banner

Facebook web page now shows the top banner (with Search box, Home, People,… buttons). Is there a way to disable that? I checked some Firefox and Chrome plugins. None of them does this. This banner takes away some screen space. And if you read messages in a group you’re a member of, the group name adds another banner (unless you’re at the top of the webpage).

A way to disable the SMB signing mechanism at the Apple Time Capsule?

I want to ask here an Apple Time Capsule related technical question.

In short, – exist there a way to disable at the Time Capsule the SMB signing feature?

Regarding the original SMB1 protocol, the signing mechanism is extremely slowing down the overall performance. For example, in my case, the writing to the Time Capsule network share is over a Gigabit LAN connection around 15 MB/s and goes down to around 2 – 3 MB/s when a lot of smaller files are transferred.

This behavior is SMB1 related and is therefore present on different operation systems and (older) NAS network devices. Newer SMB2+ versions have a different more efficient design which results in a far reduced overhead in conjunction with the signing feature. I can confirm this for several older Windows 7 computers were their (SMB2 based) network shares can handle transfer speeds up to 100 MB/s.

The usual solution is to disable the SMB signing. This can be done on Mac OS (and other OS) quite easy: https://dpron.com/os-x-10-11-5-slow-smb/

However, in my case it is somewhat more complex. Regarding the Time Capsule I had to do this at the “server side” which is effectively the Time Capsule. I have experimented to deactivate the signing at the client side (Mac OS, Windows 7) but it shows no effect. The SMB1 network share speed is always very slow because the SMB1 signing remains active.

So, my idea is to find a BSD command which deactivates the signing at the Time Capsule. The earlier Time Capsule models (up to the fourth generation) are NetBSD 4.0 based. The last model, the fifth generation, is based on NetBSD 6. There exist a nonofficial way to access the Time Capsule through SSH. 😉

And finally, a switch to the Apple AFP protocol is not a real solution because the Time Capsule share is also used under Linux and Windows. AFP is therefore only a solution for Mac OS based systems. However, Apple itself regards AFP as deprecated. It is no longer supported with the new APFS file system. Apple uses for APFS based network shares newer SMB versions.

Any help is welcome. 🙂

magento2.3 – how to make Ui admin form field disable dynamically

I have ui componenet form i want to disable one field dynamically when add only.

 <field formElement="select" name="classification" sortOrder="40">
            <label translate="true">Classification</label>
                <rule name="required-entry" xsi:type="boolean">true</rule>
                    <options class="VendorModuleModelObjectSourceDivisionAgeFrontEndClass"/>

<disabled>true</disabled> this line disable for all action.
i have refer this link but not getting idea how to use this