#the bde is over 10000 | Explore Tumblr Posts and Blogs

pinkcatharsis · 4 years

Note

Okay I saw this for kakairu but I feel like this would be sooo much better for iruyama of just wild rumors going around about iruka being a sex god and ruining sex for everyone he sleeps w bc he’s THAT good and he has no idea and everyone who hears it is just like hmmmm I have doubts

So a couple of guys drinkin bein bros hears it and tenzo gets a littttttlw tipsy and is like yolo let’s try I’ll get in on this bet to see if he’s really that good

Next day tries to seduce/flirt/pickup iruka as he’s leaving the tower w scrolls but iruka sees a bunch of jounin watching around the corner and guesses it’s a bet or something so he takes tenzo to a supply closet blows his mind and has him screaming out iruka name and iruka leaves the closet pristine and as put together as he went in and waving at the jounin outside the door and then tenzo appears totally fucked out looking and just pays genma his bet money and starts walking off talking about needing to propose to iruka lol

Rule of thumb on how I write Iruka: he would never do this sober. Lol. He wouldn't blow someone who is obviously drunk either. No matter how attractive they are.

That being said, I can see this working if Tenzou is serious and flirting and in it for a quickie. SURE. The thrill behind doing it fast and dirty is a train Iruka can get on. Tenzou screaming though? Yah, no. Not my Tenzou anyway. He's too well trained to be loud.

But sure, Iruka would blow that BDE. 10000%

Here you go.

SMUT AHEAD -- HAPPY VALENTINES! 🥰

In the small cramped, utility closet, Tenzou thumps his head back against the metal shelf, his fingers releasing its iron grip at the base of Iruka's now mostly freed ponytail, a soft grunt flowing past e job of his exposed Adam's apple. He had to tug down the chin guard earlier, when Iruka's mouth had taken the length of his cock, all of it, mouth stretched full with the girth and heat of his flesh, stroking it salaciously, pre-cum and saliva running down his chin.

Looking down at Iruka now, just past ridge of his nose, Tenzou watches with slow, forcibly measured breaths as Iruka pulls back, releasing the head of his cock and catching the last bit of cum with the tip of his tongue. Greedy. Hungry. Tenzou watches with nothing short of fascination as Iruka swallows cleanly, like he's finishing his meal.

Iruka brushes the back of his hand over the corner of his lips, clearing his throat that must be so raw now, scraped viciously with the way Tenzou had pretty much held on to Iruka's head and fucked the demanding, pertinent mouth with his cock. Iruka had taken it without complaint, with a bit of a grin tugging around the corners of his mouth, a flaming glow in his eyes as he looked up at Tenzou, kept his gaze locked on Tenzou the entire fucking time -- gods.

Tenzou couldn't do anything except snap his hips forward, following helplessly the brutal pace Iruka had set with his mouth and tongue, intent to suck Tenzou dry. Tenzou couldn't do anything except surrender, gritting his teeth to the point that his jaw HURT, from how hard he's grinding his teeth to keep quiet, to not groan out loud, or worse, say Iruka's name. When all he wants to do is just sigh those two syllables out. His lower lip is swollen now, throbbing with a dull ache from where he had bitten down upon in it in an effort to have some sort of control.

Tenzou swallows thickly, watching Iruka lean back and pluck the hair tie out Tenzou's fingers, neatly and quickly redoing his ponytail on his knees. Tenzou watches as Iruka straightens his forehead protector, checking the front of his uniform for any of the meas, any hint of Tenzou's filth. Iruka actually makes a pleased humming sound when he finds he's clean.

Unlike Tenzou.

Who still leans there, with his still softening cock hanging out by his leg. Something that Iruka not so gently ticks back and away, tugging Tenzou's pants that had been stripped down to mid thigh up and proper, buttoned and zipped, vest secured before Iruka has audacity to reach into his utility pouch for a small bottle of sanitizer. Something hensquirts liberally into his hands and proceeds to wash his hands right there, in front of Tenzou, before tucking that away and shaking his hands to air dry.

"Uhm..." Tenzou managed to say, intelligently, before he blinks and clears his throat, still trying to gather himself after having the orgasm ripped right out of him. Sucked right out of him.

Iruka leans over and kisses him, slanting his mouth over Tenzou's lips and pushing his tongue past the slight parting in shock lips of Tenzou's mouth.

In the poor lit room, Tenzou remembers he has functioning hands and manages to place them on Iruka's hips, his grip turning bruisingly hard, as he tastes his own cum on a Iruka's lips, mixing with sweetened honeyed tea and what had been dried fruit, Tenzou remembers seeing. Iruka had been snacking on dried apricots when he had approached him on the desk and all but asked Iruka if it was true, that your mouth is heaven, so they say.

Iruka had just looked at him for a very long time, huffed bemusedly, then asked Tenzou to follow him somewhere private. Where Iruka then shoved him against the shelves, shushed him and told him, I like it when my mouth is fucked and you hold my hair.

Mere thirteen words.

And now, Iruka is slapping him across the cheek, grabbing Tenzou by the jaw and chin, shaking him a bit as though Tenzou is a mere child.

It's a little humiliating.

Iruka then says, "I hope you lost the bet spectacularly. And that you're broke and eat dirt cheap for weeks, Yamato-san."

Eighteen words.

Before grins cheekily, charming dimples dotting his cheeks. Vainglorious. Fucking beautiful.

Then Iruka is gone.

Thirty one words is all it took for Tenzou to swallow, staring at the ceiling and halogen light for a long time, before he exits the utility room.

He's going to have to make a cash withdrawal to pay off his bet.

Something he finds, is well worth that little fifteen minute adventure in the utility room.

He can live on ramen and bread for a while.

Hope you liked that anon. Literally wrote it now on my phone as I answer this lol!

#anon asks #ask me anons #yamairu #yamato tenzo #tenzou yamato #umino iruka #fic

28 notes · View notes

rogers-sweatbands · 6 years

Text

what hogwarts houses the members of queen are in

A/N: oops this contains some hot takes (in my opinion) but this is what i wholeheartedly believe. enjoy !!!!!!!!!

Freddie: Gryffindor

okay this mans is 100% a gryffindor

like this should not be a surprise to anyone

first off, we all know that harry potter is 100% problematic and loses house points for them all the time

now imagine freddie

he would totally make gryffindor lose points on a daily basis just because he was being himself

gryffindors are also judgemental

and freddie is the king of the judgmental face

we all know this

it takes approximately three (3) minutes hanging out with a gryffindor before you get into some ~*trouble*~

freddie’s parties were def the same way, y’all

3 min in ?????? things got fucking insane

it’s hard to admit this, but without gryffindor, there wouldn’t be much of a story for hogwarts

because not much shit would go down

and hogwarts would be a whole lot safer

and the same is true for queen

like, without freddie, queen wouldn’t have much of a story either !!

moving into gryffindor qualities:

brave-

this honestly doesn’t need much of an explanation

an lgbtq+ icon

went through AIDS during the 80s (such a scary time)

did not give a single fuck about what anyone thought of him

is the actual definition of bravery

loyal-

not to be dramatic, but freddie would have died for any of the other boys

he loved them so fucking much

i hope they know that oof

although he had his moments, freddie was so loyal to all the guys and was/is so fucking amazing ugh

wise-

because of his life experience and different outlook on life, i feel like that made freddie so wise

he had all of these different perspectives compared to a lot of other people

and he would showcase these perspectives in his music

freddie was just so fucking amazing, my heart

i think freddie is muggle born

and he owns it !!!!

he is so proud of his heritage but is also so into the fact that he’s a wizard

freddie is the cutest gryffindor ever awwww

plus he’d look amazing in scarlet and gold

Brian: Ravenclaw

this choice should come as no surprise as brian harold may is a true and true ravenclaw

we’re going to start off with how ravenclaws are all so goddamn cool and intelligent ????? like wow, no one can top that shit

brian may is literally a rockstar and astrophysicist and that’s some hardcore ravenclaw energy right there

ravenclaws are also so hardcore interested in the universe

they nut for philosophical conversations and that sort of shit

look at luna lovegood for example

this girl always had the coolest and most interesting shit to say

she is also so fucking smart and no one really believed it for a hot minute and that makes me so angry

ravenclaws also have the ability to see past the surface of what’s in front of them

brian totally has the ability to see past the front that someone has so carefully put up and would get to know you for who you are

also, he looked up at the stars one day and saw them for so much more than glittery things in the sky

it sparked such a passion in him

ravenclaws also take friendship so fucking seriously

friendships are cherished so much within ravenclaw, sometimes even more than their cleverness

bringing up my girl luna again

we find out in deathly hallows that luna literally had decorated her room with portraits of her best friends in the entire world

and all of these paintings have a thin golden chain weaving around them to connect them that literally reads the words “friends” over and over

that’s some cute ass (and kind ass) shit right there

moving into ravenclaw qualities:

intelligence-

we all already know that this man is smart as shit

he has a fucking phd

(i’m repeating this for emphasis) a phd

in space dust !!!!!!!!!!

like this mans started his phd, went and became a member of one of the biggest bands of all time, and then literally went back and finished his phd

he is so smart it makes me want to cry

creativity-

what’s so amazing about bri’s creativity is that it all derives from how fucking smart he is

look at the songs he’s written... like, he’s a musical genius

and even on the songs he didn’t write, he was still super helpful with coming up with the guitar lines which is fucking sick as hell

they’re all so fucking good too

we stan a creative king

acceptance-

from a young age i think brian realized that his interests were probably a lot different than his peers

not only was he constantly thinking about the stars and what was going on in the universe, he also had such a passion for music

this prob led to him standing out from everyone else in a good way

and he had to come to terms with it

but boy did he bc look at him now, that rockin’ space man

tbh i see brian being a half-blood

because he’d have understanding of both the wizard and muggle worlds

something that would benefit his intelligence even further

the tea is that brian may is such a perfect ravenclaw it makes my heart hurt

Roger: Gryffindor

ok so we are starting this out with the fact that roger meddows taylor is in no way a slytherin

he is a gryffindor in the same way the weasley twins are gryffindors

they’re all so fucking cheeky (sorry for using british slang as an american, we just don’t have a term to perfectly embody what they all are)

rog is chaotic in a gryffindor way and not in a slytherin way

gryffindors literally die if the attention isn’t on them and that’s just the tea

they are always constantly throwing themselves into shit they have no reason to be involved in

this boy would literally throw hissy fits all the damn time and that is true gryffindor energy

HE LOCKED HIMSELF IN A CUPBOARD BECAUSE HE DID NOT GET HIS WAY FOR FUCKS SAKE

in summary, roger meddows taylor invented being the boy in the cupboard before harry potter

gryffindors are also a bit arrogant about the fact that they’re gryffindors

sorry, it’s the truth

and roger literally lives up his own asshole

which is really hot but besides the point

they also think their opinion is best

always

we’re bringing up i'm in love with my car again because this boy would not fucking let it go

tbh he prob thought that song deserved song of the year... lbr

gryffindors break the rules all the god damn fucking time and always get away with it

literally rog with anything

that boy probably could have killed a man and everyone would’ve been like ????? did u see something ?????? he’s got all my uwus, that sweet lil murder baby

also gryffindors are hella hot headed

“he would fly off the handle all the time” -brian may

he would throw televisions out the window

the literal definition of hot headed

moving into gryffindor qualities:

brave-

this boy gave literally zero (0) fucks about what anyone thought of him

his friends used to call him rainbow and he WENT WITH IT

toxic masculinity in reference to his wardrobe ????? not here !!!!!!!!!!!!

loyal-

despite all the fights he’d get into with the boys, he loved them so fucking much and could never imagine himself without them right there

like yeah, they disagreed a lot

a lot, a lot

but they’d always come back together in the end

cunning-

FIRST OF ALL, ROGER TAYLOR IS SO FUCKING SMART AND FUCK ALL OF Y’ALL WHO MAKE HIM SEEM LIKE THE DUMB MEMBER OF THE BAND

because he isn’t

ok tea, to be cunning, you gotta be smart

also, he could be quite cunning with the ladies & we all know this

like damn, that man could say “butterbeer” into my ear and i would probably cum

also rog is def skillful and used his cunningness to get what he wanted in the end

i'm in love with my car being the b-side of bo rhap ???? yeah, he played the band like a fucking harp

i think rog would be a pure-blood

prob because he can be so cocky (and most pure-bloods are seriously so cocky about the fact that they’re pure-bloods)

even harry could get cocky about it sorry but it’s the truth

also rog looks like a lion and gryffindors literally nut about lions

John: Slytherin

i’m going to start this by saying i know this is a hot take but john being a slytherin is seriously one thing i hold so close to my fucking heart. don’t @ me

we’re going to start off with the fact that even when he had his soft™ moments, he still exudes chaotic energy 100000% of the time

john is the most chaotic member of the band and he knows it too

as a slytherin, i can honestly say that we are literally the most chaotic people in the world

slytherins also exude big dick energy 10000% of the time

john is the perfect representation of this

his bde is seriously off the charts, holy fuck

slytherins will push you to succeed

this is because we have so much confidence

sometimes our confidence is confused for cockiness though, not all confidence is cocky !!!!!

guess what ??? that confidence we possess goes toward other people too !!

john ????? yeah we all know how supportive he was towards the other boys

seriously wants nothing more than for them to succeed

he still is that way

moving into slytherin qualities:

resourcefulness-

THIS MAN MADE HIS OWN FUCKING AMP?!?! LIKE, HE LITERALLY BUILT THAT SHIT ON HIS OWNNNN

he also loved to discuss how much he loves diy projects in written interviews (as a fun pastime of his)

lemme tell you, diy-ers are the most resourceful bitches ever

seriously, go speak to your local diy-er

they could probably make a refrigerator out of a toothpick, three thumbtacks, and a litter box

cunning-

this mans was known as the “shy” and “more reserved” member of queen (which we have all learned isn’t the fucking case)

he literally let himself slip under the public radar despite having such chaotic energy

he ran with that shy boy™ title and played us for so long

not that i'm mad but like, damn boi

ambition-

this bitch literally got an honors degree in electronics while queen was recording a fucking album

he literally sat his FINAL EXAMINATIONS WHILE RECORDING A DAMN FUCKING ALBUM

sorry but if that ain’t ambition idk what is

it’s also hella sexy he did that oops

fraternity-

john richard deacon, born the 19th of august 1951, embodies the definition of the word fraternity

he loved each of the other members of queen with his whole fucking heart

the definition of fraternity is “the state or feeling of friendship and mutual support within a group” and john literally did that

the tea is that i think john would be a pure-blood

but he wouldn’t be a dick about it

but like, he’s definitely a pure-blood

and slytherins are most commonly pure-bloods

which sucks because muggle borns and half-bloods are dope af

also, john could be such a sneaky snake, don’t test me

plus, you can’t be that fucking kinky (ya know, freaky deaky if you will) and not be a slytherin

sorry, i don’t make the rules.

in summary, john is a slytherin. thank u for coming to my ted talk.

852 notes · View notes

webdesignersolutions · 7 years

Link

I run a hosting company which host mostly WordPress sites. As you know brute force attacks on WordPress has been a big issue for the past few years. About six months ago after I was able to block most attacks they got even stronger and harder to stop. I figured out how to block them 99% of the time which keeps my server resources down and keeps my clients sites from wasting resources.

If you run your own servers you can use the guide below to protect your clients sites.

This guide is for someone running cPanel 64 or greater with EasyApache 4. Parts of this guide will work for cPanel 58-64 and EasyApache 3 however some features may be missing.

Writing this current guide base on my current server setup. These methods may work with other platforms such as Plesk but I don’t have the environment to test.

Step One – Apache Config

The first thing I did was block ALL xmlrpc.php traffic from anyone but WordPress IPs. These IPs may changes but the list I’m currently using has been working fine for over a year.

You need to add the code below in your apache config. If you’re running cPanel you can login to WHM and search for Apache Configuration. Once you’re on that menu select Include Editor and select the All Versions drop down under Pre VirtualHost Include.

Screenshot

Add your IP address so you can access everything after you block it

This code will redirect all xmlrpc.php and wp-trackback.php to localhost aka 127.0.0.1. You may have clients that use both so make sure they’re not using the WordPress app or using Trackbacks. We decided as a company to block them because they were used for attacks more than anything and not one of our clients reported issues either. If they need xmlrpc.php or wp-trackback.php you can put them on their own server. No need to compromise your security for one client.

<FilesMatch “^(xmlrpc\.php|wp-trackback\.php)”> Order Deny,Allow Deny from all Allow from *.wordpress.com Allow from 192.0.64.0/18 Allow from 185.64.140.0/22 Allow from 2a04:fa80::/29 Allow from 76.74.255.84 Allow from 76.74.255.85 Allow from 192.0.65.204 Allow from 192.0.65.205 Allow from 192.0.80.244 Allow from 192.0.80.246 Allow from 192.0.96.247 Allow from 192.0.96.248 Allow from 192.0.123.250 Allow from xxx.xxx.xxx.xxx <—————- **ADD YOUR IP ADDRESS OR REMOVE THIS LINE** (If you don’t the config will error) Satisfy All ErrorDocument 403 http://127.0.0.1/ </FilesMatch> Step Two – Mod Security

The next step requires Mod Security to be installed. This is a free option within cPanel. Hopefully you’re running the latest cPanel 62+ which has a nice interface for Mod Security.

You can install Mod Security via EasyApache 4. Once you’re login to WHM search for EasyApache 4. Since you most likely already have a running config you can click the blue button to customize your current config. Once everything loads click Apache Modules and search for mod_security. You want to have mod_security2 and mod_security2-mlogc. (You may already have mod_security2 installed but mod_security2-mlogc is a new feature since cPanel 62+.

Screenshot

If yours shows blue and unaffected you already have both installed. If not hit next until you get to the review screen and hit provision

(If you’re running cPanel 62 it’s called modsec-sdbm-util. If you’r’re not running 62+ you can install the plugin from Kenneth Power github https://github.com/escherlat/modsec-sdbm-util)

What mod_security2-mlogc does is clean up your ModSec logs so they don’t get really large in size. I had an issue where the log file /var/cpanel/secdatadir/ip.pag would get 25GB in size and cause the server to overload.

Once you have ModSec installed you can install click the WHM icon at the top left to refresh the page. Then search for ModSecurity in the WHM search panel. Select ModSecurity™ Vendors and add / install the OWASP ModSecurity Core Rule Set V3.0 rules. (You may already have the 2.0 rules installed) Personally I’ve found the 3.0 rules to be better than the 2.0 rules. I have disabled the 2.0 rules all together.

Search for ModSecurity™ Configuration within WHM and make sure everything is turned on. I have Audit Log Level set to Only log noteworthy transactions, Connections Engine set to Process the rules, Rules Engine set to Process the rules. You can setup the other stuff as well such as Geolocation Database and Project Honey Pot if you want but I’m not going to talk about those within this guide.

Step Three – CMC

You don’t need to install this if you want to modify the files via command line or ftp but I found it’s easier using this plugin. The install instructions are pretty easy.

https://www.configserver.com/cp/cmc.html

Install instructions: https://download.configserver.com/cmc/INSTALL.txt

Once you have CMC installed you can click the WHM icon at the top left to refresh the page. Search for ConfigServer ModSec in the WHM search and select it. Scroll down to the bottom and select modsec/modsec2.user.conf under ConfigServer ModSecurity Tools and select edit.

This is the rule that will block 99% of the attacks. In the last 7 days it’s blocked over 42,5000+ attacks!

Add the following entry: (More about the other rules below – Do not add them until you read the rest of this post)

<Locationmatch “/wp-login.php”> SecRule REQUEST_METHOD “POST” “deny,status:401,id:972687,chain,msg:’wp-login request blocked, no referrer'” SecRule &HTTP_REFERER “@eq 0” </Locationmatch>

Screenshot

What this does is block any connection that doesn’t have a referrer (https://en.wikipedia.org/wiki/HTTP_referer)

Step Four- CSF

Hopefully by now you already have a firewall installed however if you don’t you need to install ConfigServer Security & Firewall.

https://configserver.com/cp/csf.html

This is another easy install.

https://download.configserver.com/csf/install.txt

Once you have CSF installed you can click the WHM icon at the top left to refresh the page. Search for firewall in the WHM search and select it. If you don’t already have it setup click Firewall Profiles under csf – ConfigServer Firewall and select one to fit your environment. I always start with protection_high and adjust some settings so if you don’t know how CSF works pick medium and apply profile. It will ask you to restart csf & lfd.

Once the page refresh select Firewall Configuration. Search for LF_MODSEC. The default should be set to 3 or 5 depending on the profile you have. You can start with 3 as you monitor the blocks however I have mine set to 1 because I don’t get anymore false positive on ModSec so if someone hits a ModSec rule once they are automatically added to the firewall block. I also have DENY_IP_LIMIT set to 5000 and DENY_TEMP_IP_LIMIT set to 1000. The limit you set depends on your servers. I could have a lot higher but feel 5000 is a good limit.

Screenshot

One last step is setting up ldf blocklist. You can find this on the main firewall screen (very bottom) after clicking it from the WHM search. You will find a few entries already in there by default but I added two to my list. Below is my current config for blocklist.

The two other list I added were myip.ms Latest blacklist and myip.ms user submitted blacklist. You may also not have GreenSnow Hack List depending on your CSF install.

PLEASE NOTE: You may not be able to use all of these depending on your server size. I suggest adding one or two at a time and slowly add the others over the next few days. Watch your server load and loading time of your clients sites to make sure the firewall is not slowing down your server.

Screenshot

# Spamhaus Don’t Route Or Peer List (DROP) # Details: http://www.spamhaus.org/drop/ SPAMDROP|86400|0|http://www.spamhaus.org/drop/drop.lasso # Spamhaus Extended DROP List (EDROP) # Details: http://www.spamhaus.org/drop/ SPAMEDROP|86400|0|http://www.spamhaus.org/drop/edrop.lasso # DShield.org Recommended Block List # Details: http://dshield.org DSHIELD|86400|0|http://www.dshield.org/block.txt # TOR Exit Nodes List # Set URLGET in csf.conf to use LWP as this list uses an SSL connection # Details: https://trac.torproject.org/projects/tor/wiki/doc/TorDNSExitList TOR|86400|0|https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.2.3.4 # Alternative TOR Exit Nodes List # Details: http://torstatus.blutmagie.de/ ALTTOR|86400|0|http://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv # BOGON list # Details: http://www.team-cymru.org/Services/Bogons/ BOGON|86400|0|http://www.cymru.com/Documents/bogon-bn-agg.txt # Project Honey Pot Directory of Dictionary Attacker IPs # Details: http://www.projecthoneypot.org HONEYPOT|86400|0|http://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1 # C.I. Army Malicious IP List # Details: http://www.ciarmy.com CIARMY|86400|0|http://www.ciarmy.com/list/ci-badguys.txt # BruteForceBlocker IP List # Details: http://danger.rulez.sk/index.php/bruteforceblocker/ BFB|86400|0|http://danger.rulez.sk/projects/bruteforceblocker/blist.php # OpenBL.org 30 day List # Set URLGET in csf.conf to use LWP as this list uses an SSL connection # Details: https://www.openbl.org OPENBL|86400|0|https://www.openbl.org/lists/base_30days.txt # MaxMind GeoIP Anonymous Proxies # Set URLGET in csf.conf to use LWP as this list uses an SSL connection # Details: https://www.maxmind.com/en/anonymous_proxies MAXMIND|86400|0|https://www.maxmind.com/en/anonymous_proxies # Blocklist.de # Set URLGET in csf.conf to use LWP as this list uses an SSL connection # Details: https://www.blocklist.de # This first list only retrieves the IP addresses added in the last hour BDE|3600|0|https://api.blocklist.de/getlast.php?time=3600 # This second list retrieves all the IP addresses added in the last 48 hours # and is usually a very large list (over 10000 entries), so be sure that you # have the resources available to use it #BDEALL|86400|0|http://lists.blocklist.de/lists/all.txt # Stop Forum Spam # Details: http://www.stopforumspam.com/downloads/ # Many of the lists available contain a vast number of IP addresses so special # care needs to be made when selecting from their lists #STOPFORUMSPAM|86400|0|http://www.stopforumspam.com/downloads/listed_ip_1.zip # GreenSnow Hack List # Details: https://greensnow.co GREENSNOW|3600|0|http://blocklist.greensnow.co/greensnow.txt # myip.ms Latest blacklist # Set URLGET in csf.conf to use LWP as this list uses an SSL connection # Details: https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time MYIPMSBLACKLIST|86400|0|https://myip.ms/files/blacklist/csf/latest_blacklist.txt # myip.ms user submitted blacklist # Set URLGET in csf.conf to use LWP as this list uses an SSL connection # Details: https://myip.ms/browse/blacklist/1/usrs/0/Yes_Blacklist_IP_Addresses_Live.html MYIPMSUSERS|86400|0|https://myip.ms/files/blacklist/csf/latest_blacklist_users_submitted.txt

After you have made the changes above hit change and restart csf & lfd.

Bonus – modsec2.user.conf Bad Bots

We had a lot of issues with Baidu and Yandex using a lot of resources on clients sites so we decided to block them all together. We also have a bad bot list we put together from resources online which you can block via ModSec.

First thing you want to do is create a file badbotlist.txt under /etc/apache2/conf.d/modsec/ or on your computer and upload to /etc/apache2/conf.d/modsec/.

Add the text from this document into your file.

ModSec Bad Bots List: https://docs.google.com/document/d/1SjtAywpkLR6dX0Va_tKgpdMxAIOsHTf_xcMaQ5XK6no/edit?usp=sharing

Once you have the file add this to your modsec/modsec2.user.conf (You can do this via ConfigServer ModSecurity Control)

SecRule REQUEST_HEADERS:User-Agent “@pmFromFile badbotlist.txt” “id:350001,rev:1,severity:2,log,msg:’BAD BOT – Detected and Blocked. ‘”

Hit change / restart CSF & LFD

Bonus – modsec2.user.conf xmlrpc.php

While xmlrpc.php is getting blocked via Apache Config I noticed some slipping though if the attacker is trying to break into /blog/xmlrpc.php

Adding this code below will stop those attacks.

<Locationmatch “/xmlrpc.php”> SecRule REQUEST_METHOD “POST” “deny,status:401,id:48658231,chain,msg:’xmlrpc request blocked, no referrer'” SecRule &HTTP_REFERER “@eq 0” </Locationmatch> Bonus – Extra Modsec Rules

I also noticed some attackers trying to exploit by doing // in front to get by the main block those.

SecRule QUERY_STRING “//” “redirect:http://127.0.0.1,id:2894326” Bonus – Comodo ModSec

Comodo has a nice set of ModSec rules that you can add via ModSecurity™ Vendors inside WHM.

Here is a guide on install those rules.

https://help.comodo.com/topic-212-1-670-8350-.html

Bonus – Cloudflare Page Rules

Cloudflare allows you to use three page rules for free. If you have a client that is still getting a lot of attacks I highly suggest putting them on Cloudflare. Here is a guide how to setup the page rules.

After you have the site added to cloudflare and the name servers changed / verified. Go to Page Rules.

Cloudflare allows you to have three page rules for free. If you need more it’s only 5 dollars for 5 more.

These are the three that i’m using to block most attacks via cloudflare.

Create a rule with the following matches.

First rule

(This rule is only for a bot or someone visiting wp-login.php and not the rest of your site)

URL Matches: yourclientsdomain.com/wp-login.php

First setting: Browser Integrity Check – On (Documentation)

Second setting: Security level – I’m under attack. (Documentation)

Screenshot

Second rule

(This rule is only for a bot or someone visiting /wp-admin and not the rest of your site – Kind of redundant since wp-admin redirects to wp-login.php but saves a php process redirecting)

URL Matches: yourclientsdomain.com/wp-admin

First setting: Browser Integrity Check – On (Documentation)

Second setting: Security level – I’m under attack. (Documentation)

Screenshot

Third rule

(This rule is only for a bot or someone visiting xmlrpc.php and not the rest of your site)

URL Matches: yourclientsdomain.com/xmlrpc.php

First setting: Browser Integrity Check – On (Documentation)

Second setting: Security level – I’m under attack. (Documentation)

Screenshot

If this client has their own server because they use xmlrpc.php change security level to high. This will still block most bots and allow WordPress Android, iPhone, and Windows app to work. If not, you can just keep it as I’m under attack.

Screenshot

Final Steps

Monitor your ModSec Hit List by searching for ModSecurity™ Tools under WHM. Search and monitor the IPs getting blocked in the firewall to make sure legit traffic isn’t getting blocked.

You can view the original post with images at the following sites.

https://troyglancy.com/stopped-wordpress-brute-force-attacks-server

https://medium.com/@troyglancy/how-i-stopped-wordpress-brute-force-attacks-b8ad8bbd2081

Submitted August 03, 2017 at 07:44PM by messyentrepreneur https://www.reddit.com/r/webhosting/comments/6rhmvy/how_i_stopped_wordpress_brute_force_attacks/?utm_source=ifttt

from Blogger http://webdesignersolutions1.blogspot.com/2017/08/how-i-stopped-wordpress-brute-force.html via IFTTT

#IFTTT #WordPress

0 notes