Bash script to bulk-ban IP addresses found by WordFence (using csf, geoiplookup) Nov 5 2018

We currently use the excellent WordFence plugin on almost all of the WordPress installations we host. Once a week or so, WordFence will email a list of IP addresses it’s detected that are attacking a given site — i.e. they’re trying to brute-force something on the server, guess passwords, take advantage of possible software vulnerabilities. Rather than block each of these individually using csf (not hard to do, but a chore with many IPs), I finally created this simple bash script that allows me to copy and paste the list of offending IPs into the command line, hit enter twice to initiate processing, and then it automatically bans every valid IP address it finds.

Feel free to use this yourself if it seems helpful! ūüôā

# Script to bulk ban bad IPs that are copy/pasted

printf "Give me some IPs to ban using CSF!  Use ctrl-d to cancel, or new line to process.  \n"

ip_list=$(sed '/^$/q')

echo "Processing..."

echo "$ip_list" | while read -r line;
  ip="$(grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' < << "$line")"
  if [[ ! -z $ip ]]
      geoip=`geoiplookup $ip`
      echo "Found IP $ip"
      echo "$geoip"
      echo "Banning IP..."
      csf -d $ip "Bulk banning IPs found by WordFence ($(tr '\n' ' ' <<< $geoip))"

echo "Done!"

You can checkout this script and the others I've written / shared here:

Workaround for 200 domain limit in WHM / cPanel AutoSSL Feb 28 2017

200 domain limit reached in cPanel for AutoSSL

We run a number of WordPress Multisite installations on our dedicated server for a variety of clients.  Our largest installation, for Share the Practice, currently consists of 88 individual WordPress sites.  A number of these sites use sub-domains, but for most of them we map custom domain URLs onto the main WordPress Multisite installation.

WHM / cPanel now offers easy SSL installation, but there is a small catch: it only allows 200 domains per virtual host, and the documentation about this is a little confusing.  We had been using the “Park” or “Alias” function in cPanel to handle the mapping for each domain, but then ran over the limit, as WHM creates multiple subdomains for each domain you add that way.

The workaround for this was to use “Addon Domain” instead of “Alias”.  This creates a separate virtual host for each domain, and will therefore enable an individual SSL certificate for each, getting around the 200 domain limit.

Before you make any of these changes, make sure to check for any setup email accounts, email forwarders, or any custom DNS settings (subdomains, custom MX records, CNAME records, etc).  These will all be deleted without warning if you proceed, so make sure you have backups before you do any of this.  If you do have custom DNS settings, copy them down and then re-add once you’ve switched the domain(s).

To make this work, we followed these steps:

  1. Sign into your cPanel account
  2. Open up Aliases
  3. Check that a given domain does NOT have email accounts or email forwarders set.
  4. If NO email forwarders or accounts have been set up, first copy the domain name, then click the “Remove” link for the domain on the Aliases page.
  5. Create a new Addon Domain (paste the domain name into the field).  For a WordPress Multisite installation, set the Document Root to be public_html (or wherever your installation lives in the parent account).
  6. Repeat for each domain you want to switch over, until you get back below the 200 domain limit.
  7. AutoSSL will attempt to regenerate your SSL certs each time you add a new Addon Domain.
  8. Review the AutoSSL logs in WHM to check for any errors in the SSL certificate creation process

Hope this helps!

Racing to Hawaii on Express 37 Limitless for 2016 Pacific Cup! Jul 9 2016

Delivering Limitless to the Bay Area

Delivering Limitless to the Bay Area with Shawn Ivie, owner

I’m really excited to be participating in the 2016 Pacific Cup. ¬†It’s a sailboat race from San Francisco to¬†Hawaii that takes place every 2 years and is on many racer’s bucket lists of races they might like to do someday. ¬†I am very fortunate to have found a skipper (Shawn Ivie) and boat (Limitless) that I really like, and also to feel like I can contribute meaningfully to the program. ¬†The owner of the boat (an Express 37)¬†has been working overtime to get everything ready. ¬†I got to help deliver the boat from southern California to the Bay Area, which was a lot of fun. ¬†I’ve also been helping do the social media and website for the boat. ¬†You can follow our adventures here:¬†¬†— we’re hoping to blog at least once a day using the satellite phone we’ll also be using to do our official check-ins. ¬†You can track our progress vs. the rest of the competition here: 2016 Pacific Cup Tracker¬†and check out the Daily Standings here.

We are in Alaska Airlines Division C and our start is at 11:25 am on July 12 in front of the St. Francis Yacht Club.  Doug Johnstone, our navigator, is estimating it will take right around 11 days to finish.  The weather will play a huge part in how long it actually takes us to arrive in Kaneohe Bay.  So excited for this opportunity!

The adventure so far:

Delivering Limitless to the Bay Area from Southern California

Limitless getting weighed and measured at Berkeley Marine Center

Preparing Limitless for her safety inspection tomorrow

PacCup Inspection for Limitless – Passed!

Getting all the electronics to talk to one another

More work on Limitless – fresh crew arrives to help!

Delivering Limitless

Delivering Limitless

Next stop: Kaneohe Bay!




Tackling tough things – November 2015 update Nov 2 2015


For the past month I’ve been doing some serious¬†self-examination. ¬†Some things I’ve been considering:

  • In the majority of my past romantic relationships for the past 20 years, seeing a recurring pattern in myself of adapting to try to be the person that I thought (for whatever reason) would be the “right” person for the other individual
  • Tracing this behavior back to¬†my childhood and feeling socially unwelcome or unloved
  • Finding that something inside myself has always emerged that was somehow at odds with that person I was trying to be
  • Arguing with myself about who I really am and eventually giving in to myself
  • Causing much suffering¬†to myself and others when those differences became apparent
  • Truly questioning in myself whether I know what is really true or not
  • Can I find my own true self?

In the past month I’ve been making some changes to my daily routines:

  • Finally visited Insight Meditation Center in Redwood City¬†in person. ¬†I’ve subscribed to their excellent series of dharma talks podcast for years but had never committed to the 1.5 hour drive through traffic to go in person. ¬†The traffic is just another opportunity for mindfulness.
  • Sat for 1/2 day retreats every Wednesday for the past 3 weeks, leaving¬†with enough time to get there early
  • Stayed for another 2 hours of Introduction to Mindfulness series of classes and committed to myself to attend all 5 weeks of the series and to do the homework suggestions
  • Participated in a regular Sunday evening sitting group at IMC with 20 & 30 somethings (“Dharma Homies” :))
  • Formally sat in meditation each day¬†for 20-25 minutes, every day for the past 3 weeks
  • Learning what the word “sangha” means, in person
  • Camped in my van multiple times in Half Moon Bay, then working in a cafe there before driving back up to Oakland
  • Sunbathed nude¬†on a couple of beaches, enjoying a warm sunset by myself, letting the universe breathe me in and out
  • Hung out with friends I haven’t seen in a long time
  • Made dinner plans with new friends
  • Processed some of my Burning Man photos and shared some nice portraits with friends and family
  • Getting together with two friends to hang out and have a “creative” output as part of the meeting [this blog post is tonight’s effort]
  • Reached out to¬†someone I hurt very much asking if they would be open to a visit, something I’ve wanted to do¬†for a long time. ¬†However they respond, I feel better for asking, and do truly hope that I’m not reopening wounds by doing so.
  • Danced with my friends late into the night
  • Had deep conversations with new people, practicing both my sharing and listening skills
  • Working to see my own gender / sexuality identity more clearly, and¬†starting to figure out more of how I fit into a greater community of people
  • Clarifying my¬†feelings about future family, and thinking about whether I have to follow normal or conventional pathways to get there
  • Practicing self compassion, self care, and trying to find the shape of my heart

Overall, working on facing my fears and moving forward. ¬†I’m very grateful for all of the loving supportive people in my life, and for all of the lessons I’ve been learning through facing challenges and figuring stuff out.

My apologies if this is all too much sharing, feel free to move along and have a lovely rest of your day.

Buddha image

Using GeoIP.dat and Apache on cPanel / WHM to block 75,000+ attacks on wp-login.php in one day Jun 4 2014

Client denied by server configuration - protect wp-login.php

After yet another brute-force attack on our servers hosting WordPress sites today I finally decided it was time to take some drastic action.  There are a number of different approaches you can take, this is what I did to block literally over 75,000 attacks against wp-login.php today.

Step 1: Install the GeoIP database and Apache module

Step 2: Add this to /usr/local/apache/conf/includes/post_virtualhost_global.conf

# Whitelist countries allowed to access wp-login.php or wp-comments-post.php
<FilesMatch "(wp-login|wp-comments-post)\.php$">
order deny,allow
Deny from all
Allow from env=AllowCountry
ErrorDocument 403 "Forbidden."

(We have some clients in China who need to legitimately login to WordPress, so we included them in the whitelist). Adjust your whitelist / allowed country list appropriately.

Restart apache service httpd restart and start watching the attacks get served up “Forbidden.” messages instead of hitting WordPress and database. Server load way down, yay! Sorry rest of the world, you can’t have our wp-login.php anymore.

Very cool Moves app visualization May 14 2014

If you use the neat Moves app (it tracks walks, runs, bicycle rides, transportation, all automatically) this is a very cool visualization tool to see your history: Move-o-Scope

Here’s my accumulated data so far:

Gabriel's Moves data

Fabulous little sailing documentary (S/V Pestilence / Anarchist Yacht Club) Mar 4 2014

Hold Fast: Stories of maniac sailors, anarchist castaways, and the voyage of the S/V Pestilence… Over the course of two winters, four members of the Anarchist Yacht Clubb rescued a derelict boat from the inhospitable waters of Ft. Lauderdale, named it the S/V Pestilence, and sailed south to Haiti. Hold Fast describes what drew these friends to the ocean, and tells the story of what they discovered in the sea. It paints a picture of the S/V Pestilence in the context of all the sailing maniacs who have come before them, and ultimately attempts to suggest that the secret is always to begin.
Blue Anarchy Website
Director Moxie Marlinspike
VODO works directly with filmmakers to bring fresh, new films to the filesharing community.
This work is released under a Creative Commons license.
We hope you enjoy this VODO release.
VODO is looking for volunteers to help with all aspects of the project. Contact us at:

Meet Mark, one of the over 8,000 homeless people in Oakland, CA Nov 7 2013

The problem of homelessness is something I see almost every day living here in the Bay Area.  I think one of the worst things we can do to other human beings is to not see them as fellow human beings.  Meet Mark, one of the over 8,000 homeless people living in Oakland.

The next homeless person you see, maybe try talking with them and really see them as a human being.  Give them some respect, and dignity, along with that granola bar, banana or cash.

What kind of society do you want to live in, and what role do you, individually, have to play in its creation?

Really useful batch geocoding page Jul 3 2013

If you need to convert a lot of addresses to latitude / longitude, this is an excellent resource:’

“This is Water” May 16 2013

“This is Water” – An excellent video sharing wisdom given at a graduation speech by David Foster Wallace in 2005.

Watch now.  Some very good plainspoken thoughts here.

(Via Daring Fireball)

sell diamonds