Source Code
fail2ban Reporter
Monitor fail2ban bans and auto-report attackers to AbuseIPDB.
Setup
- Get a free AbuseIPDB API key at https://www.abuseipdb.com/account/api
- Store it:
pass insert abuseipdb/api-key - Install the monitor:
bash {baseDir}/scripts/install.sh
Manual Usage
Report all currently banned IPs
bash {baseDir}/scripts/report-banned.sh
Check a specific IP
bash {baseDir}/scripts/check-ip.sh <ip>
Show ban stats
bash {baseDir}/scripts/stats.sh
Auto-Reporting
The install script sets up a fail2ban action that auto-reports new bans.
bash {baseDir}/scripts/install.sh # install auto-reporting
bash {baseDir}/scripts/uninstall.sh # remove auto-reporting
Heartbeat Integration
Add to HEARTBEAT.md to check for new bans periodically:
- [ ] Check fail2ban stats and report any unreported IPs to AbuseIPDB
Workflow
- fail2ban bans an IP โ action triggers
report-single.sh - Script reports to AbuseIPDB with SSH brute-force category
- Sends Telegram notification (if configured)
- Logs report to
/var/log/abuseipdb-reports.log
API Reference
See references/abuseipdb-api.md for full API docs.