I am pleased to announce the release of the version 1.0 of the AbuseIPDB reporting script.
This script automates the reporting of IPs banned by Fail2ban to service AbuseIPDBThis allows them to contribute to a shared database of malicious IP addresses.
It is primarily designed for servers Pleskbut is perfectly adaptable to other environments.
What's new in version 1.0
Visit logging of reported IPs has been completely revised. As a reminder, this file is used to avoid duplicate reporting each time the script is run. The old method had a number of shortcomings which have now been corrected:
- The script only logs an IP if reporting is actually successful (according to feedback from the AbuseIPDB API)
- It now records each IP + jail combinationfor example, allowing an IP to be reported first via a "web" jail, and then again if it is banned by the "recidive" jail.
- Each time it is run, the automatically removes unbanned IPs from the log - no need to manually clean the file or create a cron for this purpose
This enables more reliable reporting, more relevantand a complete automation.
A "jail" corresponds to a Fail2ban security rule defining a type of attack (SSH, SMTP, web bots, etc.). The script associates appropriate categories and comments with each jail, so that reports are clear and well categorized.
Upgrade note
If you were using a previous version, you need to delete the old log, as it no longer uses the same syntax:
rm /var/log/reported_ips.logWhy go straight to version 1.0? 🚀
I consider the script to be mature It does exactly what is expected of it, in a robust and optimized way. As a result, it has been upgraded from version 0.4 to 1.0.
It writes no temporary files to disk, works in RAM to filter out IPs already processed, and respects the limitations of AbuseIPDB with a customizable delay.
Of course, I remain open to suggestions or improvement!
📈 And at LRob?
We are approaching 500,000 reports since last October on the LRob web servers.
With this new version, redundant alerts (in particular recidivist IPs) are limited, making it possible to reduce the load on the AbuseIPDB APIwhile continuing to contribute effectively.
🔧 Quick installation
In root :
wget https://raw.githubusercontent.com/UltimateByte/plesk-tools/refs/heads/main/report_abuseipdb.sh
chmod +x report_abuseipdb.shDon't forget :
and customize jails according to your configuration (or comment on the ones you don't use)
You can then add the following cron :
# Run /root/report_abuseipdb.sh every 15 mins
*/15 * * * * /root/report_abuseipdb.shD'edit script to place your AbuseIPDB API key
Contribute
The project is here : https://github.com/UltimateByte/plesk-tools/blob/main/report_abuseipdb.sh
Happy reporting 😁
Leave a Reply