samwiseetc/fail2ban/action.d/blocklist_de.conf

# Fail2Ban configuration file
#
# Author: Steven Hiscocks
#
#

# Action to report IP address to blocklist.de
# Blocklist.de must be signed up to at www.blocklist.de
# Once registered, one or more servers can be added.
# This action requires the server 'email address' and the associated apikey.
#
# From blocklist.de:
#   www.blocklist.de is a free and voluntary service provided by a
#   Fraud/Abuse-specialist, whose servers are often attacked on SSH-,
#   Mail-Login-, FTP-, Webserver- and other services.
#   The mission is to report all attacks to the abuse departments of the
#   infected PCs/servers to ensure that the responsible provider can inform
#   the customer about the infection and disable them
#
# IMPORTANT: 
# 
# Reporting an IP of abuse is a serious complaint. Make sure that it is
# serious. Fail2ban developers and network owners recommend you only use this
# action for:
#   * The recidive where the IP has been banned multiple times
#   * Where maxretry has been set quite high, beyond the normal user typing
#     password incorrectly.
#   * For filters that have a low likelihood of receiving human errors
#

[Definition]

# Option:  actionstart
# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values:  CMD
#
actionstart = 

# Option:  actionstop
# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
# Values:  CMD
#
actionstop =

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck =

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban = curl --fail --data-urlencode "server=<email>" --data "apikey=<apikey>" --data "service=<service>" --data "ip=<ip>" --data-urlencode "logs=<matches><br>" --data 'format=text' --user-agent "<agent>" "https://www.blocklist.de/en/httpreports.html"

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban =

# Option:  email
# Notes    server email address, as per blocklist.de account
# Values:  STRING  Default: None
#
#email =

# Option:  apikey
# Notes    your user blocklist.de user account apikey
# Values:  STRING  Default: None
#
#apikey =

# Option:  service
# Notes    service name you are reporting on, typically aligns with filter name
#          see http://www.blocklist.de/en/httpreports.html for full list
# Values:  STRING  Default: None
#
#service =
Initial recommit 2 years ago			`# Fail2Ban configuration file`
			`#`
			`# Author: Steven Hiscocks`
			`#`
			`#`

			`# Action to report IP address to blocklist.de`
			`# Blocklist.de must be signed up to at www.blocklist.de`
			`# Once registered, one or more servers can be added.`
			`# This action requires the server 'email address' and the associated apikey.`
			`#`
			`# From blocklist.de:`
			`# www.blocklist.de is a free and voluntary service provided by a`
			`# Fraud/Abuse-specialist, whose servers are often attacked on SSH-,`
			`# Mail-Login-, FTP-, Webserver- and other services.`
			`# The mission is to report all attacks to the abuse departments of the`
			`# infected PCs/servers to ensure that the responsible provider can inform`
			`# the customer about the infection and disable them`
			`#`
			`# IMPORTANT:`
			`#`
			`# Reporting an IP of abuse is a serious complaint. Make sure that it is`
			`# serious. Fail2ban developers and network owners recommend you only use this`
			`# action for:`
			`# * The recidive where the IP has been banned multiple times`
			`# * Where maxretry has been set quite high, beyond the normal user typing`
			`# password incorrectly.`
			`# * For filters that have a low likelihood of receiving human errors`
			`#`

			`[Definition]`

			`# Option: actionstart`
			`# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).`
			`# Values: CMD`
			`#`
			`actionstart =`

			`# Option: actionstop`
			`# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)`
			`# Values: CMD`
			`#`
			`actionstop =`

			`# Option: actioncheck`
			`# Notes.: command executed once before each actionban command`
			`# Values: CMD`
			`#`
			`actioncheck =`

			`# Option: actionban`
			`# Notes.: command executed when banning an IP. Take care that the`
			`# command is executed with Fail2Ban user rights.`
			`# Tags: See jail.conf(5) man page`
			`# Values: CMD`
			`#`
			`actionban = curl --fail --data-urlencode "server=<email>" --data "apikey=<apikey>" --data "service=<service>" --data "ip=<ip>" --data-urlencode "logs=<matches><br>" --data 'format=text' --user-agent "<agent>" "https://www.blocklist.de/en/httpreports.html"`

			`# Option: actionunban`
			`# Notes.: command executed when unbanning an IP. Take care that the`
			`# command is executed with Fail2Ban user rights.`
			`# Tags: See jail.conf(5) man page`
			`# Values: CMD`
			`#`
			`actionunban =`

			`# Option: email`
			`# Notes server email address, as per blocklist.de account`
			`# Values: STRING Default: None`
			`#`
			`#email =`

			`# Option: apikey`
			`# Notes your user blocklist.de user account apikey`
			`# Values: STRING Default: None`
			`#`
			`#apikey =`

			`# Option: service`
			`# Notes service name you are reporting on, typically aligns with filter name`
			`# see http://www.blocklist.de/en/httpreports.html for full list`
			`# Values: STRING Default: None`
			`#`
			`#service =`