aboutsummaryrefslogtreecommitdiff
path: root/straper/db/public/fail2ban/etc-fail2ban/action.d/blocklist_de.conf
diff options
context:
space:
mode:
authorLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-03-20 19:16:32 +0100
committerLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-03-20 19:16:32 +0100
commit39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2 (patch)
tree9221704f413398cfb5d5759083b1e7032566820e /straper/db/public/fail2ban/etc-fail2ban/action.d/blocklist_de.conf
parent6b59b75c3a294060dea66bdee16ffaf95ae92889 (diff)
downloadbin-39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2.tar.gz
bin-39711cf6c2ec5a3b4480dcb4800cc3802bda5bf2.zip
feat: first fully successful run e2e on straper
Diffstat (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/blocklist_de.conf')
-rw-r--r--straper/db/public/fail2ban/etc-fail2ban/action.d/blocklist_de.conf84
1 files changed, 84 insertions, 0 deletions
diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/blocklist_de.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/blocklist_de.conf
new file mode 100644
index 0000000..ba6d427
--- /dev/null
+++ b/straper/db/public/fail2ban/etc-fail2ban/action.d/blocklist_de.conf
@@ -0,0 +1,84 @@
+# Fail2Ban configuration file
+#
+# Author: Steven Hiscocks
+#
+#
+
+# Action to report IP address to blocklist.de
+# Blocklist.de must be signed up to at www.blocklist.de
+# Once registered, one or more servers can be added.
+# This action requires the server 'email address' and the associated apikey.
+#
+# From blocklist.de:
+# www.blocklist.de is a free and voluntary service provided by a
+# Fraud/Abuse-specialist, whose servers are often attacked on SSH-,
+# Mail-Login-, FTP-, Webserver- and other services.
+# The mission is to report all attacks to the abuse departments of the
+# infected PCs/servers to ensure that the responsible provider can inform
+# the customer about the infection and disable them
+#
+# IMPORTANT:
+#
+# Reporting an IP of abuse is a serious complaint. Make sure that it is
+# serious. Fail2ban developers and network owners recommend you only use this
+# action for:
+# * The recidive where the IP has been banned multiple times
+# * Where maxretry has been set quite high, beyond the normal user typing
+# password incorrectly.
+# * For filters that have a low likelihood of receiving human errors
+#
+
+[Definition]
+
+# Option: actionstart
+# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
+# Values: CMD
+#
+actionstart =
+
+# Option: actionstop
+# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
+# Values: CMD
+#
+actionstop =
+
+# Option: actioncheck
+# Notes.: command executed once before each actionban command
+# Values: CMD
+#
+actioncheck =
+
+# Option: actionban
+# Notes.: command executed when banning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: See jail.conf(5) man page
+# Values: CMD
+#
+actionban = curl --fail --data-urlencode "server=<email>" --data "apikey=<apikey>" --data "service=<service>" --data "ip=<ip>" --data-urlencode "logs=<matches><br>" --data 'format=text' --user-agent "<agent>" "https://www.blocklist.de/en/httpreports.html"
+
+# Option: actionunban
+# Notes.: command executed when unbanning an IP. Take care that the
+# command is executed with Fail2Ban user rights.
+# Tags: See jail.conf(5) man page
+# Values: CMD
+#
+actionunban =
+
+# Option: email
+# Notes server email address, as per blocklist.de account
+# Values: STRING Default: None
+#
+#email =
+
+# Option: apikey
+# Notes your user blocklist.de user account apikey
+# Values: STRING Default: None
+#
+#apikey =
+
+# Option: service
+# Notes service name you are reporting on, typically aligns with filter name
+# see http://www.blocklist.de/en/httpreports.html for full list
+# Values: STRING Default: None
+#
+#service =