aboutsummaryrefslogtreecommitdiff
path: root/straper/db/public/fail2ban/etc-fail2ban/action.d/ipthreat.conf
diff options
context:
space:
mode:
authorLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-04-14 22:32:43 +0200
committerLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-04-14 22:32:43 +0200
commit83f7fe4b8402bab171d110703a1b1115efbc9b28 (patch)
tree19110702c7d740f6bd8ee4f5d2ebcb97442be237 /straper/db/public/fail2ban/etc-fail2ban/action.d/ipthreat.conf
parent51d43498b07dc97d795947964534f0903cd05db5 (diff)
downloadbin-83f7fe4b8402bab171d110703a1b1115efbc9b28.tar.gz
bin-83f7fe4b8402bab171d110703a1b1115efbc9b28.zip
cleaned up many scrits and deleted some that were of no use; renamed a lot
Diffstat (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/ipthreat.conf')
-rw-r--r--straper/db/public/fail2ban/etc-fail2ban/action.d/ipthreat.conf107
1 files changed, 0 insertions, 107 deletions
diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/ipthreat.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/ipthreat.conf
deleted file mode 100644
index 5a14fa3..0000000
--- a/straper/db/public/fail2ban/etc-fail2ban/action.d/ipthreat.conf
+++ /dev/null
@@ -1,107 +0,0 @@
-# IPThreat configuration file
-#
-# Added to fail2ban by Jeff Johnson (jjxtra)
-#
-# Action to report IP address to ipthreat.net
-#
-# You must sign up to obtain an API key from ipthreat.net and request bulk report permissions
-# https://ipthreat.net/integrations
-#
-# IPThreat is a 100% free site and service, all data is licensed under a creative commons by attribution license
-# Please do not integrate if you do not agree to the license
-#
-# IMPORTANT:
-#
-# Reporting an IP is a serious action. Make sure that it is legit.
-# Consider using this action only for:
-# * IP that has been banned more than once
-# * High max retry to avoid user mis-typing password
-# * Filters that are unlikely to be human error
-#
-# Example:
-# ```
-# action = %(known/action)s
-# ipthreat[]
-# ```
-#
-# The action accepts the following arguments: ipthreat[ipthreat_flags="8",ipthreat_system="SSH", ipthreat_apikey=...]
-# In most cases your action could be as simple as: ipthreat[], since the default flags and system are set to the most correct default values.
-# You can optionally override ipthreat_system and ipthreat_flags if desired.
-# The ipthreat_apikey must be set at the bottom of this configuration file.
-#
-# `ipthreat_system` is a short name of the system attacked, i.e. SSH, SMTP, MYSQL, PHP, etc.
-#
-# For `ipthreat_flags`, most cases will use 8 (BruteForce) which is the default, but you could use others.
-# You can use the name or the ordinal.
-# Multiple values are comma separated.
-# ```
-# Name Ordinal Description
-# Dns 1 Abuse/attack of dns (domain name server)
-# Fraud 2 General fraud, whether orders, misuse of payment info, etc
-# DDos 4 Distributed denial of service attack, whether through http requests, large ping attack, etc
-# BruteForce 8 Brute force login attack
-# Proxy 16 IP is a proxy like TOR or other proxy server
-# Spam 32 Email, comment or other type of spam
-# Vpn 64 IP is part of a VPN
-# Hacking 128 General hacking outside of brute force attack (includes vulnerability scans, sql injection, etc.). Use port scan flag instead if it's just probe on ports.
-# BadBot 256 Bad bot that is not honoring robots.txt or just flooding with too many requests, etc
-# Compromised 512 The ip has been taken over by malware or botnet
-# Phishing 1024 The ip is involved in phishing or spoofing
-# Iot 2048 The ip has targeted an iot (Internet of Things) device
-# PortScan 4096 Port scan
-# See https://ipthreat.net/bulkreportformat for more information
-# ```
-
-[Definition]
-
-# bypass action for restored tickets
-norestored = 1
-
-# Option: actionstart
-# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
-# Values: CMD
-#
-actionstart =
-
-# Option: actionstop
-# Notes.: command executed at the stop of jail (or at the end of Fail2Ban)
-# Values: CMD
-#
-actionstop =
-
-# Option: actioncheck
-# Notes.: command executed once before each actionban command
-# Values: CMD
-#
-actioncheck =
-
-# Option: actionban
-# Notes.: command executed when banning an IP. Take care that the
-# command is executed with Fail2Ban user rights.
-#
-# Tags: See jail.conf(5) man page
-# Values: CMD
-#
-actionban = curl -sSf "https://api.ipthreat.net/api/report" -X POST -H "Content-Type: application/json" -H "X-API-KEY: <ipthreat_apikey>" -d "{\"ip\":\"<ip>\",\"flags\":\"<ipthreat_flags>\",\"system\":\"<ipthreat_system>\",\"notes\":\"fail2ban\"}"
-
-# Option: actionunban
-# Notes.: command executed when unbanning an IP. Take care that the
-# command is executed with Fail2Ban user rights.
-# Tags: See jail.conf(5) man page
-# Values: CMD
-#
-actionunban =
-
-[Init]
-# Option: ipthreat_apikey
-# Notes Your API key from ipthreat.net
-# Values: STRING Default: None
-# Register for ipthreat [https://ipthreat.net], get api key and set below.
-# You will need to set the flags and system in the action call in jail.conf
-ipthreat_apikey =
-
-# By default, the ipthreat system is the name of the fail2ban jail
-ipthreat_system = <name>
-
-# By default the ip threat flags is 8 (brute force), but you can override this per jail if desired
-ipthreat_flags = 8 \ No newline at end of file