CasperSecurity

Current Path : /etc/fail2ban/action.d/
Upload File :
Current File : //etc/fail2ban/action.d/blocklist_de.conf

# Fail2Ban configuration file
#
# Author: Steven Hiscocks
#
#

# Action to report IP address to blocklist.de
# Blocklist.de must be signed up to at www.blocklist.de
# Once registered, one or more servers can be added.
# This action requires the server 'email address' and the associated apikey.
#
# From blocklist.de:
#   www.blocklist.de is a free and voluntary service provided by a
#   Fraud/Abuse-specialist, whose servers are often attacked on SSH-,
#   Mail-Login-, FTP-, Webserver- and other services.
#   The mission is to report all attacks to the abuse departments of the
#   infected PCs/servers to ensure that the responsible provider can inform
#   the customer about the infection and disable them
#
# IMPORTANT: 
# 
# Reporting an IP of abuse is a serious complaint. Make sure that it is
# serious. Fail2ban developers and network owners recommend you only use this
# action for:
#   * The recidive where the IP has been banned multiple times
#   * Where maxretry has been set quite high, beyond the normal user typing
#     password incorrectly.
#   * For filters that have a low likelihood of receiving human errors
#

[Definition]

# Option:  actionstart
# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values:  CMD
#
actionstart = 

# Option:  actionstop
# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
# Values:  CMD
#
actionstop =

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck =

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban = curl --fail --data-urlencode "server=<email>" --data "apikey=<apikey>" --data "service=<service>" --data "ip=<ip>" --data-urlencode "logs=<matches><br>" --data 'format=text' --user-agent "<agent>" "https://www.blocklist.de/en/httpreports.html"

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban =

# Option:  email
# Notes    server email address, as per blocklist.de account
# Values:  STRING  Default: None
#
#email =

# Option:  apikey
# Notes    your user blocklist.de user account apikey
# Values:  STRING  Default: None
#
#apikey =

# Option:  service
# Notes    service name you are reporting on, typically aligns with filter name
#          see http://www.blocklist.de/en/httpreports.html for full list
# Values:  STRING  Default: None
#
#service =
Hacker Blog, Shell İndir, Sql İnjection, XSS Attacks, LFI Attacks, Social Hacking, Exploit Bot, Proxy Tools, Web Shell, PHP Shell, Alfa Shell İndir, Hacking Training Set, DDoS Script, Denial Of Service, Botnet, RFI Attacks, Encryption
Telegram @BIBIL_0DAY