abuseipdb contribution script

disgustipated

i wanted to feel around here for if there has been anyone which has already created a method to report back to abuseipdb ip addresses that continually fail login attempts. abuseipdb seemed to regularly come up in my searches for the ips im seeing doing brute force attacks and seems like a great concept and seems reputable and easy to work with. im handling most of the offenders in pfblockerng for pulling down the block list from abusipdb but i also want to contribute back to them.
it seems abuseipdb’s documentation has a decent script to read the fail2ban db directly. perhaps something in the mailcow api to pull the list and entries of banned ips, i havent looked into it this far yet but thats what this post is, to see if anyone has this process set up already. there would probably also need to be a means to obfuscate the email addresses when reporting back the offender log entry, though the whole log entry might not actually be needed and just report back a "mail server brute attack, generalization.

ETNyx

While noble intention, it feels like answer to you question is ugly: UTFG

To get most answers you would spend less time than write your post.

1) you need to register and than be approved
2) than you can use they API to report (https://www.abuseipdb.com/api.html)
3) as you can see from API they do not want your logs or some sensitive information (except IP)
4) they have fail2ban integration, but this is not same as what MC have, so this can not be integrated into MC, but you can configure MC to use external fail2ban that will work whit this. (https://www.abuseipdb.com/fail2ban.html)

Sorry to be mean,…

disgustipated

thank you for the reply, however youre not being mean, youre just underestimating or perhaps misunderstanding the question. i am registered already and can report IPs, and in doing so i understand their requirements. i was looking to see if someone had already scripted this. ill update this post when i complete it as i did with a post with moving certificates if no others have done it already.

from the swagger page in mailcow it looks like you can get the fail2ban config from this call

curl -X 'GET' \
  'https://yourmailcow/api/v1/get/fail2ban' \
  -H 'accept: application/json'

its curious you can access the swagger api page from the base domain after the move to the admin subdirectory (oh looks like you can set up access for it in the configuration 😃 )

disgustipated

for those that have pfsense in front of their mailcow, this is a fantastic write up for pulling down a list of IPs with a perl script from abuseipdb and adding it to pfblockerng to prevent attacks on your mailcow before they even reach it

https://brian.thecadwells.net/2021/11/13/integrating-abuseipdb-into-pfblockerng/