fail2ban-reporter
// Auto-report fail2ban banned IPs to AbuseIPDB and notify via Telegram. Use when monitoring server security, reporting attackers, or checking banned IPs. Watches fail2ban for new bans, reports them to AbuseIPDB, and sends alerts.
$ git log --oneline --stat
stars:1,933
forks:367
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
namefail2ban-reporter
descriptionAuto-report fail2ban banned IPs to AbuseIPDB and notify via Telegram. Use when monitoring server security, reporting attackers, or checking banned IPs. Watches fail2ban for new bans, reports them to AbuseIPDB, and sends alerts.
fail2ban Reporter
Monitor fail2ban bans and auto-report attackers to AbuseIPDB.
Setup
- Get a free AbuseIPDB API key at https://www.abuseipdb.com/account/api
- Store it:
pass insert abuseipdb/api-key - Install the monitor:
bash {baseDir}/scripts/install.sh
Manual Usage
Report all currently banned IPs
bash {baseDir}/scripts/report-banned.sh
Check a specific IP
bash {baseDir}/scripts/check-ip.sh <ip>
Show ban stats
bash {baseDir}/scripts/stats.sh
Auto-Reporting
The install script sets up a fail2ban action that auto-reports new bans.
bash {baseDir}/scripts/install.sh # install auto-reporting
bash {baseDir}/scripts/uninstall.sh # remove auto-reporting
Heartbeat Integration
Add to HEARTBEAT.md to check for new bans periodically:
- [ ] Check fail2ban stats and report any unreported IPs to AbuseIPDB
Workflow
- fail2ban bans an IP → action triggers
report-single.sh - Script reports to AbuseIPDB with SSH brute-force category
- Sends Telegram notification (if configured)
- Logs report to
/var/log/abuseipdb-reports.log
API Reference
See references/abuseipdb-api.md for full API docs.