Could you possibly add the ability to report all blacklisted IP addresses to the AbuseIPDB website?
Per the documentation for their API it would be as simple as adding the following code to the routine that performs the blacklisting…
# POST the submission. curl https://api.abuseipdb.com/api/v2/report \ --data-urlencode "ip=127.0.0.1" \ -d categories=18,22 \ --data-urlencode "comment=SSH login attempts with user root." \ -H "Key: $YOUR_API_KEY" \ -H "Accept: application/json"
Of course the end-user would need to apply for an AbuseIPDB API key for this to be effective. The same API could be used to check whether an attacking IP address is blacklisted and add them to the SSHGUARD blacklist immediately rather than going through the block/wait/block/wait/ban process.