Here is another online supplier of blacklist information similar to AbuseIPDB that will allow us to report attackers that we have blacklisted. Nice thing about this one is it is FREE, no subscription and no limitations that I could see. We can submit IP addresses using a simple CURL command once we have signed up for an API key. It generates separate API keys for each “server” you register so they are well tracked and gives reports for them as well. I believe this functionality could be added to SSHGUARD relatively quickly and easily. Will need additional lines in the config file for API key, server name, etc. but that should be pretty simple. Perhaps a better approach would be similar to the way Fail2Ban works using a separate config file for the various services such as blocklist.de and AbuseIPDB.
Issue #117 new