Is there a new place where the mentioned php helper script can be found?

[dhacker29]

The mentioned site is no longer active.

fail2ban/config/action.d/abuseipdb.conf

Lines 76 to 83 in 6893d5a

	# By default, this posts directly to AbuseIPDB's API, unfortunately
	# this results in a lot of backslashes/escapes appearing in the
	# reports. This also may include info like your hostname.
	# If you have your own web server with PHP available, you can
	# use my (Shaun's) helper PHP script by commenting out the first #actionban
	# line below, uncommenting the second one, and pointing the URL at
	# wherever you install the helper script. For the PHP helper script, see
	# <https://wiki.shaunc.com/wikka.php?wakka=ReportingToAbuseIPDBWithFail2Ban>

[sebres]

I guess - no.
@ajcollett any idea?

But since fail2ban already stores the matches in its database, I don't think you need some action (and a helper script) which will store it in some extra database.

A simple view script (obtaining data from fail2ban status, log and sqlite-database) would be enough.

Here you can find an example how to get info from database via command line - #2659 (comment)

This is a small python script generating a html table for single IP (supplied as first argument):

#!/usr/bin/python

dbpath='/var/lib/fail2ban/fail2ban.sqlite3';

import sys, logging; logging.basicConfig(stream=sys.stdout, level=logging.ERROR);
from fail2ban.server.database import Fail2BanDb;
try:
  from html import escape  # python 3.x
except ImportError:
  from cgi  import escape  # python 2.x

def esc(s):
  return escape(str(s))

def time2str(v):
  d = float(v) / 86400
  s = float(v % 86400)
  if d >= 1: return '%.1f days' % d
  t = s / 60 / 60
  if t >= 1: return '%.1f hours' % t
  t = int(s / 60) % 60
  if t: return '%s min' % t
  return 'sec'

ip = sys.argv[1];

db = Fail2BanDb(dbpath);
cur = db._db.cursor()
for r in cur.execute('''select datetime(timeofban, 'unixepoch', 'localtime') as startofban,
datetime(timeofban + bantime, 'unixepoch', 'localtime') as endofban,
(select '*' where datetime(timeofban + bantime, 'unixepoch', 'localtime') > datetime('now', 'localtime')) as act,
jail, cast(bantime as int) bantime, bancount, data
from (
  select ip, jail, timeofban, bantime, bancount, data from bips where ip = ?1
  union
  select ip, jail, timeofban, bantime, bancount, data from bans where ip = ?1
)
order by endofban desc
limit 50;
''', (ip,)):
  s = '<table style="width:100% !important; table-layout:fixed;"><tr>'
  names = list(map(lambda x: x[0], cur.description))
  for v in names[0:-1]:
    s += '<th>' + esc(v) + '</th>'
  s += '</tr><tr>'
  for i,v in enumerate(r[0:-1]):
    if names[i] == 'bantime':
      v = '%s (%s)' % (v, time2str(v))
    s += '<td>' + esc(v) + '</td>'
  s += '</tr>'
  print(s)
  for k, v in r[-1].iteritems():
    if k == 'matches':
      s = '\n'.join(map(esc, v))
      print('<tr><th>%s</th><td colspan=6><pre style="overflow-x:auto; width:100%% !important">%s</pre></td></tr>' % (esc(k), s))
      continue
    print('<tr><th>%s</th><td colspan=6>%s</td></tr>' % (esc(k), esc(v)))
  print('</table>')

The same you can do using PHP or whatever scripting you prefer.
(Don't forget to give the read access for fail2ban database for www-user).

[ajcollett]

Hi @dhacker29, It’s been so long since I did this that I had to remind myself what was up.

I am not sure I have a copy of the script anywhere, but the way back machine does.

https://web.archive.org/web/20190123052042/https://wiki.shaunc.com/wikka.php?wakka=ReportingToAbuseIPDBWithFail2Ban

Does that help you out?

@sebres I think the idea here was to contribute to a globally accessible database. So just setting up a local one doesn’t really serve the same purpose? Or did I not understand?