# Fail2Ban configuration file
#
# Author: Steven Hiscocks
#
#

# Action to report IP address to blocklist.de
# Blocklist.de must be signed up to at www.blocklist.de
# Once registered, one or more servers can be added.
# This action requires the server 'email address' and the associated apikey.
#
# From blocklist.de:
#   www.blocklist.de is a free and voluntary service provided by a
#   Fraud/Abuse-specialist, whose servers are often attacked on SSH-,
#   Mail-Login-, FTP-, Webserver- and other services.
#   The mission is to report all attacks to the abuse departments of the
#   infected PCs/servers to ensure that the responsible provider can inform
#   the customer about the infection and disable them
#
# IMPORTANT: 
# 
# Reporting an IP of abuse is a serious complaint. Make sure that it is
# serious. Fail2ban developers and network owners recommend you only use this
# action for:
#   * The recidive where the IP has been banned multiple times
#   * Where maxretry has been set quite high, beyond the normal user typing
#     password incorrectly.
#   * For filters that have a low likelihood of receiving human errors
#

[Definition]

# Option:  actionstart
# Notes.:  command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false).
# Values:  CMD
#
actionstart = 

# Option:  actionstop
# Notes.:  command executed at the stop of jail (or at the end of Fail2Ban)
# Values:  CMD
#
actionstop =

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck =

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionban = curl --fail --data-urlencode "server=<email>" --data "apikey=<apikey>" --data "service=<service>" --data "ip=<ip>" --data-urlencode "logs=<matches><br>" --data 'format=text' --user-agent "<agent>" "https://www.blocklist.de/en/httpreports.html"

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    See jail.conf(5) man page
# Values:  CMD
#
actionunban =

# Option:  email
# Notes    server email address, as per blocklist.de account
# Values:  STRING  Default: None
#
#email =

# Option:  apikey
# Notes    your user blocklist.de user account apikey
# Values:  STRING  Default: None
#
#apikey =

# Option:  service
# Notes    service name you are reporting on, typically aligns with filter name
#          see http://www.blocklist.de/en/httpreports.html for full list
# Values:  STRING  Default: None
#
#service =