Skip to content

Instantly share code, notes, and snippets.

@em92 em92/crontab -e
Last active Aug 25, 2018

What would you like to do?
abuseipdb report scripts
# make sure to put ABUSE_API_KEY into ~/.profile
0 1 * * * . ~/.profile; ~/abuse/
sudo cat /var/log/auth.log | grep "`LC_ALL=en_US.utf8 date -d 'yesterday' '+%b %e'`" | grep "Failed password for invalid" | sed -r 's/.*Failed password for invalid user (|[A-Za-z0-9_-]+) from ([0-9\.]+).*/\2/m' | sort | uniq
sudo cat /var/log/auth.log | grep $1 | grep "Failed password for invalid" | sed -e "s/ih953426/***/"
for ip in `~/abuse/`
~/abuse/ $ip
~/abuse/ $1 | curl "$ABUSE_API_KEY&category=18,22&ip=$1" --data-urlencode comment@-

This comment has been minimized.

Copy link

kevcool commented Aug 25, 2018

Thanks for sharing. This works like a charm. Just need a tweak to mask the server name but I’ll work to tweak that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.