Skip to content

Instantly share code, notes, and snippets.

@em92 em92/crontab -e
Last active Aug 25, 2018

Embed
What would you like to do?
abuseipdb report scripts
# make sure to put ABUSE_API_KEY into ~/.profile
0 1 * * * . ~/.profile; ~/abuse/ssh_report_all.sh
#!/bin/bash
sudo cat /var/log/auth.log | grep "`LC_ALL=en_US.utf8 date -d 'yesterday' '+%b %e'`" | grep "Failed password for invalid" | sed -r 's/.*Failed password for invalid user (|[A-Za-z0-9_-]+) from ([0-9\.]+).*/\2/m' | sort | uniq
#!/bin/bash
sudo cat /var/log/auth.log | grep $1 | grep "Failed password for invalid" | sed -e "s/ih953426/***/"
#!/bin/bash
for ip in `~/abuse/ssh_failed_ips.sh`
do
~/abuse/ssh_report_one.sh $ip
echo
done
#!/bin/bash
~/abuse/ssh_ip_comment.sh $1 | curl "https://www.abuseipdb.com/report/json?key=$ABUSE_API_KEY&category=18,22&ip=$1" --data-urlencode comment@-
@kevcool

This comment has been minimized.

Copy link

kevcool commented Aug 25, 2018

Thanks for sharing. This works like a charm. Just need a tweak to mask the server name but I’ll work to tweak that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.