Restructured the way the catagories work.

Jail.conf is cleaner and abuseipdb.conf is more flexible.

config/action.d/abuseipdb.conf

@@ -16,6 +16,23 @@
 # Original Ref: https://wiki.shaunc.com/wikka.php?wakka=ReportingToAbuseIPDBWithFail2Ban
 # Added to fail2ban by Andrew James Collett (ajcollett)
 
+## abuseIPDB Catagories, `the abuseipdb_category` MUST be set in the jail.conf action call.
+# Example, for ssh bruteforce: action = %(action_abuseipdb)s[abuseipdb_category="18,22"]
+# ID	Title	Description
+# 3	  Fraud Orders
+# 4	  DDoS Attack
+# 9	  Open Proxy
+# 10	Web Spam
+# 11	Email Spam
+# 14	Port Scan
+# 18	Brute-Force
+# 19	Bad Web Bot
+# 20	Exploited Host
+# 21	Web App Attack
+# 22	SSH	Secure Shell (SSH) abuse. Use this category in combination with more specific categories.
+# 23	IoT Targeted
+# See https://abuseipdb.com/categories for more descriptions
+
 [Definition]
 
 # Option:  actionstart
@@ -71,4 +88,6 @@ actionunban =
 # Option:  abuseipdb_apikey
 # Notes    Your API key from abuseipdb.com
 # Values:  STRING  Default: None
+# Register for abuseipdb [https://www.abuseipdb.com], get api key and set below.
+# You will need to set the catagory in the action call.
 abuseipdb_apikey =

config/jail.conf

@@ -206,23 +206,19 @@ action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", ag
 # Report ban via badips.com (uses action.d/badips.conf for reporting only)
 #
 action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]
-# Actions to report to abuseipdb.com via API.
+# Report ban via abuseipdb.com.
-# See action.d/abuseipdb.conf and https://wiki.shaunc.com/wikka.php?wakka=ReportingToAbuseIPDBWithFail2Ban
+#
-# If you want cleaner reports that ensure no user data see the helper script at the above IP
+# See action.d/abuseipdb.conf and
+# https://wiki.shaunc.com/wikka.php?wakka=ReportingToAbuseIPDBWithFail2Ban
+#
 # NOTE: These reports may include sensitive Info.
-
+# If you want cleaner reports that ensure no user data see the helper script at the above website.
-# IMPORTANT: Register for abuseipdb [https://www.abuseipdb.com], get, and set the api key at the bottom of action.d/abuseipdb.conf
+#
-action_abuseipdb_fraud     = abuseipdb[abuseipdb_category="3"]
+# IMPORTANT: This action relies on a api_key being added to the above action conf,
-action_abuseipdb_ddos      = abuseipdb[abuseipdb_category="4"]
+# and the appropriate catagories set.
-action_abuseipdb_proxy     = abuseipdb[abuseipdb_category="9"]
+# Example, for ssh bruteforce: action = %(action_abuseipdb)s[abuseipdb_category="18,22"]
-action_abuseipdb_forumspam = abuseipdb[abuseipdb_category="10"]
+# See action.d/abuseipdb.conf for catagories
-action_abuseipdb_emailspam = abuseipdb[abuseipdb_category="11"]
+action_abuseipdb = abuseipdb
-action_abuseipdb_blogspam  = abuseipdb[abuseipdb_category="12"]
-action_abuseipdb_portscan  = abuseipdb[abuseipdb_category="14"]
-action_abuseipdb_hack      = abuseipdb[abuseipdb_category="15"]
-action_abuseipdb_sqlinject = abuseipdb[abuseipdb_category="16"]
-action_abuseipdb_spoofing  = abuseipdb[abuseipdb_category="17"]
-action_abuseipdb_sshbrute  = abuseipdb[abuseipdb_category="18"]
 
 # Choose default action.  To change, just override value of 'action' with the
 # interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local