Added config for AbuseIPDB, ony tested on Ubuntu 16.04

THANKS

@@ -16,6 +16,7 @@ Alexander Koeppe (IPv6 support)
 Alexandre Perrin (kAworu)
 Amir Caspi
 Amy
+Andrew James Collett (ajcollett)
 Andrew St. Jean
 Andrey G. Grozin
 Andy Fragen
@@ -111,6 +112,7 @@ Sean DuBois
 Sebastian Arcus
 Serg G. Brester
 Sergey Safarov
+Shaun C.
 Sireyessire
 silviogarbes
 Stefan Tatschner

config/action.d/abuseipdb.conf

@@ -0,0 +1,74 @@
+# Fail2ban configuration file
+#
+# Action to report IP address to abuseipdb.com
+# You must sign up to obtain an API key from abuseipdb.com.
+#
+# IMPORTANT:
+#
+# Reporting an IP of abuse is a serious complaint. Make sure that it is
+# serious. Fail2ban developers and network owners recommend you only use this
+# action for:
+#   * The recidive where the IP has been banned multiple times
+#   * Where maxretry has been set quite high, beyond the normal user typing
+#     password incorrectly.
+#   * For filters that have a low likelihood of receiving human errors
+#
+# Original Ref: https://wiki.shaunc.com/wikka.php?wakka=ReportingToAbuseIPDBWithFail2Ban
+# Added to fail2ban by Andrew James Collett (ajcollett)
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+#
+#          ** IMPORTANT! **
+#
+#          By default, this posts directly to AbuseIPDB's API, unfortunately
+#          this results in a lot of backslashes/escapes appearing in the
+#          reports. This also may include info like your hostname.
+#          If you have your own web server with PHP available, you can
+#          use my (Shaun's) helper PHP script by commenting out the first #actionban
+#          line below, uncommenting the second one, and pointing the URL at
+#          wherever you install the helper script. For the PHP helper script, see
+#          <https://wiki.shaunc.com/wikka.php?wakka=ReportingToAbuseIPDBWithFail2Ban>
+#
+#          --ciphers ecdhe_ecdsa_aes_256_sha is used to workaround a
+#          "NSS error -12286" from curl as it attempts to connect using
+#          SSLv3. See https://www.centos.org/forums/viewtopic.php?t=52732
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = curl --fail --ciphers ecdhe_ecdsa_aes_256_sha --data 'key=<abuseipdb_apikey>' --data-urlencode 'comment=<matches>' --data 'ip=<ip>' --data 'category=<abuseipdb_category>' "https://www.abuseipdb.com/report/json"
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban =
+
+[Init]
+# Option:  abuseipdb_apikey
+# Notes    Your API key from abuseipdb.com
+# Values:  STRING  Default: None
+abuseipdb_apikey =

config/jail.conf

@@ -185,7 +185,7 @@ action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
                 %(mta)s-whois-lines[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
 
 # Report block via blocklist.de fail2ban reporting service API
-# 
+#
 # See the IMPORTANT note in action.d/blocklist_de.conf for when to
 # use this action. Create a file jail.d/blocklist_de.local containing
 # [Init]
@@ -206,6 +206,23 @@ action_badips = badips.py[category="%(__name__)s", banaction="%(banaction)s", ag
 # Report ban via badips.com (uses action.d/badips.conf for reporting only)
 #
 action_badips_report = badips[category="%(__name__)s", agent="%(fail2ban_agent)s"]
+# Actions to report to abuseipdb.com via API.
+# See action.d/abuseipdb.conf and https://wiki.shaunc.com/wikka.php?wakka=ReportingToAbuseIPDBWithFail2Ban
+# If you want cleaner reports that ensure no user data see the helper script at the above IP
+# NOTE: These reports may include sensitive Info.
+
+# IMPORTANT: Register for abuseipdb [https://www.abuseipdb.com], get, and set the api key at the bottom of action.d/abuseipdb.conf
+action_abuseipdb_fraud     = abuseipdb[abuseipdb_category="3"]
+action_abuseipdb_ddos      = abuseipdb[abuseipdb_category="4"]
+action_abuseipdb_proxy     = abuseipdb[abuseipdb_category="9"]
+action_abuseipdb_forumspam = abuseipdb[abuseipdb_category="10"]
+action_abuseipdb_emailspam = abuseipdb[abuseipdb_category="11"]
+action_abuseipdb_blogspam  = abuseipdb[abuseipdb_category="12"]
+action_abuseipdb_portscan  = abuseipdb[abuseipdb_category="14"]
+action_abuseipdb_hack      = abuseipdb[abuseipdb_category="15"]
+action_abuseipdb_sqlinject = abuseipdb[abuseipdb_category="16"]
+action_abuseipdb_spoofing  = abuseipdb[abuseipdb_category="17"]
+action_abuseipdb_sshbrute  = abuseipdb[abuseipdb_category="18"]
 
 # Choose default action.  To change, just override value of 'action' with the
 # interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
@@ -330,7 +347,7 @@ logpath = /opt/openhab/logs/request.log
 port    = http,https
 logpath = %(nginx_error_log)s
 
-# To use 'nginx-limit-req' jail you should have `ngx_http_limit_req_module` 
+# To use 'nginx-limit-req' jail you should have `ngx_http_limit_req_module`
 # and define `limit_req` and `limit_req_zone` as described in nginx documentation
 # http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
 # or for example see in 'config/filter.d/nginx-limit-req.conf'