diff --git a/How-to-ban-something-other-as-host-(IP-address),-like-user-or-e-mail,-etc..md b/How-to-ban-something-other-as-host-(IP-address),-like-user-or-mail,-etc..md
similarity index 93%
rename from How-to-ban-something-other-as-host-(IP-address),-like-user-or-e-mail,-etc..md
rename to How-to-ban-something-other-as-host-(IP-address),-like-user-or-mail,-etc..md
index d6851b7..1325f28 100644
--- a/How-to-ban-something-other-as-host-(IP-address),-like-user-or-e-mail,-etc..md
+++ b/How-to-ban-something-other-as-host-(IP-address),-like-user-or-mail,-etc..md
@@ -73,9 +73,17 @@ fail2ban-regex --raw /var/log/auth.log '^\s*(?:\S+\s+)?(?:[^:]+:auth\[\d+\]:\s+)
 
 **[Q]** I don't have any failure-ID in the log-entry, can I nevertheless configure the fail2ban, that it should simply execute some command if some message will be found in observed log-file<br/>
 **[A]** Yes, if you've no failure-id at all (no user-id, e-mail or something other), but you'll that fail2ban execute some shell script after failure occurrence, you should additionally:
-* set empty or something other as match for failure-id (still `<host>` in 0.9th-branch) in `failregex`;
+* set empty or something other as match for failure-id (still `<host>` in 0.9th-branch) in `failregex`, example:
+``` bash
+# DDOS resp. "too many IPs" will be used as failure-ID:
+failregex = ^<F-ID>DDOS</F-ID> attack detected$
+            ^IDS raises alarm: <F-ID>too many IPs</F-ID> in stack$
+```
 * set `maxretry = 1` and `findtime = 1` (ban after first occurrence in 1 seconds);
 * set small `bantime` (e. g. 1 second) to this "jail" (otherwise no "ban" action will be executed in this time, because "already banned" occurs), e. g. `bantime = 1`
-* you need to specify only `actionban` parameter in your custom action file (`actionban = /user/bin/command.sh`); 
+* you need to specify only `actionban` parameter in your custom action file:
+```bash
+actionban = /user/bin/ids-attack.sh '<fid>'
+``` 
 * `actionban` script will be executed as root (or with user, fail2ban running), so use `su` if other/restricted user needed;
 - set `usedns`, `ignoreip`, `ignorecommand` as suggested above, otherwise you can get error by comparison with empty/illegal host (that will be found by "failure");
diff --git a/_Sidebar.md b/_Sidebar.md
index 5bfcc2c..3f3eb3f 100644
--- a/_Sidebar.md
+++ b/_Sidebar.md
@@ -1,6 +1,7 @@
 <h2>HowTo's</h2>
 * [Test newer fail2ban version](How-to-test-newer-fail2ban-version-resp.-use-fail2ban-standalone-instance)
 * [Create standalone instance](How-to-test-newer-fail2ban-version-resp.-use-fail2ban-standalone-instance)
+* [Ban something other as host/IP, like user or e-mail](How-to-ban-something-other-as-host-(IP-address),-like-user-or-mail,-etc.)
 
 ---
 <h2>FAQ</h2>
