Fail2ban: $f2bV_matches on abuseipDB with APIV2 (not V1)

Created on 20 Dec 2018 · 3Comments · Source: fail2ban/fail2ban

Using Fail2ban 0.11.0.3 and trying to set it up with AbuseIPDB using APIv2.

According to some issues, it was already resolved with:

actionban = lgm=$(printf '%%s\n...' "<matches>"); curl --fail --tlsv1.1 --data "key=<abuseipdb_apikey>" --data-urlencode "comment=$lgm" --data "ip=<ip>" --data "category=<abuseipdb_category>" "https://www.abuseipdb.com/report/json"

However, APIV2 is using a different setup:

actionban = curl --fail 'https://api.abuseipdb.com/api/v2/report' \
     -H 'Accept: application/json' \
     -H 'Key: <abuseipdb_apikey>' \
     --data-urlencode 'comment=<matches>' \
     --data-urlencode 'ip=<ip>' \
     --data 'categories=<abuseipdb_category>'

Which also results in $f2bV_matches showing up on the report comments on the abuseipDB website. API v1 is already deprecated, so I think the abuseipdb.conf file needs to be updated using the new api v2 code.

https://docs.abuseipdb.com/

Source

Skyridr

Most helpful comment

This going to escape-issue (via variable) inside the fail2ban (since 0.10.x)...
Just use double quotation mark " instead:
```diff
- --data-urlencode 'comment='
+ --data-urlencode "comment="

sebres on 20 Dec 2018

👍3

All 3 comments

This going to escape-issue (via variable) inside the fail2ban (since 0.10.x)...
Just use double quotation mark " instead:
```diff
- --data-urlencode 'comment='
+ --data-urlencode "comment="

sebres on 20 Dec 2018

👍3

Assumed as much as I just found out about it by doing some digging, thanks!

Will the abuseipdb.conf be updated with the v2 API actionban version though? Seeing v1 is deprecated.

Skyridr on 20 Dec 2018