JoshS/UFW-AbuseIPDB-Reporter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Small fixes

Browse source
This commit is contained in:
Sefinek 2025-01-18 03:02:55 +01:00
parent 4f16dfda77
commit edb5a9d8fe
2 changed files with 26 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
README.md
View file

@ -1,15 +1,17 @@
# 🛡️ UFW AbuseIPDB Reporter
A utility designed to analyze UFW firewall logs and report malicious IP addresses to the [AbuseIPDB](https://www.abuseipdb.com) database.
To prevent redundant reporting of the same IP address within a short period, the tool uses a temporary cache file to track previously reported IPs.
A utility designed to analyze UFW logs and report IP addresses blocked by the firewall to the [AbuseIPDB](https://www.abuseipdb.com) database.
To prevent excessive reporting of the same IP address within a short period, the tool uses a temporary cache file to track previously reported IP addresses.
This project was previously written in Bash, but it has been rewritten in [Node.js](https://nodejs.org). All my integration tools are currently written in Node, hence the change.
If you were using the old version, [uninstall it](https://github.com/sefinek/UFW-AbuseIPDB-Reporter/tree/node.js?tab=readme-ov-file#%EF%B8%8F-remove-the-old-version) as it will no longer be supported.
This project was previously written in Bash but has been rewritten in [Node.js](https://nodejs.org). All my integration tools are now written in Node, hence this change.
If you were using the old version, please [uninstall it](https://github.com/sefinek/UFW-AbuseIPDB-Reporter/tree/node.js?tab=readme-ov-file#%EF%B8%8F-remove-the-old-version) as it will no longer be supported.
If you like this repository or find it useful, I would greatly appreciate it if you could give it a star ⭐. Thanks a lot!
See also this: [sefinek/Cloudflare-WAF-To-AbuseIPDB](https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB)
If you like this repository or find it useful, Id greatly appreciate it if you could give it a star ⭐. Many thanks!
Also, check this out: [sefinek/Cloudflare-WAF-To-AbuseIPDB](https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB)
> [!IMPORTANT]
> If you'd like to make changes to any files in this repository, please start by creating a [public fork](https://github.com/sefinek/UFW-AbuseIPDB-Reporter/fork).
> [!IMPORTANT]
> - If you'd like to make changes to any files in this repository, please start by creating a [public fork](https://github.com/sefinek/UFW-AbuseIPDB-Reporter/fork).
>
> - According to AbuseIPDB's policy, UDP traffic should not be reported!
## 📋 Requirements
@ -18,6 +20,14 @@ See also this: [sefinek/Cloudflare-WAF-To-AbuseIPDB](https://github.com/sefinek/
3. [Git](https://git-scm.com)
## ✅ Features
1. A `config.js` file enabling easy configuration.
2. A simple installer allowing quick integration deployment.
3. Integration with Discord Webhooks (coming soon):
- Alerts in case of script errors
- Daily summaries of reported IP addresses
## 📥 Installation
### Automatic (Easy & recommenced)
@ -67,10 +77,10 @@ pm2 startup
pm2 save
```
## 🗑️ Uninstall the deprecated version if you have it
```bash
sudo systemctl stop abuseipdb-ufw.service
sudo systemctl disable abuseipdb-ufw.service
sudo systemctl stop abuseipdb-ufw.service && sudo systemctl disable abuseipdb-ufw.service
sudo rm /etc/systemd/system/abuseipdb-ufw.service
sudo systemctl daemon-reload
sudo rm -r /usr/local/bin/UFW-AbuseIPDB-Reporter
@ -92,7 +102,7 @@ pm2 logs ufw-abuseipdb
### 📄 Example reports
#### 1
```text
Blocked by UFW on vserver1 [80/tcp]
Blocked by UFW on homeserver01 [80/tcp]
Source port: 23639
TTL: 247
Packet length: 40
@ -104,7 +114,7 @@ https://github.com/sefinek/UFW-AbuseIPDB-Reporter
#### 2
```text
Blocked by UFW on vserver1 [30049/tcp]. Generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter
Blocked by UFW on homeserver01 [30049/tcp]. Generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter
```
@ -112,5 +122,5 @@ Blocked by UFW on vserver1 [30049/tcp]. Generated by: https://github.com/sefinek
If you want to contribute to the development of this project, feel free to create a new [Pull request](https://github.com/sefinek/UFW-AbuseIPDB-Reporter/pulls). I will definitely appreciate it!
## 🔑 GPL-3.0 License
Copyright 2024 © by [Sefinek](https://sefinek.net). All rights reserved. See the [LICENSE](LICENSE) file for more information.
## 🔑 [GPL-3.0 License](LICENSE)
Copyright 2024-2025 © by [Sefinek](https://sefinek.net). All rights reserved.

4
default.config.js
View file

@ -2,7 +2,7 @@ exports.MAIN = {
// Server
UFW_FILE: '/var/log/ufw.log',
CACHE_FILE: '/tmp/ufw-abuseipdb-reporter.cache',
SERVER_ID: null, // The server name that will be visible in the reports. If you don't want to define it, leave the value as null.
SERVER_ID: null, // The server name that will be visible in the reports (e.g. 'homeserver01'). If you don't want to define it, leave the value as null.
// Reporting
ABUSEIPDB_API_KEY: '',
@ -50,7 +50,7 @@ https://github.com/sefinek/UFW-AbuseIPDB-Reporter`; // Please do not remove this
// Alternative version:
// exports.REPORT_COMMENT = ({ timestamp, In, Out, srcIp, dstIp, res, tos, prec, ttl, id, proto, spt, dpt, len, urgp, mac, window, syn }, fullLog, serverName) =>
// `Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt}/${proto?.toLowerCase()}]. Generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter`; // Please do not remove this URL; I would be very grateful! Thank you. 💙
// `Blocked by UFW ${serverName ? `on ${serverName} ` : ''}[${dpt}/${proto?.toLowerCase()}]. Generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter`;
// See: https://www.abuseipdb.com/categories