# šŸ›”ļø UFW AbuseIPDB Reporter A utility designed to analyze UFW logs and report IP addresses blocked by the firewall to the [AbuseIPDB](https://www.abuseipdb.com) database. To prevent excessive reporting of the same IP address within a short period, the tool uses a temporary cache file to track previously reported IP addresses. This project was originally written in Bash but has been rewritten in [Node.js](https://nodejs.org). All my integration tools are now written in Node, hence this change. If you were using the old version, please [uninstall it](https://github.com/sefinek/UFW-AbuseIPDB-Reporter/tree/node.js?tab=readme-ov-file#%EF%B8%8F-remove-the-old-version) as it will no longer be supported. If you like this repository or find it useful, Iā€™d greatly appreciate it if you could give it a star ā­. Many thanks! Also, check this out: [sefinek/Cloudflare-WAF-To-AbuseIPDB](https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB) > [!IMPORTANT] > - If you'd like to make changes to any files in this repository, please start by creating a [public fork](https://github.com/sefinek/UFW-AbuseIPDB-Reporter/fork). > - According to AbuseIPDB's policy, UDP traffic should not be reported! ## šŸ“‹ Requirements 1. [Node.js + npm](https://nodejs.org) 2. [PM2](https://www.npmjs.com/package/pm2) 3. [Git](https://git-scm.com) ## āœ… Features 1. A [`config.js`](default.config.js) file enabling easy configuration. 2. A simple installer allowing quick integration deployment. 3. Integration with Discord Webhooks (coming soon): - Alerts in case of script errors - Daily summaries of reported IP addresses 4. Automatic updates. ## šŸ“„ Installation ### Automatic (easy & recommenced) #### Via curl ```bash bash <(curl -fsS https://raw.githubusercontent.com/sefinek/UFW-AbuseIPDB-Reporter/node.js/install.sh) ``` #### Via wget ```bash bash <(wget -qO- https://raw.githubusercontent.com/sefinek/UFW-AbuseIPDB-Reporter/node.js/install.sh) ``` ### Manually #### Node.js installation (Ubuntu & Debian) ```bash sudo apt-get install -y curl curl -fsSL https://deb.nodesource.com/setup_22.x -o nodesource_setup.sh sudo -E bash nodesource_setup.sh && sudo apt-get install -y nodejs ``` #### Git installation ```bash sudo add-apt-repository ppa:git-core/ppa sudo apt-get update && sudo apt-get -y install git ``` #### Script ```bash sudo apt-get update && sudo apt-get upgrade cd ~ git clone https://github.com/sefinek/UFW-AbuseIPDB-Reporter.git cd UFW-AbuseIPDB-Reporter npm install cp default.config.js config.js sudo chmod 644 /var/log/ufw.log node . ^C npm uninstall corepack -g npm install pm2 -g sudo mkdir /var/log/ufw-abuseipdb sudo chown $USER:$USER /var/log/ufw-abuseipdb -R pm2 start pm2 startup [Paste the command generated by pm2 startup] pm2 save ``` ## šŸ—‘ļø Uninstall the deprecated version if you have it ```bash sudo systemctl stop abuseipdb-ufw.service && sudo systemctl disable abuseipdb-ufw.service sudo rm /etc/systemd/system/abuseipdb-ufw.service sudo systemctl daemon-reload sudo rm -r /usr/local/bin/UFW-AbuseIPDB-Reporter ``` ## šŸ–„ļø Usage After successful installation, the script will run continuously in the background, monitoring UFW logs and automatically reporting malicious IP addresses. The tool requires no additional user action after installation. However, it's worth occasionally checking its operation and updating the script regularly (by running the installation command). Servers open to the world are constantly scanned by bots, usually looking for vulnerabilities or other security gaps. So don't be surprised if the next day, the number of reports to AbuseIPDB exceeds a thousand. ### šŸ” Checking logs ```bash pm2 logs ufw-abuseipdb ``` ### šŸ“„ Example reports #### 1ļøāƒ£ ```text Blocked by UFW on homeserver01 [80/tcp] Source port: 23639 TTL: 247 Packet length: 40 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter ``` #### 2ļøāƒ£ ```text Blocked by UFW on homeserver01 [30049/tcp]. Generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter ``` ## šŸ¤ Development If you want to contribute to the development of this project, feel free to create a new [Pull request](https://github.com/sefinek/UFW-AbuseIPDB-Reporter/pulls). I will definitely appreciate it! ## šŸ”‘ [GPL-3.0 License](LICENSE) Copyright 2024-2025 Ā© by [Sefinek](https://sefinek.net). All rights reserved.