JoshS/UFW-AbuseIPDB-Reporter

Fork 0

A tool (with a simple installer) that monitors UFW firewall logs in real time and reports IP addresses to the AbuseIPDB database.

abuseipdb abuseipdb-api abuseipdb-reporting-tool abuseipdbv2 firewall firewall-configuration firewall-management reporter reporting-tool server server-management tool ubuntu ubuntu-server ufw ufw-firewall

Find a file

Sefinek a9118409cd Fix processLogLine		2024-12-19 15:22:52 +01:00
.github	Create FUNDING.yml	2024-10-31 21:11:19 +01:00
.idea	Node.js version (not finished yet)	2024-12-19 14:58:18 +01:00
services	Node.js version (not finished yet)	2024-12-19 14:58:18 +01:00
utils	Some fixes	2024-12-19 15:19:30 +01:00
.gitignore	Node.js version (not finished yet)	2024-12-19 14:58:18 +01:00
default.config.js	Some fixes	2024-12-19 15:19:30 +01:00
ecosystem.config.js	Node.js version (not finished yet)	2024-12-19 14:58:18 +01:00
eslint.config.mjs	Node.js version (not finished yet)	2024-12-19 14:58:18 +01:00
index.js	Fix processLogLine	2024-12-19 15:22:52 +01:00
LICENSE	Change to GPL-3.0	2024-10-27 13:49:17 +01:00
package-lock.json	Node.js version (not finished yet)	2024-12-19 14:58:18 +01:00
package.json	Node.js version (not finished yet)	2024-12-19 14:58:18 +01:00
README.md	## 📋 Requirements	2024-12-19 14:59:21 +01:00

README.md

🛡️ UFW AbuseIPDB Reporter

A utility designed to analyze UFW firewall logs and report malicious IP addresses to the AbuseIPDB database.
To prevent redundant reporting of the same IP address within a short period, the tool uses a temporary cache file to track previously reported IPs.

If you like this repository or find it useful, I would greatly appreciate it if you could give it a star ⭐. Thanks a lot!
See also this: sefinek/Cloudflare-WAF-To-AbuseIPDB

Important

If you'd like to make changes to any files in this repository, please start by creating a public fork.

📋 Requirements

Node.js + npm
Git

🧪 Tested operating systems

Ubuntu Server: 20.04 & 22.04

If the distribution you're using to run this tool isn't listed here but works correctly, please create a new Issue or submit a Pull request.

📥 Installation

curl

bash <(curl -s https://raw.githubusercontent.com/sefinek/UFW-AbuseIPDB-Reporter/main/install.sh)

wget

bash <(wget -qO- https://raw.githubusercontent.com/sefinek/UFW-AbuseIPDB-Reporter/main/install.sh)

The installation script will automatically download and configure the tool on your machine. During the installation process, you will be prompted to provide an AbuseIPDB API token.

🖥️ Usage

After successful installation, the script will run continuously in the background, monitoring UFW logs and automatically reporting malicious IP addresses. The tool requires no additional user action after installation. However, it's worth occasionally checking its operation and updating the script regularly (by running the installation command).

Servers open to the world are constantly scanned by bots, usually looking for vulnerabilities or other security gaps. So don't be surprised if the next day, the number of reports to AbuseIPDB exceeds a thousand.

🔍 Checking service status

sudo systemctl status abuseipdb-ufw.service

To see the current logs generated by the process, use the command:

journalctl -u abuseipdb-ufw.service -f

📄 Example report

Blocked by UFW (TCP on 80)
Source port: 28586
TTL: 116
Packet length: 48
TOS: 0x08

This report (for 46.174.191.31) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter

🤝 Development

If you want to contribute to the development of this project, feel free to create a new Pull request. I will definitely appreciate it!