- Notifications
You must be signed in to change notification settings - Fork1
A tool (with a simple installer) that monitors UFW firewall logs in real time and reports IP addresses to the AbuseIPDB database.
License
sefinek/UFW-AbuseIPDB-Reporter
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
A utility designed to analyze UFW logs and report IP addresses blocked by the firewall to theAbuseIPDB database.
To prevent excessive reporting of the same IP address within a short period, the tool uses a temporary cache file to track previously reported IP addresses.
This project was originally written inBash but has been rewritten inNode.js. All my integration tools are now written in Node, hence this change.If you were using the old version, pleaseuninstall it as it will no longer be supported.
⭐ If you like this repository or find it useful, I'd greatly appreciate it if you could give it a star. Many thanks!
Also, check this out:sefinek/Cloudflare-WAF-To-AbuseIPDB
Important
- If you'd like to make changes to any files in this repository, please start by creating apublic fork.
- According to AbuseIPDB's policy,UDP traffic should not be reported!
- Node.js + npm
- PM2 (
npm i pm2 -g) - Git
- Linux
- Easy Configuration – The
config.jsfile allows for quick and simple customization. - Simple Installer – Enables fast and seamless integration deployment.
- Self-IP Protection (IPv4 & IPv6) – The script will never report an IP address belonging to you or your server, even if you use a dynamic IP.
- Discord Webhooks Integration:
- Important notifications.
- Alerts for script errors.
- Daily summaries of reported IP addresses.
- Automatic Updates – The script regularly fetches and applies the latest updates. If you want, you candisable it, of course.
bash<(curl -fsS https://raw.githubusercontent.com/sefinek/UFW-AbuseIPDB-Reporter/main/install.sh)bash<(wget -qO- https://raw.githubusercontent.com/sefinek/UFW-AbuseIPDB-Reporter/main/install.sh)sudo apt install -y curlcurl -fsSL https://deb.nodesource.com/setup_22.x -o nodesource_setup.shsudo -E bash nodesource_setup.sh&& sudo apt install -y nodejssudo add-apt-repository ppa:git-core/ppasudo apt update&& sudo apt -y install gitsudo apt update&& sudo apt upgradecd~git clone https://github.com/sefinek/UFW-AbuseIPDB-Reporter.git --recurse-submodulescd UFW-AbuseIPDB-Reporternpm installcp config.default.js config.jssudo chmod 644 /var/log/ufw.lognode.^Cnpm install pm2 -gsudo mkdir /var/log/ufw-abuseipdbsudo chown$USER:$USER /var/log/ufw-abuseipdb -Rpm2 startpm2 startup[Paste thecommand generated by pm2 startup]pm2 save
🗑️ Uninstall thedeprecated version if you have it
sudo systemctl stop abuseipdb-ufw.service&& sudo systemctl disable abuseipdb-ufw.servicesudo rm /etc/systemd/system/abuseipdb-ufw.servicesudo systemctl daemon-reloadsudo rm -r /usr/local/bin/UFW-AbuseIPDB-ReporterAfter a successful installation, the script will run continuously in the background, monitoring UFW logs and automatically reporting IP addresses.
Servers are constantly scanned by bots, usually looking for security vulnerabilities and similar weaknesses.So don't be surprised if the number of reports sent to AbuseIPDB exceeds a thousand the next day.
pm2 logs ufw-abuseipdb
Blocked by UFW on homeserver1 [80/tcp]Source port: 23639TTL: 247Packet length: 40TOS: 0x00This report was generated by:https://github.com/sefinek/UFW-AbuseIPDB-ReporterBlocked by UFW on homeserver1 [30049/tcp]. Generated by: https://github.com/sefinek/UFW-AbuseIPDB-ReporterIf you want to contribute to the development of this project, feel free to create a newPull request. I will definitely appreciate it!
Copyright 2024-2025 © bySefinek. All rights reserved.
About
A tool (with a simple installer) that monitors UFW firewall logs in real time and reports IP addresses to the AbuseIPDB database.
