Fail2Ban is a nice piece of software that detects SSH brute force attempts and locks out offending hosts for a predetermined length of time. It can also be outfitted with new and exciting ways of handling these attacks.
Banning script kiddies that are trying to brute their way into your box is nice, but what if you could also take that detection and help clean up the Internet a bit?
Action scripts already exist for Fail2Ban that take the offending IP address and dispatch an email to the abuse email listed in the WHOIS for that IP range. But, it relies on sendmail. With the advent of increasingly aggressive spam blocking solutions, it’s entirely possible that unless you install a full-blown mail server, your mail won’t get through to those who can actually process your complaint. What a drag!
That’s why I took it upon myself to write AutoGripe. AutoGripe is a Python tool that accepts an IP address (automatically, from fail2ban) and dispatches an email with logs to an abuse email address. You can get a copy for yourself at AutoGripe’s GitHub repo.