From 960ff97176ca252a5565667046eb8726b36973a5 Mon Sep 17 00:00:00 2001
From: Alfonso <vivancos@outlook.es>
Date: Tue, 1 Mar 2022 08:51:56 +0100
Subject: [PATCH 1/2] Added abuseipdb

Added the AbuseIPDB source. API key needed
---
 blocklist.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/blocklist.sh b/blocklist.sh
index 677a8f5..31448bf 100755
--- a/blocklist.sh
+++ b/blocklist.sh
@@ -6,6 +6,9 @@ if [ "$(whoami)" == "root" ]; then echo "root ok"; else echo "run as root!"; exi
 #GREP_PATH=$(whereis grep | awk '{print $2}')
 BLOCKLISTDE="https://lists.blocklist.de/lists/all.txt"
 CRWALERS="https://isc.sans.edu/api/threatcategory/research?json"
+ABUSE="https://api.abuseipdb.com/api/v2/blacklist"
+abuse_key="INERT_YOUR_API_KEY_HERE"
+
 
 
 #if [ -f $IPTABLES_PATH ]; then echo "iptables OK"; else echo "Cannot find [ iptables ]. Is it installed? Exiting"; exit 1; fi;
@@ -22,9 +25,13 @@ if ! command -v grep >/dev/null; then  echo "I require grep but it's not install
 echo "Downloading the most recent IP list from $BLOCKLISTDE ... and adding them to ipset blocklistde"
 ipset create blocklistde hash:ip
 curl -s https://lists.blocklist.de/lists/all.txt | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" | xargs -L1 ipset add blocklistde 2>&1
-echo "Downloading the most recent IP list from $CRWALERS ... and adding them to ipset crawlers"
+echo "Downloading the most recent IP list from $CRWALERS ... and adding them to ipset crawler_bots"
 ipset create crawler_bots hash:ip
 curl -s https://isc.sans.edu/api/threatcategory/research?json | jq '.[] | {ipv4}' | grep ':' | awk '{ print $2 }' | tr -d '"' | xargs -L1 ipset add crawler_bots 2>&1
+echo "Downloading the most recent IP list from $ABUSE and adding them to abuseipdb"
+ipset create abuseipdb hash:ip
+curl -s -H "key: $abuse_key" https://api.abuseipdb.com/api/v2/blacklist | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" | xargs -L1 ipset add abuseipdb 2>&1
 echo "Adding the iptables rules..."
 iptables -I INPUT -m set --match-set crawler_bots src -j DROP
 iptables -I INPUT -m set --match-set blocklistde src -j DROP
+iptables -I INPUT -m set --match-set abuseipdb src -j DROP

From 8ee728fd857a79d59976297ca53e998fbbc021c9 Mon Sep 17 00:00:00 2001
From: Alfonso <vivancos@outlook.es>
Date: Tue, 1 Mar 2022 09:05:00 +0100
Subject: [PATCH 2/2] Update blocklist.sh

Typo error. Added link to API key from abusedb
---
 blocklist.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blocklist.sh b/blocklist.sh
index 31448bf..7cb296b 100755
--- a/blocklist.sh
+++ b/blocklist.sh
@@ -7,7 +7,7 @@ if [ "$(whoami)" == "root" ]; then echo "root ok"; else echo "run as root!"; exi
 BLOCKLISTDE="https://lists.blocklist.de/lists/all.txt"
 CRWALERS="https://isc.sans.edu/api/threatcategory/research?json"
 ABUSE="https://api.abuseipdb.com/api/v2/blacklist"
-abuse_key="INERT_YOUR_API_KEY_HERE"
+abuse_key="INSERT_YOUR_API_KEY_HERE" #https://www.abuseipdb.com/account/api