Integrations

Connect AbuseTrack to the security tools you already run. A couple of minutes, one command.

Every integration speaks the same public API. Point your firewall or intrusion-prevention tool at it and it works both ways: you report the attackers you catch back to the community, and you block the IPs everyone else flagged.

fail2ban logo

fail2ban

Reports abuse

Bans on your Linux box, reported automatically.

Every IP fail2ban bans (SSH brute-force and any jail you wire up) is reported to AbuseTrack, flagged with the threat and a short note on what the attacker did. Report-only by default: it never touches your firewall unless you ask it to.

One command installs the reporter, the fail2ban action and an sshd jail, then verifies your key.

Install
curl -fsSL https://abusetrack.io/integrations/fail2ban/install.sh | \
  AT_API_KEY=your_api_key AT_API_URL=https://abusetrack.io bash
Full guide Needs an API key from your account.
CrowdSec logo

CrowdSec

Reports abuse Blocks threats

Report what CrowdSec catches, block what the community flags.

Works both ways. The installer reports every IP CrowdSec bans locally (WordPress brute-force, scanners, CVE probes) to AbuseTrack. And you can pull the community blocklist straight into CrowdSec, so flagged IPs get blocked by your bouncers on top of CrowdSec's own scenarios.

Report bans

A cron job forwards new local decisions to AbuseTrack. It only reports your own detections, so anything you pull from the community feed is never reported back.

Install
curl -fsSL https://abusetrack.io/integrations/crowdsec/install.sh | \
  AT_API_KEY=your_api_key AT_API_URL=https://abusetrack.io bash

Consume the blocklist

Pull the community blocklist as plain text and import it as CrowdSec decisions, or subscribe to the URL in the CrowdSec console.

curl -fsSL -H "Authorization: Bearer your_api_key" \
  "https://abusetrack.io/api/v1/blocklist.txt?score=60&comments=0"
Full guide Needs an API key from your account.
UniFi logo

UniFi

Reports abuse

What your UniFi gateway catches, reported.

Point your UniFi gateway's syslog at a small listener. Every Threat Management (IDS/IPS) detection and firewall drop with an external attacker IP is reported to AbuseTrack. Report-only, runs as a service, standard-library Python with no pip installs.

One command installs the syslog listener as a systemd service. Then point UniFi's Activity Logging (Syslog) at it and enable Security Detections.

Install
curl -fsSL https://abusetrack.io/integrations/unifi/install.sh | \
  AT_API_KEY=your_api_key AT_API_URL=https://abusetrack.io LISTEN_PORT=514 bash
Full guide Needs an API key from your account.

Any other tool

Reports abuse Blocks threats

It all runs on a small REST API: submit reports, look up an IP, or pull the blocklist feed. Wire it into your SIEM, a firewall or a script in a few lines.

Read the API docs