When I read first about fail2ban, it just made sense by remembering the number of accesses to ssh ports and not only. Then I found the GeoIp extension which made more sense, although the attacks can circumvent the geographic boundaries.
Then I realized that posting those IP addresses somewhere with an updated activity on external addresses will make them quite visible and even may deter them to unleash scripts on any computer.
Is anybody interested in creating a repository where IPs will be published of the attacks on web-sites, like a black repository?
I already foresee problems as the publishers should back-up their claim with some proofs that the attacks happened.