Very shortly after getting your public EchoLink proxy up and running, you’ll start to see messages like this in your ELProxy.log file.
Incorrect password challenge received (call=CONNECT 18.4); client disconnected
Ready for new client connection.
Client connected: 209.54.47.204
Incorrect password challenge received (call=GET https://); client disconnected
Ready for new client connection.
Client connected: 209.54.47.204
Incorrect password challenge received (call=CONNECT 204.); client disconnected
Ready for new client connection.
Client connected: 209.54.47.204
Incorrect password challenge received (call=GET https://); client disconnected
Ready for new client connection.
Client connected: 209.54.47.204
Incorrect password challenge received (call=CONNECT 206.); client disconnected
Ready for new client connection.
Client connected: 209.54.47.204
Incorrect password challenge received (call=GET http://w); client disconnected
Ready for new client connection.
Client connected: 209.54.47.204
Incorrect password challenge received (call=CONNECT 184.); client disconnected
Ready for new client connection.
Client connected: 209.54.47.204
Incorrect password challenge received (call=GET http://h); client disconnected
This appears to be a bot looking for open http proxies. The bot seems to be getting IPs and hostnames from the public EchoLink proxy page. Within minutes of starting my proxy I was seeing these messages appear in my log file. Fortunately it’s easy to block these connections using fail2ban. Fail2ban is an application that will parse the contents of a log file and after a predefined number of failed logins, the offending user’s IP address will be blocked via iptables. To install fail2ban, just install via apt.
$ sudo apt install fail2ban
Once fail2ban is installed, you’ll need to add a filter and a jail. To do this, create a file named echolink.conf in your /etc/fail2ban/filter.d/ directory with the following contents.
# fail2ban filter configuration for Echolink proxy
[Init]
maxlines = 2
[Definition]
failregex = ^.* Client connected: <HOST>\n.* Incorrect password challenge received
ignoreregex =
Now add a file called echolink.local in your /etc/fail2ban/jail.d/ directory with the following contents. Replace the path after logpath = with the full path to your ELProxy.log file. I included mine just as an example. You can also edit the bantime variable. The value below is 365 days in seconds. This example assumes you are using ufw instead of iptables. If that is not the case, simply remove the “banaction” line and fail2ban will default to blocking with iptables instead.
[echolink]
enabled = true
port = 8100
filter = echolink
logpath = /home/tony/echolink/ELProxy.log
findtime = 14400
maxretry = 3
bantime = 31536000
banaction = ufw
Now restart fail2ban and you should start to see the robots being banned by fail2ban. You can watch the bans take place in the /var/log/fail2ban.log file.
$ sudo systemctl restart fail2ban
One thing to note is that the configuration vairable “maxlines” was not always available. You will need fail2ban 0.9.1 or higher before this will work as expected. Currently the version in the Ubuntu repositories is 0.11.1-1 so you should have no issues if using Ubuntu 20.04.