False message of 2nd authentication step to this forum

albert_a · Mar 27, 2020

Hello,

I received a message of 2nd authentication step to this forum. But I didn't logged in to this forum. The forum hasn't even been opened in the browser.
It's strange that the IP address shown in the message is mine...

The message was created at: Fri, 27 Mar 2020 12:52:09 +0000
The message was received at: Fri, 27 Mar 2020 12:52:10 +0000
The message:

albert_a,

To complete the login to your account (or to complete two-step verification setup) at Proxmox Support Forum, you must enter the following code:

756334
This code is valid for 15 minutes.

The login was requested via the IP XXX.XX.XX.XX. If you did not initiate this request, you should change your password urgently.

My laptop OS is recently installed, secure, minimal set of software..
Can administrators of the forum provide some more information on this login attempt?
Maybe client's browser/OS or some other HTTP headers or any useful information from the forum server logs.

Thanks.

Alwin · Mar 31, 2020

Certain browsers (or other software) can also start in the background. The email may also have been from an earlier attempt and just wasn't yet received by the mail server or client.

In any case, it is not a good idea to have a second factor send by email. Both systems are online accessible. Better use a local TOTP software, best without online access.

And if you are in doubt, being it your login, change your password and token.

albert_a · Mar 31, 2020

Alwin said:
Certain browsers (or other software) can also start in the background. The email may also have been from an earlier attempt and just wasn't yet received by the mail server or client.

It is very strange, because I didn't log on to the forum neither that day nor several days before. Probably I logged on before from insecure computer that is located within the network I currently connected, that's why I see my IP address. I'm asking for the server logs info to be sure.

Alwin said:
In any case, it is not a good idea to have a second factor send by email. Both systems are online accessible. Better use a local TOTP software, best without online access.

Thanks for the advice.

Alwin said:
And if you are in doubt, being it your login, change your password and token.

I did it of cause.

Alwin · Mar 31, 2020

albert_a said:
It is very strange, because I didn't log on to the forum neither that day nor several days before. Probably I logged on before from insecure computer that is located within the network I currently connected, that's why I see my IP address. I'm asking for the server logs info to be sure.

Since the email had your IP, it is confirmed that the request came from your network.

As another measure, you can "kick" all other devices. So, they will require the TOTP again. Go to your account settings and click on 'Password and Security'. Then hit 'change' on the 'Two-step verification'. On the bottom you can find the button to not trust other devices anymore.

albert_a · Mar 31, 2020

Alwin said:
As another measure, you can "kick" all other devices. So, they will require the TOTP again. Go to your account settings and click on 'Password and Security'. Then hit 'change' on the 'Two-step verification'. On the bottom you can find the button to not trust other devices anymore

It's done already.

Alwin said:
Since the email had your IP, it is confirmed that the request came from your network.

Of cause it confirms network, it's clear. I need to confirm host.

Search

Search

False message of 2nd authentication step to this forum

albert_a

Well-Known Member

Alwin

Proxmox Retired Staff

albert_a

Well-Known Member

Alwin

Proxmox Retired Staff

albert_a

Well-Known Member