X
Nhấn vào đây để đến phiên bản di động của trang web.

Diễn đàn trợ giúp

Can i view exact IP / location from which someone tried to sync my profile ?

Được đăng

So, i've just received an email that someone "signed in to my account with Firefox 18 on 2016-06-23 15:18 UTC" Can i get info which IP/location was used while doing so ? I've already changed my password, but knowing that emails come with some delay and all you need is just a few seconds to sync all your passwords id say its a pretty bad thing..

So, i've just received an email that someone "signed in to my account with Firefox 18 on 2016-06-23 15:18 UTC" Can i get info which IP/location was used while doing so ? I've already changed my password, but knowing that emails come with some delay and all you need is just a few seconds to sync all your passwords id say its a pretty bad thing..

Chi tiết hệ thống bổ sung

Phần bổ trợ đã cài đặt

  • Citrix Online App Detector Plugin
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Next Generation Java Plug-in 11.25.2 for Mozilla browsers
  • Shockwave Flash 21.0 r0
  • 5.1.41212.0

Ứng dụng

  • Chuỗi đại diện người dùng: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0

Thông tin chi tiết

FredMcD
  • Top 10 Contributor
4272 giải pháp 59923 câu trả lời
Được đăng

I've called the big guys to help you. Right now, change All of your passwords Everywhere. Also, confirm your e-mail address at those sites just in case.

I've called the big guys to help you. Right now, change '''All''' of your passwords '''Everywhere.''' Also, confirm your e-mail address at those sites just in case.
jscher2000
  • Top 10 Contributor
8799 giải pháp 71970 câu trả lời
Được đăng

That's strange. The Sync system changed in 2014 when Firefox 29 was released, and Firefox 18 shouldn't be able to connect to it.

Perhaps the device did not identify itself honestly and is actually running Firefox 29 or newer.

Or perhaps this message refers to a web login?

Or... could it be a phishing message? Can you detect anything suspicious about the links in the message?

That's strange. The Sync system changed in 2014 when Firefox 29 was released, and Firefox 18 shouldn't be able to connect to it. Perhaps the device did not identify itself honestly and is actually running Firefox 29 or newer. Or perhaps this message refers to a web login? Or... could it be a phishing message? Can you detect anything suspicious about the links in the message?

Người tạo câu hỏi

here is entire message source: x-store-info:J++/JTCzmObr++wNraA4Pa4f5Xd6uensWQjutc4PB1BMbh5SZmWvZ70i1lWkYdt0DrxE+ovew//zUDQo9zq0ht8DBiByMVbF19w9CwT6WM4qPW0YJ3qGk2oz4i5SJeb58O8z1SneS8A= Authentication-Results: hotmail.com; spf=pass (sender IP is 54.240.27.83; identity alignment result is fail and alignment mode is relaxed) smtp.mailfrom=010101557dd6f652-41863e4c-26ba-491e-811a-98d5d1f5e7d4-000000@us-west-2.amazonses.com; dkim=pass (identity alignment result is pass and alignment mode is relaxed) header.d=firefox.com; x-hmca=pass header.id=accounts@firefox.com X-SID-PRA: accounts@firefox.com X-AUTH-Result: PASS X-SID-Result: PASS X-Message-Status: n:n X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w X-Message-Info: NhFq/7gR1vRwaSZwDIomdtH61ngqAz2tQIJh5cBSqeJPKy6DBE4hg8toFIO0/06SxyKCPgQSEC+QDKaxfjtVDwWUvsOg9znUXhR9JzLs9YEYsYRCS+dBe3gN6wAv9fX1NUCPiuOCtPrIZONmf/ywaj/ECqWUsyZBQt2Z5AWq9i+II9s6yv6PwbxtQHq8ylaDTzf2lh4+Be0Yj30CaLdnN9d/I1gwElLziTNmYV8qIGO9hMQNaW/5Ng== Received: from a27-83.smtp-out.us-west-2.amazonses.com ([54.240.27.83]) by COL004-MC5F23.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143); Thu, 23 Jun 2016 08:18:09 -0700 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6ujb3doj4mwbngmp2xjutilwl4zbdio3; d=firefox.com; t=1466695087; h=Date:Message-Id:From:To:Subject:Content-Type:MIME-Version; bh=4tZOI5IcIJH6KzuihozeMA2mRiGeX0f33OqP00JWvEQ=; b=U1FY935Tju9bVHueEijnMqjSI0Gv5WVCSLnTD+H4uow7hwyFf9xEv1Vt7WT3j8fN iB/twgDrYj+l1dCqvMgpg0/tVDky8udiGhHvw62kBuPhQ5Kk3iiel8Qhl7ZO5L0HQog pDelB8Fvtox0Or8OksG1x+xzOI42SaHRDoErrnkc= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1466695087; h=Date:Message-Id:From:To:Subject:Content-Type:MIME-Version:Feedback-ID; bh=4tZOI5IcIJH6KzuihozeMA2mRiGeX0f33OqP00JWvEQ=; b=lXB7ldM2ttEo1Rekv0AapBZqJNlioSiskpkbvYDquHZS58hsFweC254htjLbmQvL Z+1ccqxI1zAHgtvJ1VYeaTNpWiiTr6E4KmPCTWw9abAbDaNk2hJfE38JOsTB0I11sgw T0zr5QV8Truu/w0aCWV90aMhu4dFUAR8PXl2ipUA= X-Mailer: Nodemailer (0.7.1; +http://github.com/andris9/nodemailer;

smtp/0.3.35)

Date: Thu, 23 Jun 2016 15:18:07 +0000 Message-ID: <010101557dd6f652-41863e4c-26ba-491e-811a-98d5d1f5e7d4-000000@us-west-2.amazonses.com> Content-Language: en X-Link: https://accounts.firefox.com/settings/change_password?email=<myemailhere> From: "Firefox Accounts" <accounts@firefox.com> To: <myemailhere> Subject: New sign-in to Firefox Content-Type: multipart/alternative;

boundary="----Nodemailer-0.7.1-?=_1-1466695087524"

MIME-Version: 1.0 X-SES-Outgoing: 2016.06.23-54.240.27.83 Feedback-ID: 1.us-west-2.9obwqSuHxAmNPKpejVDo3cEAmnSHOVLO3+B/64gdyXQ=:AmazonSES Return-Path: 010101557dd6f652-41863e4c-26ba-491e-811a-98d5d1f5e7d4-000000@us-west-2.amazonses.com X-OriginalArrivalTime: 23 Jun 2016 15:18:09.0276 (UTC) FILETIME=[73252BC0:01D1CD62]


Nodemailer-0.7.1-?=_1-1466695087524

Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable

New sign-in to Firefox

Firefox 18 2016-06-23 15:18 UTC

This is an automated email; if you didn't add a new device to your = Firefox Account, you should change your password immediately at = https://accounts.firefox.com/settings/change=5Fpassword=3Femail=3D<myemailhere>. For more information, please visit https://support.mozilla.= org/kb/im-having-problems-with-my-firefox-account

Mozilla. 331 E Evelyn Ave, Mountain View, CA 94041 Mozilla Privacy Policy https://www.mozilla.org/privacy


Nodemailer-0.7.1-?=_1-1466695087524

Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

<meta =="" charset="3DUTF-8=22" content="3D=22text/html;" http-equiv="3D=22Content-Type=22"> <title>Firefox Accounts</title>

3D=22=22

New sign-in to Firefox

Firefox 18
2016-06-23 15:18 UTC


This is an automated email; if you did not authorize this action, = then '''=22 style=3D=22color: #0095dd; = text-decoration: none; font-family: sans-serif;=22>please change your = password. For more information, please visit Mozilla Support.

Mozilla. 331 E Evelyn Ave,= Mountain View, CA 94041
Mozilla Privacy= Policy


Nodemailer-0.7.1-?=_1-1466695087524--
here is entire message source: x-store-info:J++/JTCzmObr++wNraA4Pa4f5Xd6uensWQjutc4PB1BMbh5SZmWvZ70i1lWkYdt0DrxE+ovew//zUDQo9zq0ht8DBiByMVbF19w9CwT6WM4qPW0YJ3qGk2oz4i5SJeb58O8z1SneS8A= Authentication-Results: hotmail.com; spf=pass (sender IP is 54.240.27.83; identity alignment result is fail and alignment mode is relaxed) smtp.mailfrom=010101557dd6f652-41863e4c-26ba-491e-811a-98d5d1f5e7d4-000000@us-west-2.amazonses.com; dkim=pass (identity alignment result is pass and alignment mode is relaxed) header.d=firefox.com; x-hmca=pass header.id=accounts@firefox.com X-SID-PRA: accounts@firefox.com X-AUTH-Result: PASS X-SID-Result: PASS X-Message-Status: n:n X-Message-Delivery: Vj0xLjE7dXM9MDtsPTE7YT0xO0Q9MTtHRD0xO1NDTD0w X-Message-Info: NhFq/7gR1vRwaSZwDIomdtH61ngqAz2tQIJh5cBSqeJPKy6DBE4hg8toFIO0/06SxyKCPgQSEC+QDKaxfjtVDwWUvsOg9znUXhR9JzLs9YEYsYRCS+dBe3gN6wAv9fX1NUCPiuOCtPrIZONmf/ywaj/ECqWUsyZBQt2Z5AWq9i+II9s6yv6PwbxtQHq8ylaDTzf2lh4+Be0Yj30CaLdnN9d/I1gwElLziTNmYV8qIGO9hMQNaW/5Ng== Received: from a27-83.smtp-out.us-west-2.amazonses.com ([54.240.27.83]) by COL004-MC5F23.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23143); Thu, 23 Jun 2016 08:18:09 -0700 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6ujb3doj4mwbngmp2xjutilwl4zbdio3; d=firefox.com; t=1466695087; h=Date:Message-Id:From:To:Subject:Content-Type:MIME-Version; bh=4tZOI5IcIJH6KzuihozeMA2mRiGeX0f33OqP00JWvEQ=; b=U1FY935Tju9bVHueEijnMqjSI0Gv5WVCSLnTD+H4uow7hwyFf9xEv1Vt7WT3j8fN iB/twgDrYj+l1dCqvMgpg0/tVDky8udiGhHvw62kBuPhQ5Kk3iiel8Qhl7ZO5L0HQog pDelB8Fvtox0Or8OksG1x+xzOI42SaHRDoErrnkc= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1466695087; h=Date:Message-Id:From:To:Subject:Content-Type:MIME-Version:Feedback-ID; bh=4tZOI5IcIJH6KzuihozeMA2mRiGeX0f33OqP00JWvEQ=; b=lXB7ldM2ttEo1Rekv0AapBZqJNlioSiskpkbvYDquHZS58hsFweC254htjLbmQvL Z+1ccqxI1zAHgtvJ1VYeaTNpWiiTr6E4KmPCTWw9abAbDaNk2hJfE38JOsTB0I11sgw T0zr5QV8Truu/w0aCWV90aMhu4dFUAR8PXl2ipUA= X-Mailer: Nodemailer (0.7.1; +http://github.com/andris9/nodemailer; smtp/0.3.35) Date: Thu, 23 Jun 2016 15:18:07 +0000 Message-ID: <010101557dd6f652-41863e4c-26ba-491e-811a-98d5d1f5e7d4-000000@us-west-2.amazonses.com> Content-Language: en X-Link: https://accounts.firefox.com/settings/change_password?email='''<myemailhere>''' From: "Firefox Accounts" <accounts@firefox.com> To: '''<myemailhere>''' Subject: New sign-in to Firefox Content-Type: multipart/alternative; boundary="----Nodemailer-0.7.1-?=_1-1466695087524" MIME-Version: 1.0 X-SES-Outgoing: 2016.06.23-54.240.27.83 Feedback-ID: 1.us-west-2.9obwqSuHxAmNPKpejVDo3cEAmnSHOVLO3+B/64gdyXQ=:AmazonSES Return-Path: 010101557dd6f652-41863e4c-26ba-491e-811a-98d5d1f5e7d4-000000@us-west-2.amazonses.com X-OriginalArrivalTime: 23 Jun 2016 15:18:09.0276 (UTC) FILETIME=[73252BC0:01D1CD62] ------Nodemailer-0.7.1-?=_1-1466695087524 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable New sign-in to Firefox Firefox 18 2016-06-23 15:18 UTC This is an automated email; if you didn&#x27;t add a new device to your = Firefox Account, you should change your password immediately at = https://accounts.firefox.com/settings/change=5Fpassword=3Femail=3D'''<myemailhere>'''. For more information, please visit https://support.mozilla.= org/kb/im-having-problems-with-my-firefox-account Mozilla. 331 E Evelyn Ave, Mountain View, CA 94041 Mozilla Privacy Policy https://www.mozilla.org/privacy ------Nodemailer-0.7.1-?=_1-1466695087524 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC =22-//W3C//DTD XHTML 1.0 Transitional//EN=22 = =22http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd=22> <html xmlns=3D=22http://www.w3.org/1999/xhtml=22> <head> <meta http-equiv=3D=22Content-Type=22 content=3D=22text/html; = charset=3DUTF-8=22 /> <title>Firefox Accounts</title> </head> <body style=3D=22-ms-text-size-adjust: 100%; -webkit-text-size-adjust: = 100%; margin: 0; padding: 0;=22> <table align=3D=22center=22 border=3D=220=22 cellpadding=3D=220=22 = cellspacing=3D=220=22 width=3D=22310=22 style=3D=22-webkit-text-size-adjust= : 100%; border-collapse: collapse; mso-table-lspace: 0pt; mso-table-rspace:= 0pt; width: 310px; margin: 0 auto;=22> <!--Logo--> <tr style=3D=22page-break-before: always=22> <td align=3D=22center=22 id=3D=22firefox-logo=22 style=3D=22padding: 20px= 0;=22> <img src=3D=22http://image.e.mozilla.org/lib/fe9915707361037e75/m/2/fxl= ogojg.gif=22 height=3D=2295=22 width=3D=2288=22 alt=3D=22=22 = style=3D=22-ms-interpolation-mode: bicubic;=22 /> </td> </tr> <!--Header Area--> <tr style=3D=22page-break-before: always=22> <td valign=3D=22top=22> <h1 style=3D=22font-family: sans-serif; font-weight: normal; margin: 0 = 0 24px 0; text-align: center;=22>New sign-in to Firefox</h1> <p class=3D=22primary=22 style=3D=22font-family: sans-serif; font-size:= 14px; font-weight: normal; margin: 0 0 12px 0; text-align: = center;=22>Firefox 18<br/>2016-06-23 15:18 UTC</p> </td> </tr> <tr style=3D=22page-break-before: always=22> <td border=3D=220=22 cellpadding=3D=220=22 cellspacing=3D=220=22 = height=3D=22100%=22 width=3D=22100%=22> <br/> <p class=3D=22secondary=22 style=3D=22font-family: sans-serif; = font-weight: normal; margin: 0 0 12px 0; text-align: center; color: = #8A9BA8; font-size: 11px; line-height: 13px; width: 310px !important; = word-wrap:break-word=22> This is an automated email; if you did not authorize this action, = then <a href=3D=22https://accounts.firefox.com/settings/change=5Fpassword= =3Femail=3D'''<myemailhere>'''=22 style=3D=22color: #0095dd; = text-decoration: none; font-family: sans-serif;=22>please change your = password.</a> For more information, please visit <a = href=3D=22https://support.mozilla.org/kb/im-having-problems-with-my-firefox= -account=22 style=3D=22color: #0095dd; text-decoration: none; font-family: = sans-serif;=22>Mozilla Support</a>. </p> </td> </tr> <tr style=3D=22page-break-before: always=22> <td valign=3D=22top=22> <p style=3D=22font-family: sans-serif; font-weight: normal; margin: 0; = text-align: center; color: #8A9BA8; font-size: 11px; line-height: 13px; = width: 310px !important; word-wrap:break-word=22>Mozilla. 331 E Evelyn Ave,= Mountain View, CA 94041 <br /> <a href=3D=22https://www.mozilla.org/privacy=22 style=3D=22color: = #0095dd; text-decoration: none; font-family: sans-serif;=22>Mozilla Privacy= Policy</a></p> </td> </tr> </table> </body> </html> ------Nodemailer-0.7.1-?=_1-1466695087524--
jscher2000
  • Top 10 Contributor
8799 giải pháp 71970 câu trả lời
Được đăng

The link looks legit. Still hard to understand that the other device identified itself as Firefox 18. ??

The link looks legit. Still hard to understand that the other device identified itself as Firefox 18. ??

Người tạo câu hỏi

well, that was the reason why i've asked is there any chance to get IP/location of the device which tried to log in.. because it looks all legit to me as well...

well, that was the reason why i've asked is there any chance to get IP/location of the device which tried to log in.. because it looks all legit to me as well...
jscher2000
  • Top 10 Contributor
8799 giải pháp 71970 câu trả lời
Được đăng

I don't know. If you didn't already get that information in the email, it might not be publicly available. What I mean is, it might only be logged on the web server and not recorded in the account interface anywhere.

I don't know. If you didn't already get that information in the email, it might not be publicly available. What I mean is, it might only be logged on the web server and not recorded in the account interface anywhere.
rfkelly 2 giải pháp 45 câu trả lời
Được đăng

Hi Scr34mik, Firefox Accounts developer here. I'm sorry to say, it sounds like there most likely was an unauthorized access on your account - unfortunately we see these from time to time if e.g. your account password is re-used on other websites that have suffered a data breach [1].

I see that you've already changed your account password, which is great. If you stored other passwords in Firefox Sync, I would recommend changing those passwords as well as described in [2].

In terms of learning what IP accessed your account, we can dig into the server logs if you file a bug at [3] and let us know the email address used on the account. Since it's sensitive log information, we'll need to discuss it in a private bug rather than on the support forum.

We're also working on making such information more easily accessible, by including it in the "new sign-in" notification email directly, and by providing a simple dashboard where you can review the security history of your account. We hope to have this features shipping soon.

[1] https://blog.mozilla.org/services/2016/04/09/stolen-passwords-used-to-break-into-firefox-accounts/ [2] https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-and-import#w_viewing-and-deleting-passwords [3] https://bugzilla.mozilla.org/enter_bug.cgi?product=Cloud%20Services&component=Server:%20Firefox%20Accounts

Hi Scr34mik, Firefox Accounts developer here. I'm sorry to say, it sounds like there most likely was an unauthorized access on your account - unfortunately we see these from time to time if e.g. your account password is re-used on other websites that have suffered a data breach [1]. I see that you've already changed your account password, which is great. If you stored other passwords in Firefox Sync, I would recommend changing those passwords as well as described in [2]. In terms of learning what IP accessed your account, we can dig into the server logs if you file a bug at [3] and let us know the email address used on the account. Since it's sensitive log information, we'll need to discuss it in a private bug rather than on the support forum. We're also working on making such information more easily accessible, by including it in the "new sign-in" notification email directly, and by providing a simple dashboard where you can review the security history of your account. We hope to have this features shipping soon. [1] https://blog.mozilla.org/services/2016/04/09/stolen-passwords-used-to-break-into-firefox-accounts/ [2] https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-and-import#w_viewing-and-deleting-passwords [3] https://bugzilla.mozilla.org/enter_bug.cgi?product=Cloud%20Services&component=Server:%20Firefox%20Accounts

Người tạo câu hỏi

Hello rfkelly, thank you for posting an answer. I've created a new bug report with number 1283084.

Id also like to add that Mozilla need to add 2 step verification with mobile phone to each sign in to firefox sync...

Hello '''rfkelly''', thank you for posting an answer. I've created a new bug report with number 1283084. Id also like to add that Mozilla need to add 2 step verification with mobile phone to each sign in to firefox sync...
rfkelly 2 giải pháp 45 câu trả lời
Được đăng

We are indeed working on adding 2FA, in two stages. The first will be simply an email confirmation loop where you need to click a link to confirm each new signin to sync. Once we have that flow working well and in a backwards-compatible manner, we will move towards adding additional methods of verification such as via mobile.

We are indeed working on adding 2FA, in two stages. The first will be simply an email confirmation loop where you need to click a link to confirm each new signin to sync. Once we have that flow working well and in a backwards-compatible manner, we will move towards adding additional methods of verification such as via mobile.