fbchat-dev / fbchat

Facebook Chat (Messenger) for Python
https://fbchat.readthedocs.io
BSD 3-Clause "New" or "Revised" License
1.19k stars 412 forks source link

"Device Logged in From Unknown Location" Error #236

Open madsmtm opened 6 years ago

madsmtm commented 6 years ago

Usually, when attempting to log in on an external server, with an IP that's different from the ones you usually use, you get blocked, and you recieve an email a little while later explaining that the login attempt has been blocked. Though I realise that this is a very good security feature, I'm wondering whether and how you would then go about logging in to Facebook on an external server.

My solution, which is currently untested, would be to send a set of working session cookies to the server as well, and use those to "verify" the IP, and then you would be able to subsequently login. Though I have a feeling that this may not be entirely possible, and that we may have to add some functionality to fbchat to make this possible (For example if Facebook requires that you retype your password when changing IP)

3dluis commented 6 years ago

When this happens, go to Facebook through the browser with the account and I will inform you that such equipment I try to access your account. You have to give him permissions so he can access again.

madsmtm commented 6 years ago

Thanks for this tip, I'll try it out when I get the time!

TimLChan commented 6 years ago

I've had an account locked because of the issue you mentioned thanks to heroku's rotating IPs.

Though I realise that this is a very good security feature, I'm wondering whether and how you would then go about logging in to Facebook on an external server.

I alluded to it on this issue - https://github.com/carpedm20/fbchat/issues/225#issuecomment-340240855.

Based on my experience, if the server IP is in the same city as you and you're using the same useragent as how you would normally, it wouldn't trigger FB's checkpoint. Assuming the external server is a VPS or something with a linux shell, the easiest way to make sure you don't get FB Checkpoint is to spin up OpenVPN on the external server and log in using a trusted browser.

EDIT: 9 Jan On whether it's possible to automate this, it very well can be done, however there are a few cases where it's not possible, e.g. when you need to upload your ID to get the account unlocked, or upload a recent picture so they can match it. There can be some code added to extract the required parameters and flows to automatically enable access.

My solution, which is currently untested, would be to send a set of working session cookies to the server as well, and use those to "verify" the IP, and then you would be able to subsequently login.

I'm not sure if this is still the case, but when you login and it the server/ip triggers FB Checkpoint, your main session (Assuming you're logged in and have a tab on FB) would also get redirected to the checkpoint, which you'll have to clear.

fekga commented 6 years ago

I have a related issue. I saved my session cookies but when I tried to reload the saved dict of cookies there was an error. My question is how do I turn this off so that I only have to verify my identity once?

gauchoarg commented 6 years ago

any solution here? yesterday the bot block my fb account!

Cheers,

TimLChan commented 6 years ago

any solution here? yesterday the bot block my fb account!

I haven't been able to find a way to fully automate checkpoints (because some require changing password and sometimes even ID verification). I haven't been able to parse those scenarios because I haven't encountered those yet.

Another method that might work is to increase the timeout between retries to 30s/1minute to allow you to manually clear the checkpoint?

However, if you have access to the server where you're running the bot, set up openVPN or any other VPN/Proxy solution on it and clear the checkpoints and it will be fine - see https://github.com/carpedm20/fbchat/issues/225#issuecomment-340240855

YannickGibson commented 4 years ago

Any better solution? My server, where I am loggining from is changing ip every time. (free hosting)