mautrix / facebook

A Matrix-Facebook Messenger puppeting bridge
https://matrix.to/#/#facebook:maunium.net
GNU Affero General Public License v3.0
390 stars 66 forks source link

Login failure #236

Open ethindp opened 2 years ago

ethindp commented 2 years ago

So I recently updated my bridge and then FB required that I change my password, so I did that. Then I logged in via the web interface and now the bridge is malfunctioning: its not syncing messages, and when I tell it to login again it says I'm already logged in. But when I use the ping command, logout, etc., it says that that command "requires that I be logged in". This makes absolutely no sense: either I'm logged in or I'm not; there's no "half-way logged in". What can I do to resolve this problem?

evoL commented 2 years ago

I have the same issue. After logging into the bridge, FB also asks me to verify my account when I log in separately.

Not sure if I do this right, but I can re-login by clearing the user_portal table (there's only one row anyway) and setting the fbid and state columns to null.

However, none of my portal rooms work. The bot is not invited to any of them and there are log messages complaining about this.

Any ideas?

amstan commented 2 years ago

My account has been getting suspended recently too. I essentially have to change my password every few days now and go through an inane security check that says it found nothing changed (duh).

danastasio commented 2 years ago

I am having the same problem @amstan. I think the bridge is triggering FB to lock our accounts. I'm afraid it will eventually ban our accounts unless this is addressed.

ethindp commented 2 years ago

I only had to go through the check once so far, but what I'm curious about is what its doing to trigger the check. If it bans our accounts after a certain number of triggers (which we don't know because of ridiculous "corporate secrecy", at least from what I know), recovering them will become almost impossible.

danastasio commented 2 years ago

@ethindp that's exactly my concern. I lost my IG account because I used a third-party, open source client (Barinsta). I don't care about IG, but I do care about my FB account and I would prefer not to lose it because of this bridge. Perhaps it would be better to stop using it until this is cleared up?

Just-Insane commented 2 years ago

I'm also seeing this issue.

Have you stopped using the bridge for the time being?

derhagen commented 2 years ago

now, I receive messages but sent messages are ignored. it might be relevant that after the required password change, at first, I accidentally used a wrong email address to log myself in from matrix. @tulir, any ideas for a workaround?

MrRoy commented 2 years ago

I added 2FA to my Facebook account, and after re-logging in to the bridge and providing the 2FA code, it seems to be working fine for me, now.

derhagen commented 2 years ago

after one more reboot, it's working here, as well, by now

Just-Insane commented 2 years ago

I have 2FA on my Facebook account and still had this issue.

immanuelfodor commented 2 years ago

After the bridge triggers a password reset, and I try to login with the new password in the bridge, I need to restart the container (kill the pod) to make it work. After the restart, it says I'm logged in fine.

However, I need to change my FB password 1-2 times a week as FB thinks "someone may have accessed my account without my permission". It's been not only annoying but I fear it could result in account termination if this continues.

Should I configure the "virtual app" other than the default settings to make it more unique or looking more real than the defaults provided?

rom4nik commented 2 years ago

I've had 2FA enabled already, but to avoid getting forced logouts I had to logout bridge, clear old sessions created by bridge on Facebook site and log back in. It seems that Facebook doesn't like it when bridge reuses device config multiple times, e.g. when you wipe bridge's data from database without logging out, which is what I was doing during testing.

immanuelfodor commented 2 years ago

I'm not experiencing such duplicated sessions, I only have one from the bridge:

image

I just feel the Pixel 3 might be a little bit outdated :D should I modify any of the values below? Does everyone have the same device seed? Should I change it? What is the ODN region? Why am I on Verzion network when it is not present in my country? Vhat is hni?

facebook:
    device_seed: XXXXXXXXXXXXXXXXXXXXXXXXXX
    default_region_hint: ODN
    connection_type: WIFI
    carrier: Verizon
    hni: XXXXXX
immanuelfodor commented 2 years ago

This is getting scary: now my account has got locked, and I needed to do an SMS code verification to restore it, then the usual password reset. I've almost got used to the weekly random password changes but this new lockout until phone/email verification is new. How log can this go on until further restrictions will apply?

derhagen commented 2 years ago

@immanuelfodor I've heard about the need for a second factor after so and so many "incidents", so that doesn't seem to be unusual. what's strange for me however is the frequency you have to change your password. I only had to do it once after some months of using the bridge. Are there any other things going on from the IP of your bridge? Is it a shared IP, IPv6 only or often changing IP? I have a static IPv4 in the same country I live in, so that probably doesn't look too suspicious for facebook.

immanuelfodor commented 2 years ago

I have a PPPoE internet connection that alternates a few IP addresses from the same pool everytime the router reboots and reconnects. Do you think this is the main reason behind it? I need to change passwords almost every week.

I checked the last three cases, and today I got a new IP address then I needed to change the passwords, but back on 23 May, I needed to change passwords before the IP change (lockout at 03:14, IP change at 20:00), and on or before 16 May there weren't any IP changes but I still needed to reset the password, so I don't see any pattern here connected to the bridge's external IP.

Additional info: everytime I get blocked, the bridge loses connection and retries furiously. I don't know if the block happens because of the many retrials or the bridge retries because I get blocked. Chicken and egg problem, but it might be a hint for somebody.

SmartSelect_20220531-172512_Element

derhagen commented 2 years ago

@immanuelfodor I can only guess, and probably no one knows precisely how facebook's internal decision logic works -- if there is an entirely rule-based logic at all. If I were you I'd try to use a VPN from the bridge and use a static IP for a while. It could also be that your limited pool of IP addresses has been blacklisted. Did you ever run a tor exit node, were part of a botnet or try to scrape facebook data? Even if not, someone being assigned addresses from the same IP pool might.

immanuelfodor commented 2 years ago

No, I have never done such thing from your list. I'm patiently waiting for the next lockout 😃

ethindp commented 2 years ago

So there's something new and unusual FB is doing now that yall should be aware of.

Recently I migrated my server to a new IP address. I logged my bridge out of FB because I thought it might've broke (but that was a DNS problem because of docker, urg). Anyway, something new that I've discovered is that you need to take logins slow. Like really, really slow. If you go "too fast" (whatever that means, Facebook is very opaque about that), it'll block your bridge for a while and you'll have to wait an unspecified amount of time to try again. This isn't the only place that FB does this, and to say its annoyign users is an understatement, but they're doing it anyway and, in typical FB style, not giving a damn about how it affects users. But thought I'd let yall know in case you suffer this.

immanuelfodor commented 2 years ago

you need to take logins slow

Specifically, how to take logins slow when the bridge is logged in all the time? Then pooof, it's not, the account got locked. There were no quick logins that I know of.

ethindp commented 2 years ago

By that I meant if you've logged your bridge out and logged it back in, or are logging it in for the first time.

Samgarr commented 2 years ago

I have same issue. I had to reset my password (not because bridge) and after making login on bridge i can only receive messages, sending do not work. After restarting bridge everything works again.

truenicoco commented 2 years ago

I think it is related to this issue https://github.com/dequis/purple-facebook/issues/474 Also got locked out of my account using maufbapi for a few days, I got my account locked. I haven't tried any further ATM.

xdke commented 2 years ago

This won't fix until someone actually successfully bypassing their Messenger SSL Pinning to reverse engineering at least the packets flow.

BenedictHW commented 1 year ago

My facebook account had 2FA setup and today I was greeted by this when I tried logging in after friends had let me know that they were unable to reach me on facebook messenger. My account had been permanently suspended based on violating community content guidelines.

https://drive.google.com/file/d/1QcM0ykGH-YCFXnvyl7YA-5rAxxPHWjvc/view?usp=sharing

I had experienced the less severe "change your password!" prompts when using libpurple but never something as severe as this. The suspension came out of left field. Like what I imagine are a sizeable portion of folks, I used FB messenger only, haven't made a personal post since 2017.

Am I the only one who has this issue?

pio2398 commented 1 year ago

My account also was locked due to violating community content guidelines related to data access. EDIT: After check account was unlocked.

BenedictHW commented 1 year ago

My account was unlocked as well when I messaged Facebook live chat to attempt to get an explanation. No explanation was offered but the live agent was very helpful and bumped my account up in the queue to get reviewed. My account was unbanned but again restricted today August 7th.

https://imgur.com/a/kmbiN2j

Text below for those who can't view the image:

Restriction Overview Aug 7, 2023 You can’t use or view things on Facebook for 19 hours Why is your account restricted? Your recent activity exceeded a limit for how often you can do certain things on Facebook. Without our prior permission, you may not access or collect data from our products using automated means or attempt to access data you do not have permission to access.

I've reset my password and in facebook settings I've removed a bunch of approved devices under two factor authentication. The docs mention possibly proxying through a residential IP https://docs.mau.fi/bridges/python/facebook/authentication.html

pio2398 commented 1 year ago

I have server with mautrix at home so proxy might not be enough. I received first ban after restart of mautrix (after system reboot). Maybe mautrix send to much request on start?