nextcloud/suspicious_login

New login location detected email messages

dln949 opened this issue · 1 comments

dln949 commented

Nextcloud 25, Suspicious Login app 4.2.1.

For the first time ever I started seeing these emails coming, even though I've had the Suspicious Login app installed on Nextcloud for a long time, I don't recall for how long. I have a couple questions:

  1. The emails are being sent from my Nextcloud server to a family member. I don't understand this at all, why would they be sent to that person? (There are no secrets between us, but this person doesn't even know what a Nextcloud is.) So I don't know how to figure out why these emails are being sent to that person's email address.

  2. The other thing is, this being the first time I'm seeing this email, I don't know what it is telling us. Here is the text of the email message: "New login location detected / A new login into your account was detected. The IP address 192.168.1.1 was classified as suspicious. If this was you, you can ignore this message. Otherwise you should change your password."

    2a) When it says "A new login into your account was detected", which account is it talking about: Someone logged into my Nextcloud server, or that someone logged into my family member's email account with the email provider? I don't know how to interpret which "account" is being discussed.

    2b) The IP address of 192.168.1.1 is the internal IP address within my home's LAN for my router. Nothing has changed with that router. Why would that router's IP address suddenly become a suspicious IP address?

Thanks in advance for helping to clear up my confusion. Or, to explain to me what I'm doing wrong with the implementation of the Suspicious Login app on my Nextcloud server.

P.S.: I did not not set up my Nextcloud server, someone else who knows that stuff did that for me, that's why I'm not a Nextcloud expert.

ChristophWurst commented

If you don't want the emails then disable the app. The emails ensure that an affected user gets notified about a suspicious login. If there is no notification, the app is effectively pointless. Hope that makes sense.

Why would that router's IP address suddenly become a suspicious IP address?

It probably means that the user has previously logged in from a different IP and the system sees the local IP for the first time.