Suspicious Login notification whenever logged in (thousands of warnings)

[walhallaRV]

Hi,
I get thousands of warnings in the Log and by email. Everytime it is my own account with the same IP. What exactly is suspicious? Sync with my computer, mobile, files, Calendar, ... every login another notification.

Logfile / Protokoll
"url": "/remote.php/dav/calendars/xxxx/todo/",
"message": "Detected a login from a suspicious login. user=xxxx ip=xxx.xxx.xxx.xxx strategy=ipv4","

Apps configuration)
"Bisher hat die Anwendung 20931 Anmeldungen (eingeschlossen Anwendungsverbindungen) erfasst, von denen 243 eindeutige (IP, UID) Tupel" (20931 logins by 243 IPs).

The best is: "Während der Begutachtung hat das letzte Kriterienmodell (Zeitraum vor 9 Stunden) 91.13900000000001% aller verdächtigen Anmeldungen (Widerruf) erfasst, wohingegen 87.805% der Anmeldungen, die als verdächtig eingestuft wurden, tatsächlich verdächtige Anmeldungen waren" (87.805% suspicious). It means all false positives :(

It is absolutely nonsens because every stupid login was mine with my IP-addresses!

This way a security - app doesnt make sense. Nobody will read all the thousands false warnings anymore and will pass the one real!

Just stress with me myself, thousands of emails and user who ask / complain "Uhhh, what happened? A bad guy logged in my account!" (which was he himself)!

Unfortunately have to deactivate the app if there will not be a propper "research" what is suspicious and a whitelist.

Thx and cu

Walhalla

[ChristophWurst]

Unfortunately have to deactivate the app if there will not be a propper "research" what is suspicious and a whitelist.

Thank you for the feedback

[walhallaRV]

Great response - best solution!