|
Runbox Forum Everything related to Runbox should go here: suggestions, comments, complaints, questions, technical issues, etc. |
|
Thread Tools |
22 Feb 2010, 11:14 PM | #1 |
Senior Member
Join Date: Feb 2010
Posts: 107
|
login security
Hello,
I was setting up an alternative sender address the other day and -due to a typo- entered a wrong email address. Can the owner of that address -to which obviously a confirmation link was sent now- use that link to gain unauthorised access to my mailbox? BTW, listing *all* logins *and all* failed login attempts with timestamp and IP of the last week or two, including those via IMAP and POP, would greatly improve traceability of whatever is going on with one's account. I have noticed that such a list has already been implemented in the account settings section, but doesn't seem to be in operation yet. Cheers and regards, gecko Last edited by gecko : 22 Feb 2010 at 11:24 PM. |
22 Feb 2010, 11:22 PM | #2 |
Ultimate Contributor
Join Date: Dec 2001
Location: Canada.
Posts: 10,355
|
I don't use Runbox gecko but while you wait for a reply, I would (if it were me) at least change my password.
|
22 Feb 2010, 11:36 PM | #3 |
Senior Member
Join Date: Feb 2010
Posts: 107
|
David,
Thanks for the hint. Good point, even though I added the correct alternative sender address now and it seems that when you click the link that you're sent, you have to enter your ID and password to make it take effect. However, it would be great if an RB rep could officially dispel my worries . Thanks, gecko |
24 Feb 2010, 02:04 AM | #4 |
The "e" in e-mail
Join Date: Sep 2001
Location: Oslo, Norway
Posts: 2,938
Representative of:
Runbox.com |
gecko,
The confirmation link is only used to verify the owner of the alternative address. To access your Runbox account you always have to log in with your username and password. So no need to worry! Also, we have added a list of the last Webmail logins under Account, as you have noticed. We have extended it today with IP to domain lookups, and we plan to add failed logins too. - Geir |
24 Feb 2010, 04:38 PM | #5 |
Senior Member
Join Date: Feb 2010
Posts: 107
|
Geir,
Thanks for the reply. Just as a suggestion: showing POP/IMAP access in that list would be nice as well. It would be even nicer if one could enable/disable POP/IMAP access in my account control panel, ie only allowing HTTP if they're disabled. Regards, gecko |
25 Feb 2010, 02:33 AM | #6 |
Essential Contributor
Join Date: Nov 2007
Posts: 236
|
Geir:
For some reason it only occasionally logs my log in attempts. I normally log in using the following because it's quicker loading etc: https://secure.runbox.com/mail which forwards to https://secure.runbox.com/login.ttml...x.com:443/mail But then logging in doesn't create an entry in that table you mentioned. |
25 Feb 2010, 09:18 PM | #7 |
Senior Member
Join Date: Feb 2010
Posts: 107
|
The login history works for me in that it does list all logins. However, once the DNS lookup is performed, the timestamp changes (maybe to GMT?).
One more thing -- just to mention it and meant as something to ponder about: If a malicious person succeeded in breaking into your account and intentionally performed five futile attempts thereafter, no one would notice it as the login history would only show the five failed login attempts... One would probably have to list all (failed) logins of the last week or two to prevent that from happening. Anyway, I do admit that this issue probably doesn't have top priority. Regards, gecko |
26 Feb 2010, 06:20 PM | #8 |
Junior Member
Join Date: Jan 2009
Posts: 28
Representative of:
Runbox.com |
That was because the timestamp-field was set to auto-update, so that when the location is updated the timestamp is also updated. Problem fixed!
|
18 Mar 2010, 11:56 PM | #9 |
Senior Member
Join Date: Feb 2010
Posts: 107
|
Hi,
I just noticed that logging in from secure.runbox.com does not create a login history entry but doing so from beta.runbox.com does. Anyone else who observed this behaviour? Does the login history also cover logins through POP/IMAP? Regards, gecko |
19 Mar 2010, 04:03 PM | #10 |
Cornerstone of the Community
Join Date: Sep 2005
Location: Oslo, Norway
Posts: 555
Representative of:
Runbox.com |
The system only records Webmail logins. Other types of attacks is monitored by our sysadmins.
Kim |
23 Apr 2010, 09:25 PM | #11 | |
Senior Member
Join Date: Feb 2010
Posts: 107
|
thread bump: login history erratic
Quote:
Today I noticed once more that only logging in from secure.runbox.com creates an entry in the login history in the account section whereas doing so from secure.runbox.com does not create an entry. IMO this renders the login history rather unreliable. Regards, gecko |
|