Gitlab login problem - Unknown sign-in from new location

alfie · May 21, 2020, 6:50am

Hello community,

I am recently getting the following email notification from gitlab after each login:

Hi xxx!

A sign-in to your account has been made from the following IP address: 2a02:8070:87c4:4300:e9c5:5c23:6c65:d515.

If you recently signed in and recognize the IP address, you may disregard this email. If you did not recently sign in, you should immediately change your password. Passwords should be unique and not used for any other sites or services.

I have already changed my password and activated two factor authentication using Google Authenticator on my mobile phone!

Interestingly the ipv6 address reported in email is my machine ip address!
Not sure what’s going wrong…

Thanks for your support!
Regards,
Alfie.

dnsmichi · May 21, 2020, 12:26pm

Hi,

GitLab 13.0 has been rolled out on GitLab.com already and includes a new feature to actively measure phishing attacks.

https://docs.gitlab.com/ee/user/profile/unknown_sign_in_notification.html

From the upcoming release blog post tomorrow:

Users will now receive an email notification when a sign-in using their credentials occurs from a new IP address or device. This new functionality helps users quickly identify potential malicious activity related to their accounts.

It may be the case that the IPv6 address changes for the last octets. However, this sounds like a problem with the IP address detection logic. Please create a new issue for GitLab.com for our support team! Thanks

Cheers,
Michael

dnsmichi · June 23, 2020, 4:05pm

Hi,

quick heads up since Discourse says this got quite some URL traction - the issue to follow up here is at

This is actively being worked on, let’s keep our fingers crossed that 13.2 happens

Cheers,
Michael

mfriedenhagen · July 2, 2020, 8:14pm

Hopefully this will be implemented soon. I log in from my mobile phone and via DSL a lot of times and my IP address changes nightly at least.

Linds · July 2, 2020, 9:32pm

@mfriedenhagen I have passed your use case along to the correct team at GitLab - thanks for reaching out to us! And welcome to our community forum! Talk soon!

mfriedenhagen · July 3, 2020, 1:38pm

Hi @Linds, we have an inhouse-onpremise solution of GitLab as well and because our VPN gateway seems to provide a new IP via DHCP on every connect, I joyfully expect version 13.2 where this sign-in email feature may be turned off .

Linds · July 6, 2020, 6:59pm

Roger that! Thanks for the extra context, @mfriedenhagen!

mfriedenhagen · July 17, 2020, 5:35pm

For courageous users of the CE-Omnibus edition who do not want to wait for 13.2:

sed -i -e 's@^  def unknown_sign_in(user, ip, time)$@  def unknown_sign_in(user, ip, time)\n    return\n@' /opt/gitlab/embedded/service/gitlab-rails/app/services/notification_service.rb

This will just return immediately instead of triggering a mail. We do this via sed programmatically because we enhance the CE Docker image with some missing parts anyways (e.g. add the cert of our internal CA).