I am recently getting the following email notification from gitlab after each login:
Hi xxx!
A sign-in to your account has been made from the following IP address: 2a02:8070:87c4:4300:e9c5:5c23:6c65:d515.
If you recently signed in and recognize the IP address, you may disregard this email. If you did not recently sign in, you should immediately change your password. Passwords should be unique and not used for any other sites or services.
I have already changed my password and activated two factor authentication using Google Authenticator on my mobile phone!
Interestingly the ipv6 address reported in email is my machine ip address!
Not sure what’s going wrong…
GitLab 13.0 has been rolled out on GitLab.com already and includes a new feature to actively measure phishing attacks.
From the upcoming release blog post tomorrow:
Users will now receive an email notification when a sign-in using their credentials occurs from a new IP address or device. This new functionality helps users quickly identify potential malicious activity related to their accounts.
It may be the case that the IPv6 address changes for the last octets. However, this sounds like a problem with the IP address detection logic. Please create a new issue for GitLab.com for our support team! Thanks
@mfriedenhagen I have passed your use case along to the correct team at GitLab - thanks for reaching out to us! And welcome to our community forum! Talk soon!
Hi @Linds, we have an inhouse-onpremise solution of GitLab as well and because our VPN gateway seems to provide a new IP via DHCP on every connect, I joyfully expect version 13.2 where this sign-in email feature may be turned off .
This will just return immediately instead of triggering a mail. We do this via sed programmatically because we enhance the CE Docker image with some missing parts anyways (e.g. add the cert of our internal CA).
And welcome to our community forum! Talk soon!
.