Keep getting "request blocked" at login

Ryan Kelly rfkelly at mozilla.com
Sat Jun 25 01:18:51 UTC 2016


On 25/06/2016 08:24, Gabriel Ivașcu wrote:
> Hi,
> 
> I am using the fxa-python-client [0] for interacting with the
> fxa-auth-server [1].
> 
> The client has proved very useful in understanding how onepw protocol
> [2] works, but since this morning I keep getting errno 125 when
> posting to the /account/login endpoint (I am using my personal Firefox
> Account's email and password).
> 
> I have to mention that I didn't have this problem the previous days,
> every call to the login endpoint working perfectly. Also, I can log in
> with my Firefox Account from the Sync interface without any problems.
> 
> After looking at the response format [3] I noticed that error number
> 125 means "request blocked for security reasons". So my question is
> why I keep getting this response, what security issues can possibly be
> and how could it be fixed? I tried to search for more details but I
> couldn't find any.

Thanks for reaching out Gabriel.  The Firefox Accounts service is
currently operating with tightened security rules due to an uptick in
suspicious login attempts.  Unfortunately this also increases the
likelihood of us blocking legitimate login attempts such as yours, if
they appear too similar to the suspicious traffic.

I can't suggest a workaround right now, but I'm hopeful that we can have
things back to (close to) normal in the next few days.

Longer term, we have a number of new security features in the pipeline
that will give us better alternatives to just outright blocking
requests.  For example, we will soon allow you to do an email
confirmation loop that verifies a login as legitimate, no matter how
"suspicious" the request may have seemed according to our operational
security rules.


  Cheers,

    Ryan



More information about the Sync-dev mailing list