User must verify their account on www.facebook.com (405)

[lrvick]

When I try to connect via my VPS on digitalocean I get:

 @root | facebook - Login error: User must verify their account on www.facebook.com (405) 

I then have to go to facebook.com in a currently trusted browser, approve, and reset my password.

3x more times I try this, and no luck.

Next I do an ssh proxy via the VPS, and ensure my browser reports the VPS ip address, and log in there. I verify that IP, and it works.

Go back to bitlbee from same IP. Still no luck.

I have tried both real passwords, and App passwords multiple times.

[lrvick]

Rebirth of: #105

[dequis]

Not much that we can do about this, unfortunately.

[lrvick]

Has anyone gotten this working recently? I feel like this pretty much kills the project...

[dequis]

We've had very few reports of this, relatively. Might be a case of your IP range being in a blacklist due to excessive abuse (for example)

[phroa]

@lrvick not myself, apparently. Just installed bitlbee today for the first time.

Even logged in to the website (after being forced to identify my friends and change my password) from my server's address, using an app password for bitlbee.

:(

[miclud]

Experiencing the same issues. Using Scaleway as VPS provider.

[lrvick]

@Cr4ck3r also reported the same issue, with Digitalocean VPS.

[wirew0rm]

Same here via online.net :/

[phroa]

Actually, cannot reproduce anymore 😕.

Facebook seems to have connected properly earlier this morning.

[wirew0rm]

Nope still no luck, I had to change my password like 10 times now...
The socks proxy did not help either.
I also tried to set ClientInterface in bitlbee.conf to the servers IPv4 adress, but mqtt facebook seems to ignore this setting. Is this a bug or is there some other configuration option hidden somewhere?

[dequis]

@wirew0rm the plugin doesn't ignore the setting if it's valid, but bitlbee as a whole will silently ignore it if it's not. Try with something like 127.0.0.1 first to be sure it's actually picking it up. You also need to restart the bitlbee service and reconnect your irc client for it to take effect.

[wirew0rm]

thank you very much for your reply, it seems you where right and the setting was ignored completely, but I couldn't find out why. (On my archlinux system bitlbee does not produce any debug output, even after adding the -v flag and the debug environment variable.)
I finally managed to get it to work by activating DNS resolving via SOCKS, and accessing facebook via IPv6 in Firefox.
I've added a section to the wiki.

[dequis]

Hmmm i think the ClientInterface setting doesn't support binding to ipv6, that's definitely a bug.

For the other people in this thread: how many of you have servers with both ipv4 and ipv6?

[lrvick]

I have both enabled on the VPS where I am having the issue.

On Thu, Oct 20, 2016 at 11:04 AM, dx notifications@github.com wrote:

Hmmm i think the ClientInterface setting doesn't support binding to ipv6,
that's definitely a bug.

For the other people in this thread: how many of you have servers with
both ipv4 and ipv6?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#108 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAEOUHhG383hkVA7jaPRfQFxNLOywo2rks5q161JgaJpZM4KUSDQ
.

Lance R. Vick

---

Cell - 650.686.8819
IRC - lrvick@irc.freenode.net
Website - http://lrvick.net
PGP Key - http://lrvick.net/0x36C8AAA9.asc

---

[miclud]

@dequis I have both enabled

[teemupulliainen]

I seem to run into this once or twice a week now. Logging in via a browser from the same IP and going through the password change process fixes the issue each time but it's rather annoying. I'm not using a VPS but a self-hosted server on a corporate IP network instead. Sure, it could still be an IP-based blacklist, but I wouldn't be so sure. I'm using an app password (which I also changed once) and FB keeps telling me that 'one of the following passwords might not have been added by me' or some such bullshit.

Perhaps FB is trying to "encourage" using their own services once again, or perhaps bitlbee-facebook is doing something some automatic algorithm detects as suspicious. In case anyone comes up with a more permanent solution, please let us know.

[dequis]

Yeah I was wondering what happened with this one.

Shortly after this ticket went silent, dequis/purple-facebook#282 appeared and the number of reports there spiked. And oddly enough I was only able to reproduce it there, when using purple-facebook from pidgin but not when using bitlbee-facebook from the exact same machine.

So I'll have to ask you all to please answer all the questions you can from this list, like I asked in the other ticket. Ideally following the template.

Okay, here, a short list of all the information I need:

1. Errors thrown by bitlbee
2. Message shown by the facebook website (particularly pay attention to mentions of "unfamiliar location" or "suspicious activity")
3. Is it all the same internet connection?
4. Are you using any proxies / VPNs?
5. Were you using app passwords? Did the situation improve after using app passwords?
6. Did it happen once or did it happen on every login attempt?
7. Was it enough to change the password?
8. Have you used this plugin before? If so, when was the last time it worked?
9. Have you used any other third party facebook clients like miranda?

Please, everyone who posted here so far, reply with a comment including all of these.

[dequis]

Also pushed ece0715, please install that version and report if it improved anything by next week

[zer0def]

1. "facebook - Login error: User must verify their account on www.facebook.com (405)"
2. http://dump.dequis.org/9Hld_.png
3. No, I'm running Bitlbee separately.
4. No.
5. Yes, didn't work.
6. On every login attempt.
7. No.
8. Last time it worked was 21-11-2016 2:50PM+0100
9. No.
10. ece0715 didn't work.

[dequis]

Well I don't really expect that sort of "unfamiliar location" error to improve with that patch at all. FWIW I can reproduce that one reliablly by using a socks proxy to a VPS where I never had bitlbee. Sucks that app passwords don't help there.

I wonder if that's the message the rest of the people in this thread get? Purple people tend to get the "phishing" or "suspicious activity" ones, with behavior closer to what @teemupulliainen described.

[teemupulliainen]

1. After a disconnect, first

"Login error: Error validating access token: Session does not match current stored session. This may be because the user changed the password since the time the session was created or Facebook has changed the session for security reasons."

Not sure if the former happens every time, though.
When trying to reconnect, always:

Login error: User must verify their account on www.facebook.com (405)

2. First

Your Account is Temporarily Locked
We’ve detected suspicious activity on your Facebook account and have temporarily locked it as a security precaution.
It’s likely that your account was compromised as a result of entering your password on a website designed to look like Facebook. This type of attack is known as phishing. Learn more in the Help Center.
Over the next few steps we’ll walk you through a security check to help secure your account, and let you log back in.

Followed by a

Keep Your Account Secure
It looks like one change was made to your account. Now we'll help you change your password and look at the recent change to your account.
1
Password
2
App Passwords my_bitlbee_app_password_identifier

3. Yes
4. No
5. Using one now. I'm not 100 % sure if I was using one initially (had one set up but I'm not sure if that was used by Bitlbee). After the issue first emerged, I created a new app password and started using it. Didn't help.
6. Not on every login, but has been happening occasionally lately. The first occurrence seems to have been November 6th.
7. Yes
8. Apparently worked until Nov 7th. (The first occurrence of 405 error on my logs)
9. No
10. Unfortunately didn't have ece0715 running yet.

[teemupulliainen]

Turns out I was actually running purple-facebook instead of bitlbee-facebook. Anyway, I haven't experienced this issue after installing ece0715 almost three weeks ago, so it's looking promising. Thanks a lot @dequis!

[lrvick]

After applying the latest update, Facebook works for me again!

…

On Tue, Dec 13, 2016 at 3:09 AM, teemupulliainen ***@***.***> wrote: Turns out I was actually running purple-facebook instead of bitlbee-facebook. Anyway, I haven't experienced this issue after installing ece0715 <ece0715> almost three weeks ago, so it's looking promising. Thanks a lot @dequis <https://github.com/dequis>! — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#108 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAEOUHSqI4DKRNXCnnbmLTpjaztV2eISks5rHnzqgaJpZM4KUSDQ> .

-- Lance R. Vick

__________________________________________________ Cell - 650.686.8819 IRC - lrvick@irc.freenode.net Website - http://lrvick.net PGP Key - http://lrvick.net/0x36C8AAA9.asc

__________________________________________________

[dequis]

No complaints in a long while from either purple-facebook or bitlbee-facebook users after that user agent fix, so I'm considering this fixed.

[miclud]

Just want to confirm that it works after getting the latest update. Had to confirm new login on facebook before it would connect, but no password change. Thanks

[douglas-carmichael]

It still doesn't work now (Feb 12) even when I update bitlbee-facebook to the latest from git, and use an app password.

[dequis]

@douglas-carmichael open a new ticket

[garciaErick]

I also am having troubles with the login :( anyone had success ?

[kmARC]

I'm also having this issue; came up right after I switched from AWS to DigitalOcean

Logging in from browser with my DO server as a proxy doesn't help.

[currificado]

Same here. I can't use bitlbee-facebook anymore because of this. I've tried changing my password in facebook and logging in from browser with my server IP, but I always get "User must verify their account on www.facebook.com (405)". I've used bitlbee-discord on this server for several years. Some time ago I got this error message and the problem solved itself after not making a login attempt for some time (like 2 weeks). So I did the same this time but didn't work.

[synic]

Started happening to me for the first time today. No amount of "verifying" allows it to proceed.

[Tea23]

I am stuck in an authorisation loop. Using a digitalocean VPS and the SSH tunnel stuff isn't helping at all, sadly.

[usvi]

I purged my browser and had to relogin everything. What a boogalooga. FB started to ask if that was me, if I made this posts, etc. As a side effect my bitlbee-plugin started asking for new credentials and just does not work.

Getting:
18:34 <@usvi> acc facebook on
18:34 <@root> facebook - Logging in: Authenticating
18:34 <@root> facebook - Login error: User must verify their account on www.facebook.com (405)
18:34 <@root> facebook - Logging in: Signing off..
18:34 <@root> facebook - Logging in: Reconnecting in 900 seconds..
18:35 <@usvi> acc facebook off

Sometimes I need to confirm the location on Facebook and then later not. It just seems to be coming. Maybe I'll try again tomorrow.

Edit: Nope, nothing is working anymore.

[usvi]

OK I have no idea what I did but I was able to make it work.

First I git pulled bitlbee and bitlbee-facebook.
I did this change to bitlbee-facebook:

diff --git a/facebook/facebook-api.h b/facebook/facebook-api.h
index cecfa05..e8ada3e 100644
--- a/facebook/facebook-api.h
+++ b/facebook/facebook-api.h
@@ -117,7 +117,7 @@
*
*/

-#define FB_ORCA_AGENT "[FBAN/Orca-Android;FBAV/537.0.0.31.101;FBBV/14477681]"
+#define FB_ORCA_AGENT "[FBAN/Orca-Android;FBAV/537.0.0.31.101;FBPN/com.facebook.orca;FBLC/en_US;FBBV/52182662]"

/**

• FB_API_AGENT:

I recompiled bitlbee and bitlbee-facebook

Then I used this script: https://gist.github.com/Tatsujin/953551fe38d8e38aac43b423998d3deb/raw/fdad42d41161f5b6ea0f9d343e2057f99e4db8fb/bitlbee-fb-login-2fa.py

I butchered the script and copied uid, did and mid from bitlbee nick.xml . uid was 0 ! I changed it temporarily to my actual fb uid. MAYBE IT WORKS FOR 0 , I DONT KNOW.

I enabled SMS 2-factor auth in FB.

I ran the butchered script, got SMS, I entered the SMS code (6 numbers) to the script, then I got

Access token: FLIAIJ9z82u3o8muasdodsfijodifjmOIJOIJoijfOIJOIJmu9z82u3o8muasdodsfijodifjmOIJOIJoijfOIJOIJmu9z82u3o8muasdodsfijodifjmOIJOIJoijfOIJOIJmu9z82u3o8muasdodsfijodifjmOIJOIJoijfOIJOIJmu9z82u3o8muasdodsfijodifjmOIJOIJoi
Traceback (most recent call last):
File "./bitlbee-fb-login-2fa.py", line 157, in
if ( DID != response['device_id'] ):
KeyError: 'device_id'

I put the access token to my irc client ( account facebook set token FLIAIJ9z82u3o8muasdod... )

And it worked. I don't know what exactly was needed but this worked for me, thank heavens.

[usvi]

It seems to be a bit impossible to know what causes what. But I did this to test:

Facebook: 2 factor auth with SMS on

1. Recompiled bitlbee-facebook with
   #define FB_ORCA_AGENT "[FBAN/Orca-Android;FBAV/537.0.0.31.101;FBPN/com.facebook.orca;FBLC/en_US;FBBV/52182662]
2. Re-created account on Bitlbee
3. Verified UID=0 in user.xml
4. Ran the modified script
5. Got SMS, entered the code
6. Got token, added token in Bitlbee

It is working now. I hope I could automate the process in bitlbee-facebook.