Saturday, 23 March 2019

A two-pipe problem

It's been a while since I wrote anything, but something inspired me today. Here is a useful bit of information which may well help other people with a similar problem. I had no luck googling it!

So, what was the problem? Microsoft account login.

I am involved with a community shop. Last week our access to our Microsoft Office 365 & OneDrive suddenly stopped. We couldn't log in to our Microsoft account. We kept getting a message about 'too many failed login attempts'.

Hmmm. Someone trying to hack us? Try changing password. That seems to go okay but still get the message

This is what we get when trying to login via a browser:

"Something went wrong and we can't sign you in right now. Please try again later.The Microsoft account login server has detected too many repeated authentication attempts. Please wait a moment and try again."

 Logging in via the desktop OneDrive app fails, and suggests logging in via the browser!

One suggested fix involved clearing cache etc. Did that, tried 3 different browsers, still no luck. Changed password again. Still the same message.

Was going to seek support in the Microsoft Community support forum. Slight problem - you need to be logged in to ask a question! Phone support is only available on Business accounts.

So time to call in the experts - the wonderful John Behnan of 8020tech in Machynlleth. Bit more head scratching. It's still happening this morning. He then asked if I'd trying connecting from somewhere else (all connection attempts had been on the network in the shop). Hmmm...tried logging in from phone on 4G connection. IT WORKED! This suggests an IP address problem. John digs and finds we're on various blacklists. Re-booted the router and got a new IP address and everything is okay. But it's bad luck for the next person who gets that IP address!

Now why would we have been blacklisted?

Best thought is that someone has connected a malware-infected laptop to our public WiFi network, which proceeded to send out streams of spam via a built-in mailserver. We have now blocked the e-mail ports on the firewall. This is the second time John has seen this in a few months.

All is now back to normal.

So, why does the Microsoft message not give the vaguest hint of the root of the problem? It would have saved me a lot of time.

The moral: if you're setting up a public WiFi network for customers, make sure you block the common mailserver ports on the firewall. Plus make sure that the public network is on a different IP range to your own network, and that devices on the public WiFi are isolated from each other to prevent cross-infection. We're using a Ubiquiti device, which is pretty neat for doing those things.

In a way it's lucky that we don't have a fixed IP address, as a router re-boot wouldn't have worked.

Another thought, particularly for people using 'the Cloud' - OneDrive in this case. We use OneDrive to share files between staff, and to ensure they are 'safe'. We also use it to store various data file backups off-site. (No use having a backup on a hard drive in the same building if the building burns down!). The same problem could happen with your Dropbox or Google Drive or whatever. What would you do? I suspect one option is not to rely on the 'popular' systems. If you need cloud storage should you use Amazon AWS or similar? Should the really paranoid duplicate their OneDrive files to Dropbox (or to a local USB hard-drive) from time to time? A back-up is only useful if you can access it!

No comments:

Post a Comment