New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
MXroute control panel locked
I have MXroute account.
I logged into account today and was just checking out all the links on left panel.
I clicked on 2FA but didnt scan the code using authentication app. I thought I would enable it later.
I logged out after configuring one email account.
Now when I try to login, it is asking for authentication code.
So I can not login.
@jar, please look into this. I think this is a possible bug.
Comments
Bug with user confirmed
Whilst I'm sure jar will see this thread, looks like they have a "Login Issues" department. Might be worth giving that a go: https://accounts.mxroute.com/index.php?/tickets/new/
If I remember right, in DirectAdmin, you have activated 2fa at this point, so it is not a bug.
There is a text file containing the string for your app in your user data. I think you can access it if you can log in via SSH.
Even access to this link requires security code. I guess it is 2FA code.
I have not activated 2FA. I just clicked on link of 2FA.
The moment you click Generate and can scan the QR code, you have activated 2FA.
>
But I have not scanned the QR code.
No shit, have you considered that this is why you can no longer log in?
I don’t remember whether MXroute allows SSH access, but if they do, you can, as I wrote earlier, log in via SSH and open the text file containing the string you need for your 2FA app.
MXroute had FTP access option, but that feature was discontinued last May
Do not recall anything regarding SSH access though.
@zuket, if it’s their billing panel you’ve locked yourself out of, there’s nothing you can do but wait, but it’s still not a bug.
There is a big warning on the page.
This looks like the new panel. I didn't manage to check it out yet, but do not recall anything like this design.
@zuket Try logging into DirectAdmin directly. You can definitely configure emails / domains there.
All the hosting-related features are disabled, so the configuration is simple.
@xvps
I think I overlooked those warning signal. But still just clicking on link shouldnt enable 2FA.
@DataRecovery
Thanks for tip. I could log into DirectAdmin directly.
Bad design. Just report and expect fix.
The pain of having 5264312 different panel for doing slightly different things on each lol
Not a bug, that’s why the warning is there. When you log in there’s a button that gives you an option to disable 2FA. It says “Lost Authenticator” just click it. I’m surprised you didn’t see the warning or the button. Please slow down and try to read the things I put there for you.
https://api2.hostbillapp.com/clients/setupClientTOTPMFA.html - there’s no “I kinda maybe want to flirt with turning this on” it’s just on or off. That’s why the first page lets you flirt with the idea before clicking the second button to turn it on.
Layer 8 issue. I seriously do not get how you missed the warning.
@jar
I really didn't see the warning. Otherwise I could not have made this mistake.
So right now I can not log in.
It asks for verification code.
There is 'Lost Authenticator' button on login page. Clicking on it takes you to stripe.com site to verify with govt id.
I could log into DirectAdmin panel directly using username/passwd.
Is there any other way to disable 2FA.
The only other option is to abandon your account, cut off any payments, etc. If I can’t at minimum prove beyond reasonable doubt that you are who you say you are, and I remove 2FA on request, then the message becomes “Two factor authentication secures your account unless someone asks nicely.”
On this topic, Jar's approach to social engineering tickets is one of the main reasons I keep coming back to MXroute. Great stuff.