ecreation


Hi,

We have several bots running and with one of them we experience a lot of problems, The status is online, thats because its a provisioned account, but the message can not be delivered.

We think that someone is trying to hack the password,. We tested it with an another account and when you try to login 12 times with a wrong password the system goos in somekind of lockdown. The strange thing is that happends only when the the account is not logged in.

So we think that someone is running a script, and when the bot is offline for a few sec. it happends.

Is there enyone who experience the same problems

thanks

Stuart




Re: account is temporarily unavailable

Gruia Pitigoi-Aron - MSFT


Hi Stuart,

There is a behavior where if a user / bot is logged out and you try to log in with incorrect passwords over a certain threshold, then the account is locked out from logging in for a small period of time (5-10 minutes or so). This kind of lockout of an account can also happen when the account is logged in, however, if the account is logged in and the account is locked out the bot will still work and respond to queries. In other words, if you are logged in, it doesn't matter if someone is trying to hack in - your bot won't be affected.

We have experienced hacking attempts on only our highest load bots (million of users). And as I mentioned, it only affects logging in, it does not affect the bot running once logged in.

I'm therefore not sure that the problem is someone trying to hack into your account, but it could just be a connectivity problem of some sort.

Are we hosting your bot, or is it hosted somewhere else If we are hosting it, what is the bot name - I could follow up to see if we have noticed anything out of the ordinary.

Thank you,

Gruia






Re: account is temporarily unavailable

Glen Allison - MSFT

Has this issue resolved What you describe is a possibility in that a hacker could be trying to sign into the account repeatedly and locking you out. Could you post the name of the Agent that is provisioned

Thanks






Re: account is temporarily unavailable

Seinfeld

The issue still persists. It's about our Agent with provisioned account alice@worldofalice.es .

It's running on Akonix software, hosted on our own server. There are several other bots running on that same server, these have a lot more users and are functioning fine.

Indeed the lockout is only noticeable when the Agent tries to re-login. Unfortunately, due to instability of the software platform, the service needs to be restarted few times a day to keep all Agents running, so then the lockout affects this Agent when it tries to login again.

In my opinion, at least regarding Agents, it's not very logical to block the account in case of a hack attempt. A lot more efficient would be to block the IP address from which the false login requests are made. This way it allows the legitimate account owner to still use his account.

- Twan

Ecreation





Re: account is temporarily unavailable

Gruia Pitigoi-Aron - MSFT

Hi Twan,

This is a security function of Windows Live ID, and can't currently be controlled differently by agents.

I'm not sure what your requirements are, but you are more than welcome to explore being hosted using our servers and on our platform. Our platform is very stable, and the service does not need to be restarted that often to keep agents running - usually we only restart when a major configuration change occurs. I can put you in contact with the right person if you would like to explore this further and see if it is right for your business.

Assuming that you've already looked into being hosted by us and running on our platform, I'm following up with the Windows Live ID team to see if there is anything they can do to help. I'll post a follow up here if I come up with anything, but otherwise I'm not sure what we can do.

Thank you and I'm sorry this is the answer,

Gruia