Can't log-in, all sites down

Receiving a login error when trying to access via my linked github account. Was working fine this morning until I added a new site and now everything is down.

The nameservers for primary domain are pointed to Netlify and my Google domain verification MX records are set there so my primary email is down too. What happened?

This is the account (or the email associated with the github account) I had to change my nameservers at my registrar so I could set my MX records in order to access my email. Was my account suspended?

Hey @crigger :wave:

Thanks for coming back and confirming. You account indeed was flagged as spam. Can you tell me more, in detail, about the content you plan on hosting at Netlify?

Thanks!

Weird! It’s all personal projects (portfolio, proof-of-concept designs, experiments) except for a few sites that I’ve made pro bono for friends / family.

I don’t any even think any contain anything that would ask for an email or transactional input?

I looooove this service and how it’s made it so easy to publish and this is honestly the first hiccup I’ve ever had…
Is there anything I can do to reactivate?

Or also—
I’d be glad to provide an extensive explanation of every site… could I possibly get a list?
I think there was at least 10… and maybe 15? I was about to add a new site for a run I’m doing next month to get like ~10 folks excited about the outing. So it’s mostly small silly stuff like that.

Thanks for the quick response! I’ll send this over to our support engineers so they can look into it further for you.

Thanks!! I appreciate you!!

Hey @crigger I took a look at your account and checked your sites, and it seems that this was a false positive. I’ve reactivated your account but let us know if you’re not able to log in!

hey!! Thanks so much. I’m still receiving a login error and I also was charged for a number of analytics activations which I didn’t approve (bc I haven’t even been able to access the account)

Hi, @crigger. I’m un-listing this topic so it won’t show up on searches on on the list of topics but people with the direct URL can still visit the page. This is being done to make this topic more private and we can move to a completely private helpdesk ticket if that is preferable.

I now also do see successful logins for the email address you are using on this forum. Have you been able to login now?

I strongly recommend that you enable two-factor authentication (2FA) for your login at Netlify. There is documentation about how to do so here:

https://docs.netlify.com/accounts-and-billing/user-settings/#two-factor-authentication-2fa

I recommend 2FA because it sounds like someone was able to access your login at Netlify and make setting changes on your account. If so, this could only be done if the other person had your login credentials. Those credentials might have been shared with someone intentionally or you might have been the victim of a crime. Which it was, however, that I do not know.

If you have allowed someone else to login to your account at Netlify intentionally, then you will be responsible for paying for the Analytics charges. If you were the victim of a crime, we suggest you report the theft of the access credentials to law enforcement and let us know. If you report this to law enforcement (and also enable to 2FA to prevent this from happening again), we can refund those charges.

Hey! Thanks so much Luke.

I recently had a hiccup where I was flagged (in what turned out to be false positive) for spam. Prior to that— I only ever logged-in using my Github account. (which did have two-factor-authentication enabled in the Github environment)
When my account was shut down (again, a mistake) it appears that the Github account integration was severed.

After my support request regarding my account being banned— the investigation, and reactivation, these charges appeared immediately and all at once.
I wasn’t able to access my account using normal means (Github) and followed a separate set of instructions to “reset” or in actuality, “set” a password for the email associated with the previous Github integration, which then allowed me to restore the Github auth.

When I accessed my account (hours later)… the analytics services had been deactivated. This morning I enabled the 2FA on the Netlify account now associated with email.

I did not and do not share my login credentials with anyone.

Just to be clear— you’re suggesting that in the small window that y’all were actively reactivating my account… a criminal was able to access this account and decided to activate Analytics service on some of my websites, and then immediately deactivated the analytics services without doing anything else malicious? Using a secure (generated) password from LastPass?

Do you think it could have been anything else that caused this?

Hi, @crigger. Thanks for pushing back on this.

My research has confirmed you are correct and that I was wrong. This was a bug and not done by anyone with your login credentials.

Our support team can and will get all the subscriptions cancelled and all the charges refunded.

Before we proceed would you please answer the following questions?

  • Should we remove Analytics for all sites on this team?
  • If you want to use Analytics for specific sites, which sites should have it?

If you confirm which sites should not have Analytics, we’ll get that feature removed and refund the charges for any sites that should not be using it (which could be all sites).

Thanks Luke!— no need for analytics on any of these sites.
I appreciate your help. Have a great day!

1 Like