As part of the Account Security features, we also provide you with details of the last logins, current browser sessions that are open and a way to control access to your account via an IP-based Manage IPs feature and Access Control List.
You will find these features in Account > Account Security on the “Access Control” tab.
The Access Control tab shows all successful and failed attempts to log in to your account from IP addresses that you have not actually blocked (see below – Access Control List). The list shows the IP address attempting to log in, whether it was successful and which service was accessed along with the date and time. You can filter the results if necessary using the options on the page.
Note about blocked IP addresses: If you block an IP address then it will no longer appear in the list of logins.
The list shows up to 1000 results but this may not be enough to show all the results from the time period you have selected. In such cases it might be useful to exclude IPs you don’t need to see as this will allow more results to be seen in the list up to the limit of 1000. You could for example exclude IPs that are known to you and are of no concern.
Notes about IP addresses:
If you see IP addresses in the list that you don’t recognise it shouldn’t be an immediate cause for concern. If you use your account on a mobile device like a smartphone then there is a good chance that successful access attempts from IPs you don’t recognise might be via your mobile phone/cellular provider’s network. These IPs can change quite often as you move from one location to another.
If you use your email address quite a lot in places where it can be viewed publicly then it may be added to lists of email addresses that can be used to send spam to your account. However, the lists might also be created and used by attackers who will try to gain access to your account. As long as these IPs are blocked in the list then they have not gained access.
Email addresses that are easy to guess can also be the target of attacks. Examples of these types of addresses might be email@example.com or firstname.lastname@example.org (where domainyouown.com is your own domain).
Access Control List and Manage IPs
The Access Control List and Manage IPs sections that are further down the Access Control page work together to give you manual control (as opposed to the automatic blocking mentioned below) over which IP addresses can access your account. The sections are mostly self explanatory and allow you to enter IP addresses and permanently allow or deny them access to your account.
The Access Control List shows IPs that are currently allowed or denied.
You can also choose to apply the Access Control List of a Main account to all Sub-accounts that the Main account manages. This may be useful in some situations, e.g. where everyone accesses the accounts from the same location or IP address. However, it might cause unforeseen problems if the Sub-accounts are used from a variety of locations and IPs in which case it may be better to allow the Sub-account users to manage their own Access Control List.
The Manage IPs section is where you manually enter any IPs you want to allow or deny along with a label for your reference of what they relate to.
Any logins that are automatically blocked from accessing your account are shown in the Blocked IPs section from where you can decide whether they should be allowed or denied permanently.
The Sessions tab shows currently valid cookies that have been placed in a browser to allow access to the Runbox web interface. This doesn’t necessarily mean a browser is open on the website if it is listed here, it means that a cookie that was placed in a browser after a successful login is still valid if it appears in this list.
If you have any questions about these new features please contact Runbox Support.