Mass Account Password Reset/SMS Code Locks

Support / help / discussion forum for twitter bot
its2l82die
Posts: 32
Joined: Fri Jul 29, 2022 2:24 am

Mass Account Password Reset/SMS Code Locks

Post by its2l82die »

Hey Martin,

I have been using TwitterDub for since July 27th and until 3 days ago my accounts ran just fine aside from the stray verify phone number here and there which I handled using 5sim, I have 90 accounts and 25 of those the main accounts (mothers) that the other 70 (children) are retweeting and following, I made them all like retweet and follow the main 25 accounts over a period of about a month so that they don't appear as obvious bots, and lately after they are all cross followed between all the accounts I have started more heavily retweeting and liking the mother accounts each tweet the mother accounts made got about 7-15 retweets from the children accounts as well as from the mother accounts, all seemed well and impressions and followers grew nicely until yesterday 31 Aug the accounts started getting password reset requests (due to twitter claiming suspicious activity or login attempts), without having an email per account that made them locked, meaning only twitter support can help here. so in essence these accounts were practically blocked for me.

The next day (1st Sept) I started making emails for the mother accounts, and deleting and inaccessible phone numbers from those accounts.
Emails were setup for the 25 mother accounts and after some time couple of them started requesting password changes too, those went smoothly thanks to the emails, but later again they started asking for phone verification too. at that point I decided to turn off all actions and give the accounts a rest until I can manage to get my hands on some SIM cards to solve PV issue, below you can see the account errors I had in TwitterDub:

Image

One thing that bothered me is that in the emails it showed 12 login attempts (the other accounts hand similar amount with time intervals of 2 mins between login attempts) before twitter deciding to lock the accounts and demand password change.

Here you can see the emails that piled up due to twitter claiming suspicious login attempts:

Image

all accounts had proxies, been using 50 proxies for the 90 accounts some of them sharing a proxy, although this didn't make any issues in the early days of those accounts, also all accounts were created between 27th July and 8th Aug, they were all used lightly at first starting from 10-15 follows 20-30 likes and retweets and daily incremented to a max of 115 follows, 200 likes, 80 retweets, 24 tweets(only tweeted max of 10 per day) and 100 unfollows, also one action per account is enabled.

So I am wondering is it due to my wrong use of TwitterDub or is it something else? below you can see the actions I've setup for all the accounts, my mother accounts were posting from a collection of 1k+ scraped tweets once every ~2h, all accounts were following accounts scraped from tag searches about 10-20 follows(with retweets and likes as pre actions 30% and 40%) per period of ~1h repeating every ~2h, as well as liking(with preactions of follow 10% and retweet 20%) at about at about 15-20 per account period of ~50min repeat at ~80m and all accounts were also unfollowing 15-25 accounts for a period of 5-30min every ~3h

Image

I also noticed from 30th Aug some accounts started getting error 403 when trying to do a daily stats action here is a snippet of it:

Code: Select all

08:27:45: Check flows: 403
https://twitter.com/i/api/1.1/users/email_phone_info.json
08:27:45: check handleaccess
08:27:45: CheckForBounceUrl
08:27:45: Couldn't parse resp - is not JSON
08:27:45: No json.msg found, checking json.errors:
08:27:45: Could not deserialise to: JsonPhone2 as input is empty
08:27:45: WARNING response incorrect format!
08:27:45: * ERROR: scraping stats: Object reference not set to an instance of an object.
08:27:45: Perform stats: end
08:27:45: stats complete
So my questions are what went wrong and what causes suspicious login attempt blocks or the phone verifications?
Any suggestions on what I can improve? limits or anything else?
its2l82die
Posts: 32
Joined: Fri Jul 29, 2022 2:24 am

Re: Mass Account Password Reset/SMS Code Locks

Post by its2l82die »

I am still at a loss I can't figure out what is causing the "new login" notifications from twitter...
I had one account with 900 twitter notifications in its email about a new login, any insight into this? anyone had similar issues?
its2l82die
Posts: 32
Joined: Fri Jul 29, 2022 2:24 am

Re: Mass Account Password Reset/SMS Code Locks

Post by its2l82die »

I suspect it has something to do with multiple actions running at the same time as other actions, these actions have the same accounts on them.
so same account would like and follow but in 2 different actions at the same time, does that make the login sessions go crazy?

does setting 'singe action value' solve that?

if so can anyone explain how 'single action value' works?
User avatar
martin@rootjazz
Site Admin
Posts: 34379
Joined: Fri Jan 25, 2013 10:06 pm
Location: The Funk
Contact:

Re: Mass Account Password Reset/SMS Code Locks

Post by martin@rootjazz »

sorry for delay on getting back to this. it was so long I put it to one side and... welll... I'll be honest, I forgot to come back to it. Lets get stuck in now
User avatar
martin@rootjazz
Site Admin
Posts: 34379
Joined: Fri Jan 25, 2013 10:06 pm
Location: The Funk
Contact:

Re: Mass Account Password Reset/SMS Code Locks

Post by martin@rootjazz »

its2l82die wrote: Thu Sep 01, 2022 10:51 am 31 Aug the accounts started getting password reset requests (due to twitter claiming suspicious activity or login attempts), without having an email per account that made them locked, meaning only twitter support can help here. so in essence these accounts were practically blocked for me.
twitter are cracking down lately. With the problems with Musk / bots and the failed buyout all in the news.

Some users are reporting that twitter is showing NEW LOGIN DEVICE. Currently, I don't know why.
One user claims it shows a NY loging for their Brazilian IPs, which makes no sense, as their machine is no in NY. And the program has no method to route anywhere.

The program will route the account through it's proxy all the time. HOWEVER, there always exists the possibility of a bug that FAILS to assign the proxy to the account for a request, this would expose the machines LOCAL IP. There is no evidence of this happening, or to have happened, but it "could" happen.

But the program cannot randomly route through different cities / countries. Only the proxy / local machine IP.

As to why twitter shows a new login, again, if the bot useragent doesn't change, that is the only way to assign a new device. A cookie wipe does NOT trigger this message (I've tested). So it doesn't make sense.

Same IP
Same usergent
= new device to twitter.

I am working on getting better loggin into the program to confirm everything is working or to find out possible locations of this cause

One thing that bothered me is that in the emails it showed 12 login attempts (the other accounts hand similar amount with time intervals of 2 mins between login attempts) before twitter deciding to lock the accounts and demand password change.
Do you know what actions you were running?
IT could be the program tried to login, failed to login, but didn't mark the account as FAILED_DO_NOT_ATTEMPT_AGAIN, so when it came around again, it tried again and failed again .... repeat.

I would need to see logs of what happened to understand what response twitter sent and how twitterdub handled that (or didn't)

So I am wondering is it due to my wrong use of TwitterDub or is it something else?
right now, don't know honestly.

I also noticed from 30th Aug some accounts started getting error 403 when trying to do a daily stats action here is a snippet of it:

Code: Select all

08:27:45: Check flows: 403
https://twitter.com/i/api/1.1/users/email_phone_info.json
08:27:45: check handleaccess
08:27:45: CheckForBounceUrl
08:27:45: Couldn't parse resp - is not JSON
08:27:45: No json.msg found, checking json.errors:
08:27:45: Could not deserialise to: JsonPhone2 as input is empty
08:27:45: WARNING response incorrect format!
08:27:45: * ERROR: scraping stats: Object reference not set to an instance of an object.
08:27:45: Perform stats: end
08:27:45: stats complete


this was a bug and was fixed in a later update, can you check versions:
https://rootjazz.com/twitterdub/updatetesting.html

And in your app HELP > ABOUT
User avatar
martin@rootjazz
Site Admin
Posts: 34379
Joined: Fri Jan 25, 2013 10:06 pm
Location: The Funk
Contact:

Re: Mass Account Password Reset/SMS Code Locks

Post by martin@rootjazz »

its2l82die wrote: Tue Sep 13, 2022 2:00 pm I suspect it has something to do with multiple actions running at the same time as other actions, these actions have the same accounts on them.
so same account would like and follow but in 2 different actions at the same time, does that make the login sessions go crazy?

does setting 'singe action value' solve that?

if so can anyone explain how 'single action value' works?
single action per account, will mean, that only one action per account will run at any one time
single action per IP, means similar, but actions with accounts on same IP will never run at same time
single action value, means you can assign multiple actions to have a keyword, then actions with the same keyword will never run at the same time.
User avatar
martin@rootjazz
Site Admin
Posts: 34379
Joined: Fri Jan 25, 2013 10:06 pm
Location: The Funk
Contact:

Re: Mass Account Password Reset/SMS Code Locks

Post by martin@rootjazz »

its2l82die wrote: Tue Sep 13, 2022 1:18 pm I am still at a loss I can't figure out what is causing the "new login" notifications from twitter...
I had one account with 900 twitter notifications in its email about a new login, any insight into this? anyone had similar issues?
900 is an INSANE amount.

Do the notifications all show the same device "chrome on windows" or is it different. Same for IP, does it show the same IP?
its2l82die
Posts: 32
Joined: Fri Jul 29, 2022 2:24 am

Re: Mass Account Password Reset/SMS Code Locks

Post by its2l82die »

Sorry didn't check on the thread for a while too...

Code: Select all

Do the notifications all show the same device "chrome on windows" or is it different. Same for IP, does it show the same IP?
Yea all of the accounts show same devices and same IPs, proxies didn't fail I am positive of that.

One thing that made all the new logins slow down is using single account actions rather than grouped.
I was running a group of 10 accs doing follows in one grouped action and at the same time likes in another grouped action,
if those 2 actions overlapped I would get overlapping logins on some accounts (that is my theory at least) and this would trigger new logins, up to 2-3 per minute.

I also made new accounts freshly registered using emails since Sept 5th, and all of them (12) required SMS PVs within 3 days of making them and some were universal blocked from actions (guessing this is due to automation detection?) they were all populated with profiles and bios were starting automation lightly at about 20 followers a day with about 30 likes a day...

Code: Select all

there always exists the possibility of a bug that FAILS to assign the proxy to the account for a request, this would expose the machines LOCAL IP
Also would it be feasible to make a fail safe in case of such a bug? lets say if TwitterDub detects local machine IP just block the whole connection?
some form of rudimentary check before logins?
its2l82die
Posts: 32
Joined: Fri Jul 29, 2022 2:24 am

Re: Mass Account Password Reset/SMS Code Locks

Post by its2l82die »

Today I woke up to 12 more accounts asking for PVA, I added numbers to them and the accounts were able to verify login in TwitterDub.

But soon after I noticed 2 of these accounts were not following or liking, they only were unfollowing. the error I got from the log is this:

Code: Select all

Account not allowed: *****
WARNING failed account returned! Cannot find account to use that hasn't failed login
* FAILED: process multisearch: 82634463446524345624346 : Cannot find account to use that hasn't failed login
I also forgot to mention that all of the accounts that got snared today were 2nd use of proxies (first accounts registered with the proxies are alive and well), so that could be a trigger for them being flagged, but regardless, I'd be happy to know if anyone knows what kind of limitation did twitter apply here?

Also funny thing is the accounts work perfectly well in browser session, ie. searching terms, liking and following others, all work perfectly well, but in actions only unfollow works.

Tried resetting user agents and deleting cookies but to no avail.
User avatar
martin@rootjazz
Site Admin
Posts: 34379
Joined: Fri Jan 25, 2013 10:06 pm
Location: The Funk
Contact:

Re: Mass Account Password Reset/SMS Code Locks

Post by martin@rootjazz »

its2l82die wrote: Fri Sep 16, 2022 4:18 am
Yea all of the accounts show same devices and same IPs, proxies didn't fail I am positive of that.
ok, so it doesn't make sense! It appears to be the same device and same IP...
One thing that made all the new logins slow down is using single account actions rather than grouped.
I was running a group of 10 accs doing follows in one grouped action and at the same time likes in another grouped action,
if those 2 actions overlapped I would get overlapping logins on some accounts (that is my theory at least) and this would trigger new logins, up to 2-3 per minute.
ok, so I will check on this. It could be a bug in grouped actions. Althouhg I cannot see how. It's a grouped action. One action after another... If there was a caching account issue, then it WOULD show a different device / IP

Also would it be feasible to make a fail safe in case of such a bug? lets say if TwitterDub detects local machine IP just block the whole connection?
some form of rudimentary check before logins?
maybe not as simple as it seems. If it detects local IP there is a bug, so it assumes the detection is also working flawless. It would also need constant checking of IP... Will need to think how this could implemented...
Post Reply