1.2.7. What to do if you received a login letter from an unknown IP

Check your current external IP first. This can be done, for example, here or here... Compare the received address with the one indicated in the letter and with those that are displayed in log of authorizations... If the address is the same, then the reason for the trigger could be the change of IP on the device from which the account was previously logged in. This situation can occur when the IP provider changes its IP, connects to the network of another provider, or, for example, when you turn on a proxy or VPN.

If you suspect that someone else may have gained access to your account, you should take appropriate action:

  • Change account password.
  • Turnon 2-Step Verification, if not already configured.
  • Reset or disable concurrent sessions, if enabled.
  • Additionally:
    • Change passwords to all or the most important databases. Necessarily indicate new passwords in the CMS configuration files that use these databases.
    • Change passwords to the CMS admin panel.
    • Change passwords to mailboxes and FTP.
    • Check for new, possibly malicious, files in the site directories.
    • Run anti-virus scan.