Facebook-chat-api: Account gets blocked every 24hours or instantly after login

Created on 19 Jan 2020  路  41Comments  路  Source: Schmavery/facebook-chat-api

Logging in from the same IP as usual (even same machine). This does only happen for appstate login.

Most helpful comment

Thank you @PixelHir

So I found some things that help stop or reduce this issue:

-Change the user agent. Also use the same user agent in logging in with the password and using the app state. You can google "what's my user agent" and copy the result.

-Don't use on public servers with public and changing IPs like amazon aws or heroku.

-Don't login too often even with the app state.

-There are some headers and requests that needs to be updated, I've done some work and it looks fine so I'll try to submit a PR very soon.

-Also the ping requests made by @lequanglam helped alot.

EDIT: Also activate 2fa on the account, I think it helps.

All 41 comments

did you try changing user agent? it helps a lot

changed user agent, worked for 24 hours and then checkpointed me again.

try mark as read before you let your bot respond.

my bot does not respond, my bot only checks message count (albeit it does this every 500 miliseconds or so)

can you upload your code here?

And now it checkpoints me instantly upon trying to regenerate appstate.json. And when I open up facebook.com in my browser to remove it, it shows the checkpoint URL for a short second and then opens up the regular main page. Still, regen-appstate says that login approvals are on.

Edit: Could I perhaps use this: https://i.imgur.com/4njOszf.png
Edit2: Also this popped up on my email: https://i.imgur.com/BQRWJX1.png

And now it checkpoints me instantly upon trying to regenerate appstate.json. And when I open up facebook.com in my browser to remove it, it shows the checkpoint URL for a short second and then opens up the regular main page. Still, regen-appstate says that login approvals are on.

Edit: Could I perhaps use this: https://i.imgur.com/4njOszf.png
Edit2: Also this popped up on my email: https://i.imgur.com/BQRWJX1.png

Paste your cookies from browser to JSON file.
You'll need facebook.com & messenger.com cookies.

https://gist.github.com/rypx/57dd15c70d031fc5125f077f74a8b825
This will update & genereate new appState.json from your old session json.

Note, you also need to extend all of your expires key e.g: datr, if you want long-lived session.
It is not the efficient way, but it's worked, code itself is not clean, try edit & play with it.

Happy to accept any improvements to how we're handling cookies fwiw

And now it checkpoints me instantly upon trying to regenerate appstate.json. And when I open up facebook.com in my browser to remove it, it shows the checkpoint URL for a short second and then opens up the regular main page. Still, regen-appstate says that login approvals are on.
Edit: Could I perhaps use this: https://i.imgur.com/4njOszf.png
Edit2: Also this popped up on my email: https://i.imgur.com/BQRWJX1.png

Paste your cookies from browser to JSON file.
You'll need facebook.com & messenger.com cookies.

https://gist.github.com/rypx/57dd15c70d031fc5125f077f74a8b825
This will update & genereate new appState.json from your old session json.

Note, you also need to extend all of your expires key e.g: datr, if you want long-lived session.
It is not the efficient way, but it's worked, code itself is not clean, try edit & play with it.

we don't need messenger.com cookies anymore. just facebook.com cookies

Exported cookies from messenger and facebook, and while running this script on facbook's stuff, it gives me an error that it expected messenger. I gave it messenger and then it says

ERR! login Error retrieving userID. This can be caused by a lot of things, including getting blocked by Facebook for logging in from an unknown location. Try logging in with a browser to verify.

Refreshing or closing and reopening browser just brings me back to messenger.
Also the old appstate file seems... longer.

As to the pull request by lequanglam, it instablocks when trying to regen appstate and says that login approvals are on. This checkpoint errors out browser messenger, and immediately disappears upon opening a facebook tab.

With facebook's cookies:
https://i.imgur.com/dvP5yD2.png

With messenger's cookies:
https://i.imgur.com/C0P81vY.png

With appstate-regen.js:
https://i.imgur.com/t5KVQi1.png
https://i.imgur.com/gszgsI9.png
(For half a second) https://i.imgur.com/r4voI0s.png, then:
https://i.imgur.com/wZjRpNU.png

facebook seems to be broken again
btw can you upload full stack trace?

How would i go about getting a full stack trace?
I can only go as far as exit from the API, which is not much.

Any news?

maybe you should try using 2FA.

Facebook is up to something, I've been required to send a photo of myself on one account, 24hrs after it got unlocked and the bot was running back it got locked down again and now I need to send a photo of my ID card. We should put focus on disguising the bot as a legitimate user since it looks like they have some way of detecting it. (and i've made many attempts to disguise myself like changing useragent, read receipts etc.)

and I successfully disguised myself as a legitimate user.

btw we should use some sorts of cache, or allow to input isGroup for this:
https://github.com/Schmavery/facebook-chat-api/blob/master/src/sendMessage.js#L182-L193
https://github.com/Schmavery/facebook-chat-api/blob/master/src/sendTypingIndicator.js#L17-L25

Nice. I also found that we send some old form fields with some requests that are not required any more. I'll remove them when I can.

Enabled 2FA, got blocked after ~24h

Still not resolved.

I'm trying to login in through test accounts in FB. But i got these error now.

ERR! login Error retrieving userID. This can be caused by a lot of things, including getting blocked by Facebook for logging in from an unknown location. Try logging in with a browser to verify.

Try not to run bots on servers. Most servers have their ip range public and facebook can detect them easily.

Bot still blocked even when running on an onsite server. (24hrs or instantly after login)
Offsite server also blocked after 24hrs or instantly after login.

The problem is still persisting. Bump.

somehow facebook still able to detect this library. idk how to fix it.

Hey, looks like Im having the same issue.
There are no login approval's on my acocunt, but when trying to login to my account Im getting
{ error: 'login-approval', continue: [Function: continue] }.
And when manually logging from chrome Im asked to validate my identity.
After validating and running again the same flow happens.
My code is as simple as the doc's echo-bot

That probably means that your account has been blocked due to suspicious activity, when this happens you need to login from browser to authorize it.

The problem is that this library still uses some old functions and headers and facebook鈥檚 api is undergoing through changes very often so we would need to reverse engineer it again from scratch to guarantee full support.

Thanks @PixelHir !
When it happens I do go to login from browser to authorize it, but it happens every time. Now I only wonder if it something wrong I'm doing or the tool is currently facing an issue...

Thanks @PixelHir !
When it happens I do go to login from browser to authorize it, but it happens every time. Now I only wonder if it something wrong I'm doing or the tool is currently facing an issue...

Use appstates, and change your useragent to something more common (like Chrome on Windows 10)

Also try to not use services like heroku since they change ip every time the bot restarts.

It's also good to have the IP's country of the server same or close to the country where you created the account/logged into it

Thanks @PixelHir

  • How do I change the user agent? cant find in the docs.
  • Its run locally (no heroku), my IP, same as the page ownership
    User agents:
    If I run login with reading AppState I get errors:
  • If I run it with a json array with the cookies of facebook.com and messenger, I get an error:
Error: Cookie not in this host's domain. Cookie:www.facebook.com Request:www.messenger.com
  1. If I run it only with messenger.com cookies:
ERR! login Error retrieving userID. This can be caused by a lot of things, including getting blocked by Facebook for logging in from an unknown location. Try logging in with a browser to verify.

Thank you @PixelHir

So I found some things that help stop or reduce this issue:

-Change the user agent. Also use the same user agent in logging in with the password and using the app state. You can google "what's my user agent" and copy the result.

-Don't use on public servers with public and changing IPs like amazon aws or heroku.

-Don't login too often even with the app state.

-There are some headers and requests that needs to be updated, I've done some work and it looks fine so I'll try to submit a PR very soon.

-Also the ping requests made by @lequanglam helped alot.

EDIT: Also activate 2fa on the account, I think it helps.

Thanks @PixelHir

  • How do I change the user agent? cant find in the docs.
  • Its run locally (no heroku), my IP, same as the page ownership
    User agents:
    If I run login with reading AppState I get errors:
  1. If I run it with a json array with the cookies of facebook.com and messenger, I get an error:
Error: Cookie not in this host's domain. Cookie:www.facebook.com Request:www.messenger.com
  1. If I run it only with messenger.com cookies:
ERR! login Error retrieving userID. This can be caused by a lot of things, including getting blocked by Facebook for logging in from an unknown location. Try logging in with a browser to verify.

You can change the useragent by passing the userAgent object when logging in.
login({userAgent: 'UserAgent Here', ...

Also can you tell me how are you acquiring your appstate? Are you using the builtin api.getAppState() or are you just pasting your cookies from browser? I've never had any issues when using the appstate supplied by the lib

Thank you @PixelHir

So I found some things that help stop or reduce this issue:

-Change the user agent. Also use the same user agent in logging in with the password and using the app state. You can google "what's my user agent" and copy the result.

-Don't use on public servers with public and changing IPs like amazon aws or heroku.

-Don't login too often even with the app state.

-There are some headers and requests that needs to be updated, I've done some work and it looks fine so I'll try to submit a PR very soon.

-Also the ping requests made by @lequanglam helped alot.

EDIT: Also activate 2fa on the account, I think it helps.

Yeah 2fa helps a lot. Also when your bot is on a big number of group conversations (like mine) you should disable the read receipts for all messages since you can easily get ratelimited, and instead make it send read receipt only for messages that it is going to reply to

You can change the useragent by passing the userAgent object when logging in.
login({userAgent: 'UserAgent Here',...
Also can you tell me how are you acquiring your appstate? Are you using the builtin api.getAppState() or are you just pasting your cookies from browser? I've never had any issues when using the appstate supplied by the lib

I added the user agent. still getting
ERR! login login-approval

I cant use the get appstate api beacuse I cant login even once... I used an extension called "EditThisCooie".

@GuyAvraham Do you have 2FA enabled on the account? If you have then you must provide the code to the api. You can find an example for that in the docs.

If not, then try loggin in from a browser and see if the account needs a password reset or verification.

Also try to not use services like heroku since they change ip every time the bot restarts.

Ohhhhhh....
That would actually explain a LOT.
Well then I need a service that's online 24/7 and does not do that. I'll keep lookin'. Maybe buy a small vps.

* Its run locally (no heroku), my IP, same as the page ownership

If you're using it for page-related stuff, why not use facebook's api? It supports page-to-user communication. https://developers.facebook.com/docs/messenger-platform

moved to local server, no difference. still gets blocked.

852

Was this page helpful?
0 / 5 - 0 ratings