Roon Security Alert: Crying Wolf?

I get one of these emails a day. The cumulative effect has been to ignore them. What is happening that causes these emails? I have a static IP for my core, dynamic for my Mac Remote. Would shifting Remote addresses cause this?

Which emails? From your router/firewall about port scans? See here:

Well, I could be wrong, but my alerts reference only my city (unlike the OP of the thread you sent), and I believe they were happening before ARC was released. Also, my alerts were sent via email by Roon.

The thread you sent me (btw, thanks) says to turn off upnp. But isn’t that what ARC needs to work?

Partially redacted email message follows:

It’s when you sign into the forum. PITA, ain’t it?

Oh OK, totally different thing then, ignore the above :slight_smile: I was obviously not sure which emails you meant, sorry.

I get those when I perform a new sign-in into Roon. E.g. into a new Roon installation, also of the mobile apps after fresh reinstall, into the Roon forum website on a new device, or if I log into the Valence page for artist picture edits.

Each time I get the email, I can correlate it clearly with such a sign-in by me; I never get spurious ones that are not associated with something I did.

If you get them daily although you didn’t sign in, I suppose there are three principal possibilities:

  1. Do you you sign into the forum website every day? Maybe Roon creates the email for each sign-in even on the same device. I don’t know because I live on the forum and never sign out :blush:
  2. Something is broken either somehow in your Roon installs or on the Roon servers for your account, which is creating spurious sign-in events.
  3. Someone in your general vicinity has your Roon sign-in credentials and is impersonating you on Roon (proper Roon or website/forum). (Probably unlikely but who knows)
1 Like

That raises a question: what triggers the “danger” email? I always thought it was something to do with the Roon app components. I didn’t consider the forum; but even so, I almost never sign out.

I mentioned in the previous post all that I know that triggers it. I believe they take forum logins seriously because the forum credentials are your general Roon credentials.
But if you rarely log out from the forum, then I don’t know.

1 Like

I get one every time I login. Roon is simply alerting you there’s a new login. Just ignore them if the login was indeed you.

You should stay logged in, after you’ve done it once… is your browser (or helper extension) set to delete cookies/cache? I needed to add an exception for Roon.

I have been getting them of late , with logins from existing PC’s , no new gear for at least 6 months.

I don’t even have ARC connected

It always reports my city as well

Does it always happen after some action on your part? Perhaps you should change your Roon password :wink:

No just every now and again. I am restarting ROCK maybe 2 or 3 times daily not every start causes it by any means it seems random. My IP address probably changes for each start but always 192.168.0.xxx

It may be (as @mikeb suggests) that your web browser is set to clear cookies when the browser is closed (e.g. when you shut down your PC at the end of the day). The following day when you open the browser and go to the forum, your browser may well sign you in automatically, but because the website cookies have been deleted, Roon Labs sees this as a new signin and triggers the security email.

For my Edge browser, the relevant settings to check are here:

I get them, too. Just now, as I log into the community on my usual laptop, I received the 13th such message of 2023. But now, it states the correct city (as in 10/13 cases). A few days ago it was a different (much smaller) city, 100 km (60 miles) away, and 2/10 cases it was Amsterdam (125 km or 75 miles away) which is home to AMS-IX, so that’s less of a surprise.

@accounts, How accurate is Roon’s IP Geolocation? Or alternatively, how worried should I be?

Roon is only going by what it’s told about geolocation (probably by your ISP). Personally I wouldn’t be worried by your examples.

1 Like

Hey @Jan_Prummel,

I am sorry that Roon’s Security Alerts are adding up :frowning_face:

When it comes to the IP geolocation (just like @Geoff_Coupe mentioned :pray:), it is hardly accurate. It depends on your Internet Service provider.

I ran into an article that explains a little more how common this is (article is found here).

IP based geolocation services can only provide an approximate measure of geolocation accuracy. With these services, you can obtain:

  • 95 percent to 99 percent accuracy of a user’s country.
  • 55 percent to 80 percent accuracy for a user’s region or state
  • 50 percent to 75 percent accuracy for a user’s city.

In practice, the actual accuracy may vary from provider to provider and depending on the location of the device. For instance, IP based geolocation services typically work better in big cities and work less well in smaller ones.