I would like to suggest restricting the use of email addresses linked to CFX accounts when submitting server reports.
Currently, it appears that anyone can file a server report using an email address without being signed into the CFX account. As a result, my email address has been abused to submit fake reports to random servers.
Because of this, my email now seems to be bugged/blocked or flagged. I’m no longer able to access any reports associated with my address. When I try to log in to check for open tickets, I receive the error message: “ERR_TOO_MANY_REDIRECTS.”
Implementing a requirement to be signed into the associated CFX account before submitting a report could help prevent this kind of misuse.
You’re responsible for the security and usage of your email and other accounts, make sure that you’re the only person that has access to it - run an antivirus scan, change your passwords, enable 2FA where possible etc
I think you are misunderstanding. The issue is that anyone can submit a server report using any email address, without any verification from CFX.
This means there is no confirmation that the person submitting the report actually owns the email address they are using. As a result, if someone knows your email address, they can abuse it to file server reports without any form of verification.
This lack of verification is the main problem and can easily lead to misuse.
Yes, exactly. Anyone can submit a report using someone else’s email address. If you then log into your ticket panel, you may see reports created by someone else using your email to report random servers.
As mentioned, there is no verification process to confirm that the person submitting the request actually owns the email address. As far as I understand, a ticket is created even if the user is not logged in.
For regulatory purposes, we have to let unauthenticated users submit requests, and they can indeed use any incoming email address, but this is flagged inside our CRM that the request was not submitted by an authenticated user, and we will go through verification steps with a requester if the request is deemed sensible enough to justify it.
For your error, have you tried to login to support.cfx.re in a different browser or incognito tab and are you still experiencing this error? Having a third-party send requests on your behalf will not lead to your account being blocked from accessing our support site.
I already tried clearing cookies and using different browsers, but nothing helped. The problem only happens on my account — on my friend’s account everything works fine on the same device.
I also cannot access or read any support responses because of this.
