When I access to my telegram-bot, after some time, it requires user authentication with the text:
"Stand by…
Hi there!
Before We Can Continue We Need To Verify That You’re a REAL User"
When this message appears it seems session is closed, and the user can’t receive Bot notifications, until user authenticates.
I can’t understand why this authentication is required if I am storing each user telegram_id.
6
Answers
I discovered what was wrong!
Lev Vasilyev answer made me think if somebody was able to get my bot_token. So, I changed it. And, the authentication message no longer appeared.
It´s important to get into telegram allowed devices, and delete not authorized accesses.
My bot has ""Stand by… Hi there! Before We Can Continue We Need To Verify That You’re a REAL User" too.
When I proceed and send authentication code and sms from Telegram was received I had been authorized as Samsung Galaxy s20 5g from Seychelles ip adress which was not mine… This was very strange. If anybody had that experience please post your answer too. Maybe somebody had stolen my bot …Sorry if my English not very correct and nice. I hope you understand.
Just had the same issue!
I guess, someone scraped my bot-token from public repository and tried to steal my account. NEVER leave your bot-token in public rep!!!
Detailed description for others to find this thread:
Bot sent, what it was programmed to do and then
"Hi There!
Before We Can Continue We Need To Verify That You’re A REAL User"
Telegram sent me login code -> I entered it (yeah, I’m dumb)
Bot printed
"Please reply with your 2FA (Two Factor Authentication / Two Step Verification) code"
then
"Timeout has been reached , pleaase try again."
(I like the pleAAse part, where you understand it was totally fake)
Telegram said it was
Your bot token might have exposed on git.
You need to change the token.
Instead of hard coding it in the code, pass it as an environment variable.
I had the same problem, changed the Token and resolved the problem. I needed set the webhook again to work.
All replies are correct:
your token has been stolen and used by hackers, once you enter your credentials – you will see unknown sessions in your telegram.
Change token via BotFather and do not publish it in public places.
If you have already put your cred’s to the telegram bot – you need to change the password immediatelly.