YandexDisk problem

What is the problem you are having with rclone?

when you execute the command rclone authorize "yandex" and open browser's link (smth like http://127.0.0.1:53682/auth?state=Nw8ptZP__d2kFzabZkrltg) you'll see the message from yandex:

    This client is blocked due to malicious actions and thus denied access (unauthorized_client)

After that in console you'll see the message:

2020/02/21 11:27:04 Failed to configure token: Error: Auth Error
Code:
Description: No code found returned by remote server.

What is your rclone version (output from rclone version)

tested in two vesions:

1. rclone v1.51.0-044-g481c8a40-beta

• os/arch: linux/amd64
• go version: go1.13.8

2. rclone v1.49.5

• os/arch: linux/amd64
• go version: go1.12.10

Which OS you are using and how many bits (eg Windows 7, 64 bit)

Operating System: Debian GNU/Linux 10 (buster)
Kernel: Linux 4.9.0-11-amd64

Which cloud storage system are you using? (eg Google Drive)

Yandex Disk

That looks like a message from your local machine's virus scanner/malware or something along those lines. You'd need to allow the traffic out from your application so you can authorize.

I tried to make an authorization on two different machines, and result is the same. The message about blocked ID comes from yandex, not from my local machine. It looks like yandex banned rclone client ( described here: https://github.com/rclone/rclone/blob/3a1b41ac2222b932de59868b00e7211ec5a698d2/backend/yandex/yandex.go )

2020-02-21_14-21-26716×504 16.9 KB

Yep, looks to be correct as I just tested as well. Not sure what normally happens with Yandex if they'll remove it or not.

I've got a message from yandex.disk support:

Дело в том, что программа Rclone позволяет использовать Яндекс.Диск в качестве инфраструктурного компонента, а Яндекс.Диск - это персональный сервис, который не рассчитан на решение таких задач. Поэтому мы не поддерживаем работу связки Rclone - Яндекс.Диск.

The thing is that the rclone program allows to use yandex.disk as infrastructural component, but yandex.disk is personal service that isn't designed to solve such cases. Therefore we do not support the work with rclone.

Hmm, that is annoying! I noticed that the integration tests failed this morning with the same error.

Did anyone try making their own client_id? I can't remember how you do that at the moment - if anyone does find the page can they post it here?

Also does setting --user-agent make a difference?

I think best solution for such cases will be giving user the opportunity to set his own client_id and secret with command line parameters.

Already present: Yandex

Link to the relevant issue on github https://github.com/rclone/rclone/issues/3989

It's fairly easy to create your own token here. It's probably advisable to also set a custom user-agent. Note that applications are supposedly reviewed manually but appear to be approved instantly right now.

Does setting a new client_id fix the problem?

Yeah it does but it's definitely not a real solution given that they may or may not manually review these applications.

I put a ticket in with support - I'll see what they say.

Yes I notice the same for myself on 2 servers past some weeks, Yandex has BLOCKED rClone's programattic access.

When you do rclone authorize "yandex"
it opens the Authorization page. As shown in the screenshot, if you hover over the button "I understand the risk", it will show you error message :

This client is blocked due to malicious actions and thus denied access

yandex-error1915×1195 245 KB

How to get a new client_id from Yandex?

I've tried to register new application, but my request was rejected without any explanation.

Untitled-1506×576 24 KB

I was able to pass the client registration by using other callback port (not 53682). But I had to rebuild Rclone for this.

How to ask rclone authors and developers to add change id and change client ability?
I would like to continue using Yandex.Drive, I bought two years ago...

There is this opportunity to set or change client id.

With such hostile position of Yandex team towards open-source software we'd rather need switches to mask Rclone (callback port and user agent). But I'm not sure if they are worth it. There are tons of alternative clouds.

That would be a relatively easy option to make if someone wanted to send a PR?