[jwt_auth] authentication_failed” Brute Force detected with iThemes

  • William

    (@englishanywhere)


    4 years, 7 months ago

    When iThemes is de-activated, the call succedes.
    When iThemes is activated with Worpress tweaks enabled, (WordPress Tweaks->Rest API=Default Access) calls to the api endpoint below from postman result in the error message
    {
    “code”: “[jwt_auth] authentication_failed”,
    “message”: “Error: Invalid username, email address or incorrect password.”,
    “data”: {
    “status”: 403
    }

    and the ithemes log shows a Brute Force attempt:(Local and Network Brute Force Protection is DISABLED)
    Type Notice
    Description Invalid Login
    Timestamp 2020-04-19 11:47:08
    Host 141.101.76.77
    User
    URL https://xxxx.com/wp-json/jwt-auth/v1/token
    Login Source REST API Authentication
    Raw Details

    Hide Raw Details

    id => 10072
    module => brute_force
    type => notice
    code => invalid-login::username-yyyy
    timestamp => 2020-04-19 09:47:08
    init_timestamp => 2020-04-19 09:47:08
    remote_ip => 141.101.76.77
    user_id => [empty string]
    url => https://xxxx.com/wp-json/jwt-auth/v1/token
    memory_current => 25077040
    memory_peak => 25228744
    data => Array
    details => Array
    source => rest_api
    authentication_types => Array
    0 => cookie
    user => null
    username => yyyy
    user_id => [integer] 0
    SERVER => Array
    HTTP_CDN_LOOP => cloudflare
    HTTP_CF_CONNECTING_IP => 89.246.123.242
    HTTP_CF_REQUEST_ID => 02336eb44c00007281f49c7200000001
    HTTP_CONTENT_TYPE => multipart/form-data; boundary=————————–642232742368614017542527
    HTTP_POSTMAN_TOKEN => 4aeb0878-8383-440f-8c56-d72df510c923
    HTTP_CACHE_CONTROL => no-cache
    HTTP_ACCEPT => */*
    HTTP_USER_AGENT => PostmanRuntime/7.24.1
    HTTP_CF_VISITOR => {\”scheme\”:\”https\”}
    HTTP_X_FORWARDED_PROTO => https
    HTTP_CONTENT_LENGTH => 320
    HTTP_CF_RAY => 5865b3cd4d8e7281-AMS
    HTTP_X_FORWARDED_FOR => 89.246.123.242
    HTTP_CF_IPCOUNTRY => DE
    HTTP_ACCEPT_ENCODING => gzip
    HTTP_CONNECTION => Keep-Alive
    HTTP_HOST => xxxx.com
    HTTPS => on
    SERVER_PROTOCOL => HTTP/1.1
    SCRIPT_FILENAME => /home/xxxx.com/public_html/index.php
    CONTENT_LENGTH => 320
    CONTENT_TYPE => multipart/form-data; boundary=————————–642232742368614017542527
    REQUEST_METHOD => POST
    REQUEST_TIME_FLOAT => [double] 1587289627.946
    REQUEST_TIME => [integer] 1587289627

    —————————————————-
    The .htaccess file contents are:
    # BEGIN WordPress
    # The directives (lines) between BEGIN WordPress and END WordPress are
    # dynamically generated, and should only be modified via WordPress filters.
    # Any changes to the directives between these markers will be overwritten.
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule ^(.*) – [E=HTTP_AUTHORIZATION:%1]
    SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    Server Running php 7.2, nginx.
    All Plugins up to date. WordPress Version 5.4
    iThemes Settings:
    Local Brute Force Protection:Disabled
    Network Brute Force Protection: Disabled
    System Tweeks: Disabled.
    Wordpress Tweaks:
    XML-RPC: Enable XML-RPC
    Multiple Authentication Attempts per XML-RPC Request: Allow
    REST API: Default Access
    Mitigate Attachment File Traversal Attack: Checked

  • The topic ‘[jwt_auth] authentication_failed” Brute Force detected with iThemes’ is closed to new replies.