Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security » About User enumeration scan (author archives) in Logs

  • Resolved cooina

    (@cooina)


    Hi,

    i see this in Ninja log 01/Apr/19 22:58:16 #1065472 HIGH – 79.143.xxx.xx GET /index.php – User enumeration scan (author archives) – [author_name=xxx] – myblog

    Everything is ok, beside that ip address is of my hosting provider, and every time i log in to my blog, i found that entry in NinjaFirewall log, that match my login time…why is that? i’s that ok?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    It looks like for whatever reason (a plugin or a theme?), your blog is accessing the author archives page when you log in. And since you have enabled the “Protect against username enumeration > Through the author archives” policy, NinjaFirewall blocks it.

    Hi,

    I got the same logfile entries, entries are eg
    10/Apr/19 20:41:14 #4957168 HIGH – xxx.xxx.xxx.xxx GET /wp-admin/post.php – User enumeration scan (WP REST API) – [/wp-admin/post.php?post=905&action=edit&message=4] – xxxx.xxxx.de

    And there are a lot, at times like every 10-20 seconds!
    The strange thing, it is my own IP which is logged …
    Any idea what is causing this?

    Thank you

    Plugin Author nintechnet

    (@nintechnet)

    @sthuber : it looks like you are not whitelisted by the firewall.
    Are you administrator when it happens?

    @nintechnet : ah, good hint, I started working on an editor account which previously was an Administrator. So I should just whitelist this account to stop the alerts?

    Still I don’t get why this user enumeration is happening from my browser (I suppose) …

    Plugin Author nintechnet

    (@nintechnet)

    It is blocked while you are editing a post with the new editor because you have the “Protect against username enumeration > Through the WordPress REST API” policy enabled.
    You can either disable the policy, or whitelist the account.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.