Invalid Authentication attempts coming from unauthorised IPs

Our application is authenticating users using an email passwordless connection.
We have found in the Auth0 Logs that every single successful authentication attempt is mirrored by a number of failed authentication requests coming from IP addresses in unknown locations.

Is this something that may be cause by a configuration error or could this be caused by someone actively trying to get access to our application?

The attachment contains an example of a failed request. The user_agent is always “Chrome 70.0.3538 / Windows 10.0.0” on these invalid requests.

auth0-logs1301×351 34.1 KB

Hi @george.stoica ,

Welcome to Auth0 Community!

I don’t think this is caused by some configuration issue in your Auth0 tenant. This looks like someone actively trying to login to your application.

Do you have any application access logs that aligns with the timeline of these requests?

Hi @supun ,

Went through the application logs but could not find anything helpful.

This is what i got from the Auth0 Logs

image1328×442 31.9 KB

We found that these errors do not happen when logging in using a username/Password login.

Also the errors started happening without us making any configuration changes on our web app or on Auth0.

We found similar issues previously reported that look similar. Could these be related?

• "Wrong email or verification code" on Magic Link click
• https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwici5K15_XxAhUxzjgGHXYFBokQFjABegQIBhAD&url=https%3A%2F%2Fcommunity.auth0.com%2Ft%2Frandomly-getting-wrong-email-or-verification-code%2F44592&usg=AOvVaw3Xi7V2hcpVToxnyFb1W-JQ
• https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwici5K15_XxAhUxzjgGHXYFBokQFjACegQIBBAD&url=https%3A%2F%2Fcommunity.auth0.com%2Ft%2Fauth0-and-passwordless-wrong-email-or-verification-code-error%2F25395&usg=AOvVaw1GHzBV6RQ8L_454tGbS3vF