Overview
The log says that an end user was blocked by Brute Force Protection. However, the user does not show up in the search results on the dashboard and cannot be unblocked from the UI.
User (test@example.com) attempted 10 consecutive logins unsuccessfully. Brute force protection is enabled for this connection, further attempts are blocked from this IP address for this user.
{
"client_id": "xxx",
"client_name": "test",
"connection": "custom-database",
"connection_id": "con_xxx",
"date": "2024-09-25T06:17:54.056Z",
"description": "User (test@example.com) attempted 10 consecutive logins unsuccessfully. Brute force protection is enabled for this connection, further attempts are blocked from this IP address for this user.",
"hostname": "example.com",
"ip": "x.x.x.x",
"type": "limit_wc",
"user_agent": "Chrome 129.0.0 / Mac OS X 10.15.7",
"user_id": "",
"user_name": "test@example.com",
"log_id": "0000",
"tenant_name": "test",
"_id": "0000",
"isMobile": false,
"id": "0000"
}
Applies To
- Brute Force Protection
- Blocked User
Cause
This happens when:
- The application uses a custom database.
- The user hits the Brute Force Protection threshold (the number of failed login attempts).
As a result, the user is blocked before the profile data is created in the tenant.
Solution
Use Management API to unblock the user by identifier:
- Unblock by identifier
curl -L -X DELETE 'https://login.auth0.com/api/v2/user-blocks?identifier=test%40example.com'