Know if a user is blocked by brute force protection

lucas.gonzalez · July 19, 2022, 12:50am

Hi, I want to know if there’s any way to catch if a user is or has been blocked after X number of failed attempts.

I was thinking of a rule, action, or hook that could catch when the user gets blocked so we can use some logic, like sending an SMS from our system to global admins.

Something like:
User ---> Login attempt ---> action check if user will be/has been blocked ----> Some logic in action, rule or hook

I hope we can find a solution together.
Thanks.

rueben.tiow · July 19, 2022, 1:39am

Hi @lucas.gonzalez,

Thanks for reaching out to the Auth0 Community!

I understand that you would like to know how to know if a user is blocked by brute force protection.

To do so, I recommend using the Management API’s Get a user’s block endpoint and set the consider_brute_force to true. By doing so, you can determine if the user is blocked by brute force protection.

I hope this helps!

Please do not hesitate to reach out if you have any further questions.

Thank you.

josiah_devizia · January 10, 2023, 7:29pm

Hi @rueben.tiow,

I’m looking to show in a User Grid the status of users, which needs to consider if they are blocked. I have noticed that if the user is blocked due to brute force protection, the search user endpoint doesn’t return any properties indicating that the user is blocked. I would have expected that the blocked attribute would show as true. Is there a way to achieve this without making a request to the user block endpoint for every user on the page?

Thanks

rueben.tiow · January 11, 2023, 12:44am

Hi @josiah_devizia,

Unfortunately, there isn’t an endpoint that can query for a list of brute-force blocked users.

I understand the current solution of using the Get a user’s block endpoint would not be scalable.

For now, my best recommendation is to use the Logs to find the users who are blocked from brute force. In the logs, search for the limit_wc log event type code.

Lastly, I recommend upvoting the Find brute-force blocked users in User Management panel feedback request. This way it can attract more votes, with higher votes leading to a higher implementation priority.

I hope this helps!

Thanks,
Rueben

system · January 25, 2023, 12:45am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Get a List of Brute Force Blocked Users Knowledge Articles brute-force , blocked-user	1	1265	September 15, 2023
The User is Marked "BLOCKED(BRUTEFORCE)" although the User IP is in the Allowlist of the Brute Force Protection Knowledge Articles brute-force , allowlist , blocked-not-working , ip-protection	1	243	July 2, 2024
Get a list of users blocked by bruteforce Get Help anomaly-detection , blocked-account , block	4	5264	September 15, 2023
List of locked users Get Help api	6	2987	March 4, 2022
Find brute-force blocked users in User Management panel Product Feedback	3	1882	January 24, 2024

Know if a user is blocked by brute force protection

Related topics