Overview
This article explains how to block intermittent spam observed in Auth0 tenant logs that came from an /authorize URL. The error looks like this:
Type: Failed Login, Description
Unknown client:
Cause
The spam comes from sending /authorize repeatedly where an error is thrown, indicating that the attacker’s access to App was blocked. However, this resulted in spam logs. These logs cannot be removed because that is the source of truth for knowing what happened in the tenant.
Solution
- Ensure Attack Protection features such as Brute Force, Bot Detection, and Suspicious IP Throttling are enabled.
- Reach out to Auth0 Support to set up a managed challenge.