Suggestions To address attacks from Suspicious IPs

Problem statement

We are experiencing phishing attempts on our USER accounts. This could range from Social Engineering attacks to Brute force attacks. Attackers also create fake signup accounts. Any suggestions about how to address those attacks?

Solution

Here are a few solutions that can apply:

  1. If your customer base is in a particular Geolocation, perhaps we can block all IPs from other countries. Please open a Support ticket.

  2. If you have a self-managed Custom Domain, you can apply blocks on the IPs at the reverse proxy level. You can also get more detail by logging on to the reverse proxy to find more details on the attacker.

  3. In the Rules/Actions pipeline, you can access GeoIP details to apply blocks in the extensibility pipeline. But this option allows an attacker to still mess with the endpoints and hence consume the rate limits.

  4. If you do not have yourself managed Custom Domain but instead use Auth0 hosted domain, which uses Cloudflare proxy, please open a support ticket.