Suspicious login attempts detected on Auth0

I’m receiving frequent notifications from Auth0 about “suspicious logins.”


  • Auth0 detected an excessive number of failed login attempts from one or more IP addresses.
  • The IPs associated with the suspicious activity have been blocked.
  • Individual IPs can be unblocked using Auth0’s Management API.


  1. Should I keep the blocked IPs blocked, or should I unblock them?
  2. Will these unauthorized access attempts increase my communication costs or network load?
  • If so, what are some countermeasures I can take?
  1. The logs indicate that the attempts are made at one-hour intervals, suggesting the possibility of scripted attacks.
  • Does Auth0 have any features to detect such scripted attacks?

Additional Information:

  • I am using Auth0 for user authentication.

Please advise on the best course of action.

Hey there @segiryamya welcome to the community!

You should keep them blocked.

Yes, these access attempts can indeed increase network load and communication costs. Auth0 does provide built-in rate limiting that varies by subscription level. Make sure attack protection features are enabled as well.

Yes, Bot Protection is specifically designed to protect against scripted/automated attacks.

1 Like

Thank you for the solution. It was very helpful.

1 Like

Awesome, happy to help! :slight_smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.