I’m receiving frequent notifications from Auth0 about “suspicious logins.”
Details:
Auth0 detected an excessive number of failed login attempts from one or more IP addresses.
The IPs associated with the suspicious activity have been blocked.
Individual IPs can be unblocked using Auth0’s Management API.
Questions:
Should I keep the blocked IPs blocked, or should I unblock them?
Will these unauthorized access attempts increase my communication costs or network load?
If so, what are some countermeasures I can take?
The logs indicate that the attempts are made at one-hour intervals, suggesting the possibility of scripted attacks.
Does Auth0 have any features to detect such scripted attacks?
Additional Information:
I am using Auth0 for user authentication.
Please advise on the best course of action.
tyf
May 17, 2024, 4:56pm
3
Hey there @segiryamya welcome to the community!
You should keep them blocked.
Yes, these access attempts can indeed increase network load and communication costs. Auth0 does provide built-in rate limiting that varies by subscription level . Make sure attack protection features are enabled as well.
segiryamya:
The logs indicate that the attempts are made at one-hour intervals, suggesting the possibility of scripted attacks.
Does Auth0 have any features to detect such scripted attacks?
Yes, Bot Protection is specifically designed to protect against scripted/automated attacks.
1 Like
Thank you for the solution. It was very helpful.
1 Like
system
June 3, 2024, 4:45pm
6
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
