Suspicious IPs

The risk of login attempts from suspicious IP addresses represents a significant security concern for any app. These attempts often indicate malicious intent, such as unauthorized access attempts or brute force attacks, where attackers try to gain entry by repeatedly guessing usernames and passwords. Such activities can potentially lead to data breaches, unauthorized access to user accounts, and the compromise of sensitive information. To mitigate this risk, robust security measures such as IP blocking, multi-factor authentication, and monitoring for unusual login patterns are essential. Vigilance and proactive security measures are crucial in safeguarding user data and maintaining the overall integrity of the app.

Configure suspicious IPs

In the Frontegg portal

You can choose from the following actions when a suspicious IP is detected:

• Allow - Let the user continue to the app.
• Challenge - Challenge the user with MFA. If they pass, they can continue to the app.
• Block - Block their login.
• Lock - Lock the user.

How the end user experiences suspicious IPs on login

• Allow - The user is allowed to continue to the app.
• Challenge - The user will get an MFA challenge. If they pass, they continue to the app. If they fail, their login gets blocked.
• Block - The user will receive a failed login message.
• Lock - The user's account will be locked.

Unlock account email

When users are locked out due to suspicious IP activity, you can enable the Send unlock account email option to allow them to unlock their account via email.

If you enable the Send unlock account email option, users will receive an email allowing them to regain access to their accounts.

Analyzing suspicious IPs in your app

Security events

If you’re curious how many times suspicious IP login events happen in your app, you can view them over time in Security Events to see when and where they occurred.

Logs

Coming soon!