HomeAPI ReferenceSDKs
Guides
Help CenterSign up for Frontegg

Suspicious IPs

Suggest Edits

The risk of login attempts from suspicious IP addresses represents a significant security concern for any app. These attempts often indicate malicious intent, such as unauthorized access attempts or brute force attacks, where attackers try to gain entry by repeatedly guessing usernames and passwords. Such activities can potentially lead to data breaches, unauthorized access to user accounts, and the compromise of sensitive information. To mitigate this risk, robust security measures such as IP blocking, multi-factor authentication, and monitoring for unusual login patterns are essential. Vigilance and proactive security measures are crucial in safeguarding user data and maintaining the overall integrity of the app.

Prerequisites

There are no prerequisites for detecting suspicious IPs.

Configure Suspicious IPs

In the Frontegg Portal

You can choose from the following actions when a suspicious IP is detected

  1. Allow - Let the user continue to the app
  2. Challenge - Challenge the user with MFA. If they pass, let them continue to the app.
  3. Block - Block their login
  4. Lock - Lock the user

How the end user experiences suspicious IPs on login

  1. Allow - The user is allowed to continue to the app
  2. Challenge - The user will get an MFA challenge. If they pass, they continue to the app. If they fail, their login gets blocked.
  3. Block - The user will get a failed login message
  4. Lock - The user will have their account is locked

Unlock account email

When users are locked from account access due to suspicious IP activity, you can allow them to unlock their account via email by checking the 'send unlock account email' option.

🚧

Version prerequisites

To enables this feature, ensure you are using the following versions:

react v7.0.1
next v9.0.1
angular v7.1.0
vue v4.0.1

If you check the 'Send unlock account email' option, your users will receive an email allowing them to retrieve access to their accounts.

🚧

'Unlock account' and 'Unlock account success' email templates

Once you enable the 'Send unlock account email' toggle in your configuration, you must ensure that the 'Unlock account' email template is also enabled. Go to the [Environment_name] > Emails tab to do so. Additionaly, you can enable the 'Unlock account success' email to notify your users that their account has been unlocked successfuly.



Analyzing Suspicious IPs in your App

Security Events

If you’re curious how many times suspicious IP login events happen in your app, you can see them over time, along with where they happened in Security Events.

Logs

Coming soon!

Updated 3 months ago