Skip to main content

Introduction

SuperTokens Bot / Spam detection is a powerful security feature designed to identify and prevent suspicious activities in authentication and user sessions. It leverages various detection methods to enhance the security of your application.

important

This feature is currently in beta and not enabled by default. You can find out how to enable this feature here.

Features#

Brute Force Attack Detection#

Watches how many times someone tries to do a specific action (such as logging in, resetting password, etc.) within a certain time. If there are too many attempts, it stops them to prevent bad actors from compromising accounts.

Password Breach Detection#

Checks passwords against a database of leaked passwords to see if they've been leaked before. This helps keep accounts safe by avoiding weak passwords.

Impossible Travel Detection#

Identifies potentially fraudulent login attempts by detecting geographically impossible travel between user sessions in a short time.

Bot Detection#

Identifies and prevents automated scripts or bots from performing malicious activities such as credential stuffing, account takeover attempts, or scraping sensitive data. It uses advanced algorithms to analyze user behavior, request patterns, and other indicators to distinguish between human users and automated bots.

Suspicious IP Detection#

Detects suspicious IP addresses that are known for malicious activities. This includes detecting the use of VPNs, TOR, proxy servers, or other network configurations that may be used to hide the user's true location or identity.

New Device Detection#

Recognizes when a user logs in from a new, previously unseen device. This helps find possible unauthorized logins.

Device Count Tracking#

Monitors the number of unique devices associated with a user account. This helps spot unusual account use.

Requester Detection#

Recognize and remember devices and requester details, even when they try to disguise themselves. This helps track and identify the same device or requester across multiple login attempts, improving security and user recognition.

Flow diagram#

The Bot / Spam detection service is typically integrated into your authentication flow. It processes requests and provides risk assessments that you can use to enforce additional security measures, such as requiring two-factor authentication for suspicious logins or blocking high-risk attempts altogether.

By leveraging these advanced detection methods, SuperTokens Bot / Spam detection significantly enhances your application's security posture and helps protect your users from various types of account compromise attempts.

Below is an high level overview of how this works:

Bot / Spam detection flow

Recipes integration#

Different recipes have different ways of integrating with the Bot / Spam detection feature.

Passwordless#

When using the passwordless recipe, the only check should be brute force detection. Other checks are not needed as the passwordless flow by itself prevents bot attacks.

Email Password Login#

When using the email password login recipe, bot detection (and possibly other checks) should be used along with brute force detection.

Phone Password Login#

When using the phone password login recipe, bot detection (and possibly other checks) should be used along with brute force detection.

Social/enterprise Login#

When using these types of recipes, there should be no checks used.