The Security Dashboard gives you visibility into authentication and access
events across PayPunch, and lets you block abusive IP addresses. Use it to spot
failed-login spikes, rate-limit hits, and other suspicious activity.
The Security Dashboard
Open Security from the sidebar. Four cards summarize activity: Total
Events, Critical Events, Blocked Events, and Failed Logins. Click
Refresh to pull the latest.
Recent security events
The Recent Security Events list shows each event’s severity (Critical,
High, Medium, Low), type, whether it was automatically BLOCKED, the
message, the source IP address, the endpoint, and a timestamp.
Filter the list by Severity (All / Critical / High / Medium / Low) and by
Type (Failed Login, Rate Limit, Invalid Token, Auth Failed, CSP Violation).
Block an IP address
Open the block form
Click Block IP to reveal the Block IP Address form.
Enter the details
Provide the IP Address, a Reason, and an optional Duration in
minutes. Leave the duration blank for a permanent block.
Block
Click Block IP. The address is added to your Blocked IP Addresses list.
Manage blocked IPs
The Blocked IP Addresses section lists each blocked address with its reason,
when it was blocked, and when the block expires. Click Unblock to remove an
address from the list.
Blocking an IP prevents anyone behind it from reaching PayPunch. Double-check the
address before applying a permanent block, and prefer a timed duration when
you’re unsure.
