My Heroku app (RoR) started to throw this error when someone tried to sign_in via facebook.
(#5) Unauthorized source IP address
I've just launched QuotaGuardStatic as a cheaper alternative to Proximo. Works on Heroku but you have to sign-up directly for now as we are only in alpha testing as a Heroku add-on.
This was happening because the IP address of my heroku machine (shared with another apps) was blacklisted by facebook.
A simple restart of my heroku app solved the issue.
I contacted Heroku support, and they told me they can do nothing about it, and it's fair enough, facebook is the one blocking incoming connections for that IP.
They suggested me an static IP solution, and contact facebook to whitelist my IP, and they suggested me an AddOn for that. Proximo, can make your app have a static IP address, but i think it's no very scalable (too expensive). (I have not tried this yet)
So, i saw this post talking about use a micro linux EC2 instance on Amazon, with a proxy server to make a static IP here, and i think that if the problem persist, i'm going to try it.
Edit
In this facebook bug report here, facebook crew said that they will keep blocking incoming connections from any malicious app, and if your IP is shared with one of them, there's nothing they can do about it. They also suggested a static IP solution, if you want to be sure that this issue is neve going to happen again.