Carding issue - can't turn on Super Bot -> Definitely automated

purchasing2 · July 12, 2022, 11:23am

We’re being targeted by carding bots (where they try to use 1000s of cards to test which are valid for small purchases).
In the Super Bot Fight Mode config is a setting Definitely Automated. If we enable this then the bots stop but a 3rd party ERP service cannot communicate to exchange stock and order updates. We told them of your good-bot registration form but they have responded with:

After further investigations, it seems that even if we fill the bot protection form, that shouldn’t be enough to not be blocked by Cloudflare.

We think the best solution for you would be to allow at Cloudflare level the IP to prevent Cloudflare to block it.

On our side, there’s not much more we can do to prevent Cloudflare to block the calls made to your server.

Is there a way that we can change Definitely Automated to either Blocked or Managed Challenge (don’t know what this last one does) and at the same time allow the ip address above through?

Thanks

Patrick

KianNH · July 12, 2022, 11:24am

IP Access Rules are the only way that might ‘overrule’ Bot Fight Mode - if your ERP service is coming from a static IP then try allowlisting them in Create an IP Access rule · Cloudflare Web Application Firewall (WAF) docs

system · July 27, 2022, 11:24am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Create an IP Access rule + SBFM Security	1	1340	August 22, 2022
Bot Protection Blocking My Creit Card Processor Security	4	10	February 18, 2025
Firewall allows requests but Super Bot Fight blocks them Security	4	2483	December 17, 2021
How to whitelist a robot with specific IPs in Pro Plan? Getting Started	4	3189	March 19, 2022
The Never-Ending Nightmare of Bot Fight Mode blocking legitimate APIs Security	2	3771	October 12, 2022

Carding issue - can't turn on Super Bot -> Definitely automated

Related topics