Carding issue - can't turn on Super Bot -> Definitely automated

We’re being targeted by carding bots (where they try to use 1000s of cards to test which are valid for small purchases).
In the Super Bot Fight Mode config is a setting Definitely Automated. If we enable this then the bots stop but a 3rd party ERP service cannot communicate to exchange stock and order updates. We told them of your good-bot registration form but they have responded with:

After further investigations, it seems that even if we fill the bot protection form, that shouldn’t be enough to not be blocked by Cloudflare.

We think the best solution for you would be to allow at Cloudflare level the IP to prevent Cloudflare to block it.

On our side, there’s not much more we can do to prevent Cloudflare to block the calls made to your server.

Is there a way that we can change Definitely Automated to either Blocked or Managed Challenge (don’t know what this last one does) and at the same time allow the ip address above through?

Thanks

Patrick

IP Access Rules are the only way that might ‘overrule’ Bot Fight Mode - if your ERP service is coming from a static IP then try whitelisting them in https://developers.cloudflare.com/waf/tools/ip-access-rules/create/

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.