We are on Cloudflare Pro and we’re experiencing a credit carding attack where bots are attempting dozens of fraudulent credit card purchases on our website. Our credit card processor keeps rejecting them but we still need to stop the bots. We would like for Cloudflare to suggest settings that could stop the bots without hindering the checkout process for customers with a ReCaptcha.
What steps have you taken to resolve the issue?
We have tried using Google Recaptcha in the checkout process but it may be reducing sales because customers get frustrated with it or Google Recaptcha could be setting off false positives.
Was the site working with SSL prior to adding it to Cloudflare?
You can use a managed challenge for the page by creating a custom WAF rule. In most cases the user will see a challenge screen for a short period, or just have to check a single box.
Or use Turnstile…
As you are on a Pro plan, you can use Super Bot Fight Mode…
Try setting your security level to high so IP addresses with a poor reputation are blocked.
Or you can start adding the IP addresses or ASNs of the bots as custom WAF rules to just challenge or block those.
Thank you. In our checkout process, we had Google ReCaptcha turned on, but it was not working. We have turned on Super Bot Fight Mode. We’re hoping it will help with stopping the bots going through our website and stopping credit card attacks. The only setting we have turned on is “Definitely automated”. We don’t have any other settings within Super Bot Fight Mode turned on. Do you have an opinion on this?