WAF Not stopping carding attacks

user52119 · July 1, 2024, 6:44pm

What is the name of the domain?

What is the issue you’re encountering

We’ve been getting a lot of carding attacks on our woocommerce store so we decided to add a WAF managed challenge to the /checkout page. However it doesn’t seem to be stopping anything or to be working. On the WAF dashboard the CSR is 0%. Carding attacks still coming through. Help would be appreciated. Thanks

What steps have you taken to resolve the issue?

Checked connection to website,
Tried changing managed challenge to interactive and nothing changes, checkout page loads fine without any challenge popping up.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

cloonan · July 3, 2024, 12:06am

Can you try Full (strict)?

Can you see the attack in your event log? https://dash.cloudflare.com/?to=/:account/:zone/security/events

user52119 · July 3, 2024, 12:21am

It is on full (strict). And can’t see anything on the activity log

cloonan · July 3, 2024, 4:55am

They may be bypassing cloudflare and hitting your server directly, if so, your hosting provider should be able identify that traffic. If that is the case, review this

When configured, your origin will only serve requests from Cloudflare.

system · July 18, 2024, 4:56am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Woocoomerce - Cloudflare conflict? Getting Started	15	2388	October 19, 2019
Credit carding attack - Which security settings should I use? Security	3	60	January 5, 2025
Cloudflare is not able to help me! Security	2	2319	June 19, 2021
Fraudulent Credit Card Bot (URGENT) Security	3	2551	July 2, 2022
CC Bill not working correctly with Cloudflare settings? General	2	1869	September 26, 2021