Return to top


  • Michael Collins

    It is extremely rare that traffic from an actual human is misclassified as bot traffic by Cloudflare.

    1. Can we see an image of what it will look like to a customer upon traffic misclassification? Are "Zendesk" and "CloudFlare" front and center in the messaging on that page?

    2. Could you share some insight into how extremely rare defined? 1/100, 1/1000, or 1/100,000, or something else?

  • David Bjorgen

    Extremely rare? Our clients have been complaining about it for the past week. In addition, our internal staff is having to complete Captchas to access the administrative back end. How do we turn off this dysfunctional feature?

  • Chain Bridge Developers

    If you are running a good bot and want to have it added to the Cloudflare allowlist (cf.bot_management.verified_bot), contact your vendor to submit a request.

    We submitted this form and didn't get any response for 3 weeks now. Are you sure this form is the way to go?

    We think it is Zendesk who has to configure cf.bot_management.verified_bot in their Cloudflare dashbpard.

  • Matthias Gidda

    Does anybody else have the problem that due to this bot blocking thing, you cannot use SEO tools to crawl your Help Center anymore?

    We always used 3rd party tools to check for broken links.

  • Julien Maneyrol

    Hi there,

    Is it possible to force offering the CAPTCHA? We have had a massive spam attack from China a couple of weeks ago via one of our contact form from the help center.

    The spam attack was obviously done by a bot which used random emails from Chinese hosts IPs.

    We have disabled the form and cleaned up our Support (bulk delete spam and users), but we would like to be sure that this won't happen again before re-enabling the form.

    Thank you.

  • Martina Ksink

    Hello, we are experiencing the same problem as Julien. We had 900 spam tickets during one months via one of our contact forms. Those emails come from Chinese email addresses, following a special pattern (numbers@ a Chinese email provider). We don’t want to disable the contact form, so at the moment, we can only mark them as spam. Thus, we also would like to know if a CAPTCHA can be forced.

    Thank you!

  • Dion
    Zendesk Customer Care
    Hello Martina, 

    CAPTCHA is required when the setting "anyone can submit tickets" is enabled. You can check this article for more information: Managing End-Users. You can also block the domain of those senders by adding them to the blocklist. Please see this article for more information: Using the allowlist and blocklist to control access to Zendesk Support

    Hope this helps!

  • Ronan McHugh

    Hi Martina Ksink and Julien Maneyrol,

    Apologies for the delay in getting back to you. I've created tickets to follow up on your issues.

    Best regards,


  • Julien Maneyrol

    Hi @...,

    Thank you for following-up.

    The problem has been mitigated by removing placeholders in the automated reply.
    Still, being able to fine-tune CPACHA (enforce it under certain circumstances) would be really helpful and much more secure.

    Best regards,

  • Katrina Greeves

    Agree with David Bjorgen this doesn't seem to be rare as we've also had escalating issues with this for the last month across both staff and end users. We have also heard from one of our partners that this also impacted their Zendesk account. 

    Also agree with Chain Bridge Developers we also requested a cloudflare exception, but there's no confirmation, nor guidance about how to configure the user agent string or feedback on why our app is getting blocked to give us confidence in a solution. 

    It makes sense Zendesk has control over the configuration of Cloudflare rules, and a quick check found a fun unresolved conversation in the Cloudflare community with the same issue. 

    We've embedded ZD Guide into our app, but the more our users access it, the more the captcha appears! Clearly our app is triggering cloudflare, even though we use a standard Chrome user agent. We also use the web widget so we cannot disable "anyone can submit tickets" to remove the compulsory captcha.

    We feel stuck on a solution, so would love to hear from other users if they have found a solution / workaround. 

    From the Zendesk product side:
    A. Is there any opportunity to look at the Zendesk challenge solve rate to help minimise the impact to real humans?

    B. Is there any work planned to isolate cloudflare captcha to certain scenarios? e.g.

    1. submitting a ticket (enable captcha on the ticket if anyone is allowed to submit a ticket)

    2. viewing Guide (disable captcha - allow anyone to view guide using a validated browser / user agent)

    3. use web widget (disable captcha - allow anyone to view guide using a validated browser / user agent)

  • Nathan Cassella

    We've been experiencing the same issue that many users have brought up over the last month. All last year when I was my team was working on cleaning up our Guide; we didn't see a captcha once, now today alone, I've seen it five times in the last 30 minutes.

    This is making both our internal and external customers frustrated and throwing a wrench into my push to have our customers use self-service.

    When can we expect a resolution to this, or is this something else that's going to remain unresolved for years?

  • John Tieu

    Hi Julien Maneyrol

    We're seeing these spam tickets in Chinese as well. Can you clarify what you did to mitigate the issue? Did it permanently stop the spam?

    Thank you

  • Julien Maneyrol

    Hi John Tieu,

    I followed the instructions from this article: to remove placeholders that spammers target in our automatic replies.


  • Heather Rommel
    Community Moderator
    The Product Manager Whisperer - 2021

    Is Captcha also enabled for webwidget submitters or just Help Center form submitters?

  • Nara
    Hi Heather, at this time, Captcha is not available for the Web Widget in Zendesk. More information can be found towards the end of the Controlling Spam Tickets section in this article here.

Please sign in to leave a comment.

Powered by Zendesk