CAPTCHA is automatically enabled to protect your account from spam when you allow anyone to submit tickets. That means users who are not signed in may be prompted to complete a verification test before they can submit a ticket.
This article contains the following sections:
About CAPTCHA
Allowing anybody to submit tickets might lead to some spam email appearing as tickets in your Zendesk account. Requiring users who are not registered and signed in to confirm they're human before they can submit a ticket goes a long way to prevent spam.
Zendesk uses Cloudflare's bot detection and management software to prevent bots and malicious traffic. Most users can simply confirm they're human without having to solve a CAPTCHA. A risk analysis engine predicts whether the user is a human or an abusive agent. If the engine isn't sure, it displays a CAPTCHA that the user must solve before they can submit a ticket.
The risk analysis engine prompts or doesn't prompt requesters for a CAPTCHA based on whether the request matches certain criteria, such as:
-
Having a bot score that is lower than the threshold
- Excluding verified bots (such as search crawlers)
-
An /hc path exists
-
For your login: https://yoursubdomain.zendesk.com/auth/v2/login/
-
For your sign up: https://yoursubdomain.zendesk.com/auth/v2/login/registration
-
For ticket submissions: https://yoursubdomain.zendesk.com/hc/en-us/requests/new
-
CAPTCHA is enabled by default, including on the Sign Up page, and can't be disabled. CAPTCHA is not available with the Web Widget (Classic).
CAPTCHA FAQs
The following sections cover CAPTCHA frequently asked questions:
Why do I only see CAPTCHA sometimes?
Cloudflare’s Bot Management tool analyzes all Zendesk traffic and scores it based on how likely it is to come from a human or a bot. CAPTCHAs appear when traffic is scored within a certain threshold, as it is mostly meant for bots. A bot score of <5 emphasizes just how strict we are on bots in particular.
It is extremely rare that traffic from an actual human is misclassified as bot traffic by Cloudflare.
What is a bot score?
Requesters are prompted for a CAPTCHA if the request matches certain criteria, such as a certain bot score. A bot score is a score from 1 to 99 that indicates how likely that request came from a bot. For a score of 1, there is high confidence the request was automated, while a score of 99 means there is certainty the request came from a human.
Why am I facing an error when rendering a CAPTCHA?
Ad blockers can turn off CAPTCHAs in certain browsers and older browsers may experience issues displaying CAPTCHAs (see Frequently asked questions about Cloudflare bot products).
Why is my automation application or good bot getting blocked?
If you are running a good bot and it's still being blocked, contact Zendesk Customer Support.
What does Cloudflare bot management track?
-
Scenario: You are running a good automation or a good
bot on the request
form or the anonymous
requests
API.
Cloudflare bot management does not track traffic on the API. It does track traffic on the form, even though it is not expected that the form has any traffic.
-
Scenario: You have a custom web form for ticket submission.
Cloudflare bot management tracks the traffic for all custom web forms going through ticket submission.
Is CAPTCHA on for host mapped accounts?
Cloudflare bot management tracks the traffic for host mapped accounts. CAPTCHA is enabled by default when you allow anybody to submit tickets and can't be turned off.