Re: How to remove "I am not a robot" captcha

madhumita_jha · ‎07-15-2019

From 26th june 2019, for testing purpose when creating form using apvance tool text script, i am not able to create form when checking console then understand "I am not a robot" (security by cloudflare) captcha page is coming after clicking on submit and test failure message coming due to that.

So please anyone help me how to remove that "I am not a robot" (security by cloudflare) captcha page from my marketo forms.

image (2).png

Sonya_Stauffer- · ‎08-06-2019

We are having the same problem. Although, we are using the Forms 2.0 API, I believe our issue is because are network is NAT'ed to a signal public IP and thus Cloudflare thinks we are a bot or are denial of service attack since all our network traffic for our marketing users, developers, application and web monitoring comes from the same public IP. Marketo support has refused to white list the IP and thus all internal users get the CAPTCHA screen. We have yet to come up with an effective solution. A warning from Marketo would have been helpful before they implemented this, so we could prepare rather than scrambling to find a fix for this.

Excellence is Standard. - Adm. Hymie Rickover

SanfordWhiteman · ‎08-06-2019

Yours is a much worse problem because it indicates how CloudFlare's mistakes (which I allude to above) have a direct impact on regular people attempting to engage with your forms.

madhumita_jha · ‎07-18-2019

But we are using marketo from long back, never faced this kind of issue. From 26 June 2019 this issue started.
May i know is there any software or functionality update from marketo?

Steven_Vanderb3 · ‎07-18-2019

Marketo has introduced additional levels of security to further protect it's infrastructure from web based attacks. I suggest you use our supported Forms 2.0 API https://developers.marketo.com/javascript-api/forms/

madhumita_jha · ‎07-21-2019

Hi Steven,

We are using marketo Forms 2.0, but unfortunately we are not able to remove additional levels of security.

May i know what is the use of that kind of security if your customer is facing issue with that.

At Least there should be choice either any one want to use this security or not.

Please help me to solve this issue.

Steven_Vanderb3 · ‎07-22-2019

However you are loading your form to test, whether it be through an unsupported method or multiple times in a short period of time, you are triggering Cloudflare to challenge the traffic as it were a bot. We use this challenge to prevent DDoS attacks on our web endpoints. Marketo, like many SaaS solutions, uses a multi-tenant infrastructure so we will not disable security settings for a single customer which could negatively impact many customers.

madhumita_jha · ‎09-10-2019

Hi
Is there any way to whitelist one IP in cloudflare security?
As we are facing captcha issue with everyone?

madhumita_jha · ‎07-18-2019

Hi Steven,

Do you have an idea how to modify that security?
I checked https://developers.marketo.com/javascript-api/forms this url, but unable to find topics related to security.

SanfordWhiteman · ‎07-18-2019

CloudFlare is operating at a totally different level, and unfortunately there is no way for a subtenant (i.e. Marketo instance) to modify the settings. (Which would be fine if CF didn't mess up now and then and block legitimate, human users. But I digress.)

If you're trying to test your forms in realtime using an automated tool -- which I sympathize with -- you're going to end up getting blocked periodically. Can you explain what your "advanced tool text script" is trying to do, exactly?

madhumita_jha · ‎07-19-2019

The test tool name is appvance and which is one kind of automation tool which our team is using for testing websites forms from long back. But don't know why what happen with marketo suddenly that tool is not able to test our website forms.

when we try to figure out the issue using console, then 403 forbidden error seen in front of marketo script.

SanfordWhiteman · ‎07-19-2019

But don't know why what happen with marketo suddenly that tool is not able to test our website forms.

They hardened the CloudFlare settings recently, it's not really a mystery!

madhumita_jha · ‎07-19-2019

Or else is there any way to access the cloudflare security dashboard?

SanfordWhiteman · ‎07-19-2019

Or else is there any way to access the cloudflare security dashboard?

No, that's not under our control.

madhumita_jha · ‎07-21-2019

is there any way to contact marketo people directly?

Because i need to get solution for this.

SanfordWhiteman · ‎07-21-2019

Unfortunately, you're not going to see a solution, Madhumita.

Marketo employees have already given answers that are marked correct here.

madhumita_jha · ‎07-19-2019

So is there any way to remove that security level?

Because due to that my website is not able to load marketo script.

SanfordWhiteman · ‎07-19-2019

Nope.

And it's really annoying to me as well, since as one of the few people who specialize in customizing Marketo forms, I spend hours per week testing forms @ clients.

Still, the far bigger worry is when CloudFlare misbehaves for end users (not for us or our automated tools).

Casey_Grimes · ‎07-17-2019

In fairness, you are technically doing the types of things Cloudflare would correctly flag by trying to use a direct browser URL rather than handling this with a server. From Cloudflare's point of view, the only way you can bypass that is to actually switch certain page rules to have security set to "Essentially Off", and I don't really see Marketo being keen on setting that up.