Account takeover detections
Using the detection IDs below, you can detect and mitigate account takeover attacks. You can monitor the number of login requests for a given software and network combination, as well as the percentage of login errors. When it reaches a suspicious level, you can prevent these attacks by using custom rules, rate limiting rules, and Workers.
| Detection ID | Description |
|---|---|
201326592 | Observes all login failures to the zone. |
201326593 | Observes all login traffic to the zone. |
201326598 | Sets a dynamic threshold based on the normal traffic that is unique to the zone. When the ID matches a login failure, Bot Management sets the bot score to 29 and uses anomaly detection as its score source. |
Cloudflare's Managed Challenge can limit brute-force attacks on your login endpoints.
To access account takeover detections:
- Log in to the Cloudflare dashboard ↗, and select your account and domain.
- Go to Security > WAF.
- Under Custom Rules, select Create rule.
- Fill out the form using Bot Detection IDs along with other necessary information.
- Select Save as draft to return to it later, or Deploy to deploy the rule.
- Log in to the Cloudflare dashboard ↗, and select your account and domain.
- Go to Security > Security rules.
- Select Create rule and choose Custom rule.
- Fill out the form using Bot Detection IDs along with other necessary information.
- Select Save as draft to return to it later, or Deploy to deploy the rule.
(any(cf.bot_management.detection_ids[*] eq 201326593))Rate limiting rules can limit the number of logins from a particular IP, JA4 Fingerprint, or country.
To use rate limiting rules with account takeover detections:
- Log in to the Cloudflare dashboard ↗, and select your account and domain.
- Go to Security > WAF.
- Under Rate limiting rules, select Create rule.
- Fill out the form using the Custom expression builder and
cf.bot_management_detection_idsalong with other necessary information. - Select Save as draft to return to it later, or Deploy to deploy the rule.
- Log in to the Cloudflare dashboard ↗, and select your account and domain.
- Go to Security > Security rules.
- Select Create rule and choose Rate limiting rule.
- Fill out the form using the Custom expression builder and
cf.bot_management_detection_idsalong with other necessary information. - Select Save as draft to return to it later, or Deploy to deploy the rule.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark