Support the use of reCaptcha on web widget chat form

37 Kommentare

  • Nicole S.
    Zendesk Community Team

    Thanks for the feedback, Andrew. We'll be interested to hear detailed use cases from other users as well. 

    0
  • Daniel Aron
    Zendesk Product Manager

    Thanks Andrew. Adding captcha as a way to minimize spam through the Web Widget is on our roadmap. No ETA at this stage but stay tuned.

    0
  • Anthony Tippett

    We are battling this now on a daily basis where we have created a script to delete 5K tickets a night that come in over chat.  We've banned IP's, countries but this doesn't help as the blackhat just moves their server.  This is a must for us to turn back on our chat. :(

    2
  • Michael H

    @Anthony: Your scenario has me curious - specifically about why on earth someone is targeting your companies' website, and a chat service, in this way.

    Is it fair to presume that your company has already worked with law enforcement in the home domicile for the company, to utilise available legislative avenues (if available) to address this persistent abuse of resources and services?

    -2
  • Anthony Tippett

    Really?  It's why CAPTCHA was invented.

    0
  • Michael H

    @Anthony: Re-read my post, and take the time to understand the question being posed.

    I'm not disputing the potential usefulness of Captcha and similar services, in this or any other relevant scenario.

    What I'm trying to understand firstly - as a fellow admin for a company that uses Zendesk - is why someone is going after your specific employer to the volumes and levels you claim they are?

    I'm trying to figure out the mindset of such a person, the reasons for the type of activity claimed; so I can look at what (if any) defensive strategies and postures we should consider at in the context of an always evolving threat landscape, and the risks of this activity to my type of business.

    Is it a technically educated customer who hasn't got what they want from your employer? Is it a competitor who's trying to make life difficult for your business in the hope it stops you from doing business? Or is it a whole other scenario?

    And secondly, what i'm trying to understand what legal avenues have been explored to deal with this threat and threat model you claim to be experiencing; to encourage conversation around ensuring all available avenues outside what Zendesk allows, to ensure this threat is being addressed.

    If you're not authorised to speak publicly about the issue you've claimed is going, the why behind it, or what actions have been taken beyond technical to mitigate it, then just say so.

    Or, would it be reasonably to draw inference from your second response that the scenario you put forward originally isn't actually happening at all; and you intended to post it as a possible scenario to demonstrate why the OP's suggestion might be of value?

    -2
  • Anthony Tippett

    It's a script kiddie trying to push their ransomware.  The IP changes daily from Thailand, Russia, China, etc.  There are no legal avenues.

    0
  • Dar Veverka

    +1 on this. We can't turn back on our chat widget without this. We just cleaned out 10K spam messages from Russian bots that stumbled across our page and flooded it. All the spam was actually in Russian, so yes, we know they are Russian script bots. It's surprising this is not already a feature for this widget or that  Zendesk would even need to ask what the use case would be for reCaptcha on it. The widget is incredibly easy to spam without it. 

    3
  • David Thair

    We're suffering the same issue as Anthony and Dar. Thousands of identical spam tickets (this time in Chinese), each from a different address, and even with triggers and automations we can't delete them (just solve/close).

    I was very surprised that captcha isn't available in the widget.

    2
  • Bianca Mayer

    Unfortunately I have to jump of to this topic.

    We're suffering the same over here in Germany. On Dec.24th and Jan. 5th we received 3k spam tickets coming from our Chat with an Rumania URL. I put the URL on the blacklist right now. But it cost us a lot of working hours to delete them as there's no 1k step bulk deletion availalbe. To delete 3k tickets in bulks of 30 is really annoying. 

    But anyhow I would please you to add the reCAPTCHA on web widgets for Chats asap. 

    0
  • Angie

    We also began getting a bunch of messages from .ru. Not in the thousands range, but we only have one rep, so it would be nice to avoid spam as much as possible. We have recaptcha enabled on on ticket forms and other online avenues for submitting support requests. Would be nice to be able to add recaptcha to the widget as well.

    0
  • Faisal Maun

    I just got attacked with 4k spammed messages last night. It is unprecedented, and a very unpleasant experience. I'll put it rather simply - please implement Captcha for the widget without delay.

    Judging from the responses here, my Russian attacker will have friends in Thailand, China etc. joining in the fray real soon so I have since suspended the widget, and possibly looking forward to cancel the subscription so I won't be having this nightmare again.

    0
  • Sarah Voit

    We also got some (luckily not too many) spam messages from .ru through the Web Widget today. Please implement Captcha for the widget!

    0
  • Sylvain Rayé

    We face also spam issue on the chat. We received since this morning around 11K emails. Even disabling the chat doesn't help ! We created a script to delete them but well it's still fill our mailbox

    A solution will be welcome

    0
  • Daniel Aron
    Zendesk Product Manager

    Hi all, just letting you know that we are actively working on reducing and preventing spam from the Web Widget as a priority. We are currently investigating whether the spam attacks are actually coming from the widget as opposed to being spoofed to look like they are. Following this investigation we'll be able to decide if captcha is the right solution or an alternative. 

    0
  • Carl West

    We were under a spam attack last weekend (yay) and Zendesk automatically activated CAPTCHA for us.  I appreciate the proactivity but I was completely surprised that CAPTCHA wasn't active on the Web Widget. 

    Isn't the "widget" a portable version of the form?  Why wouldn't Zendesk have that available on a form that is presented in the form of a widget?  What is the downside of Zendesk adding it to the widget?

    I am surprised there is so much hesitation on the part of Zendesk here.

    0
  • Chris Brogan

    We just had a huge influx of spam on chat & widget over the weekend from russian bots. This is going to be a blocker for us using the product.

    1
  • Justin Padilla

    The Russian bot spam is exactly what had us discontinue use of the chat product. Has anyone found any other workarounds?

    0
  • Adam Sentz

    We are getting a constant flow of SPAM via the web widget, which we do not use, right now. A few months back we had a massive amount from a Russian bot, and now it's a bunch of Instagram like farm offers.

    1
  • Joel Dennis

    We are getting hit with Instagram like-farm offers via the widget as well, from continually changing email addresses. 

    0
  • Adam Sentz

    Turns out ours aren't actually from the widget, but are just spoofing it. Zendesk recommended we adjust our notify requester triggers a couple ways to combat this. If you get in touch they'll probably send you the same list of recommendations.

    0
  • Abigail Iliesi

    Although we don't have Chat enabled, I'd also like to see Zendesk require unauthenticated users to complete a CAPTCHA before submitting any information through the Web Widget.

    I created a new post for those who are interested in requiring CAPTCHA verification to submit a form through the Web Widget. The post can be found here: Require CAPTCHA verification before users can submit a form through the Web Widget.

    3
  • Sylvain

    We definitely need also a Captcha and can't believe that after one year this had been announced as being in Zendesk roadmap, this is still not available.

    This is really boring to be attacked by bots (we are currently receiving tickets from qq.com bot every 8 minutes) and having as only solution provided by Zendesk to prevent no signed in users to send tickets. This solution is really not suitable for our business (like others I guess) and we are now considering to change for another solution.

    Please, keep us informed about your progress on adding CAPTCHA for web widget.

    1
  • Joel Koh

    +1 to this request. Spammers have recently found my help center's web widget. Seemingly overnight, my team has suddenly been flooded with 80-100 bot spam tickets a day, 15-20 of which make it past the spam filters somehow.

    Please secure the web widget with some form of CAPTCHA.

    1
  • Lisa Mankin

    We are also having an Issue with a spammer, which we suspect to be a bot.

    To have the option to enable captcha would be really beneficial for our workflow and stats as well!

     

    0
  • Thomas Lachauer

    We are also experiencing an increasing amount of spam via the web widget and will therefore disable it for the time being until there is an effective captcha

    0
  • Mukai

    Same here.
    Our team strongly hope that this feature will be implemented.

    0
  • Martin Metodiev

    We are also experiencing this - Web widget is being used for creating spam tickets created with random email addresses so they can be spammed from Zendesk.

    One suggestion from Zendesk support is to remove placeholders from ticket replies, which would only send the ticket reply to the random addresses, but they would still get a nonsense email and we would still need to cleanup tickets.

    Improving the spam filter in Zendesk to suspend these is not an efficient way to tackle the problem - people will continue to abuse the widget, Zendesk system will need to process all the request and Zendesk customers would still need to cleanup tickets even if less often.

    How difficult is it to add a captcha in there?

    0
  • Chris Brogan

    We've moved to a competitor for chat because of this. No movement means that we had to act. 

    1
  • Carl West

    The product manager said 11 months ago now that "Hi all, just letting you know that we are actively working on reducing and preventing spam from the Web Widget as a priority.". We are starting to look at competition for chat because we can't afford to have this security hole out there. It could be such and easy fix

    0

Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.

Powered by Zendesk