Question
In the last minutes, there were submitted more than 1000 spam tickets from different addresses through the web form. How do I make it stop?
Answer
Firstly, it is important to make sure the tickets are actually coming from your contact form. To do that, you can check the events of the ticket.
To view ticket events
- In a ticket, click Conversations under the active comment area, then select Events.
- If a ticket is submitted through a channel other than the web form, such as Twitter or email, details about the channel appear. Therefore, you are looking for something like this:
Once you are assured the tickets come from your web form, you can enable the Require CAPTCHA setting. For instructions on how to enable Require CAPTCHA, see the article: Managing end-user settings.
If your Zendesk account has been spammed and you suddenly need to bulk delete these spam tickets, instead of manually deleting them, there are different ways to do it and they are all outlined in this article: How can I bulk delete spam tickets in Zendesk?
67 Comments
We are having the same spam issues, as noted by others, with a sudden increase in messages referencing Instagram recently. We also have CAPTCHA enabled and mark all bad emails as spam. A master fix would be wonderful.
I made those changes this morning around 730am and so far it has not stopped the tickets from being created.
I followed all of the instructions in Katie's comment as well as the ones emailed to me directly by ZD support. This issue is still occurring for us.
Yes, the directions being sent out on the tickets do not work. Even after waiting as suggested, they are still coming in. A global solution is required since this is affecting so many companies.
Here also, the solution doesn't work. We also filter on the word 'Instagram' and don't send mail out.
I am also curious how they are able to create tickets with the captcha enabled.
I just wanted to jump in and mentioned that I'm running into the same issue. I've already tried everything listed here with no success. Any additional help is appreciated.
Also jumping in to say the fix didn't work. Still getting the spam messages.
Same issue here have tried suggestions still getting the Re: tickets about instagram spam
We have had our web widget turned off since yesterday afternoon but these keep coming through. The first one we got had subject line of "hello" followed by an odd username. But all those following have had a subject that starts with RE:
None of these have a "Submitted from: " (followed by a page URL). When we tested from our web widget both on our company website and in our Zendesk help center the "Submitted from: https://..." (web page url) was always included.
See screenshot of our test webwidget submission.
We have also been having this issue with Instagram SPAM for the past week or so. We already have ReCaptcha enabled, so we're not sure what else we can do since it seems the suggestion outlined here is not working either.
Hi Katie, we are also experiencing increased spam through our contact form even though we have captcha enabled. Can you please create a support ticket for us as well?
We removed the placeholders and setup.as recommended last Sunday but as of today ( Wednesday) are still receiving spam. Has anyone opted in to the beta spam filter? If so, has it been working and have they noticed if some are being filtered that shouldn't be?
We've done the placeholder changes and opted into the spam beta (but it hasn't been enabled yet).
My understanding is that even after you've removed the placeholders, it'll take several days for the spam to die down because the spammers are using your support address as, basically, a spam proxy. You're not the target, someone else is. So, removing the placeholders makes you a useless proxy and they eventually stop.
Same problem in the last week...and ongoing
We already had the CAPTCHA in place, and I setup multiple automation rules to combat this but it does nothing to fix the problem... I even removed the widget completely when I saw the messages were tagged with web_widget, AND THEY STILL KEEP COMING IN
None of the tickets are even sent to us, I think this is some breach in the Zendesk itself since every ticket is addressed to everyone but us.
This needs to be addressed and fixed asap.
Our account as well has been under attack by the instagram famous spam
We've also been experiencing this issue at our company. Since last Thursday we've received 88 spam tickets from this same instagram spam. I'm going to create a ticket because I would like to be kept up to date on what actions Zendesk is taking to solve this.
Hello Everyone,
I want to start by thanking all those who have posted about the recent spam issue and shared how this has been impacting you. We are aware of this matter and are currently drafting up a solution to which your feedback has been instrumental in aiding this process. I'm sure for those of you still affected are eager for a resolution, and I assure you we're working on delivering on this soon.
As we finalize our response, we ask that for now, you refrain from posting on articles such as this that are not intended to handle feedback on critical incidents. When we post our solution, you will have the ability to comment, ask questions, and have our experts respond to your concerns. Again we appreciate your patience during this turbulence and will deliver this resolution to you the moment it is ready, which will be linked here.
Thank you,
Devan
Hello Everyone,
Here is the article that explains our recommended best practice for dealing with the recent spam wave. If you have questions or require points in this article explained in further detail, please post your question in the article linked below.
Combatting spam submitted via web service
I wanted to thank the team for your efforts. We have not received any new spam emails to our inbox since last Thursday, so it looks like this issue has been resolved. We will be keeping an eye on it though.
Thanks again!
Hi Mike,
Thanks so much for taking the time to share this with us!
I'll be sure to pass your kudos off to the appropriate team :)
Cheers!
We now have the same issue - nothing works - please help.
First, I would like to suggest to the Zendesk team that the reCAPTCHA works like all other websites where you have to select a set of images that match the criteria. It says it is protected by reCAPTCHA but doesn't seem like it is required to authenticate reCAPTCHA.
For other administrators,
I am not sure why setting up a trigger to eliminate this from happening could help as it won't send an automated response if all triggers are set up correctly. This "Spam Trigger" I created is at the top of the list so it is checked first before all others. The ticket is created and immediately closed if it contains the comment strings I added to it. To me, this seems to be a much simpler solution than changing how many of the other triggers work. I hope this helps someone else that might encounter this as I see many other users have.
Thank you
Echoing Sheryl T and Jeremiah Nuhn --
In the last 24 hours or so, a spammer is getting past our default form's recaptcha setting. It's not an avalanche, but it is a flood -- about 90 spam tickets in the past day. They are all promoting a (presumably malicious) website "bit [omit me] biz [DOT] xyz", but the name of the website is embedded in the content, with invisible nested characters such that it cannot be detected by a trigger.
Also, the detectable keywords that these spams use has been mutating steadily. It started using the word hash-tags and insta-gram and has moved on to influen-cers etc (please remove the hyphens from the words that I cite; I put them in to avoid ZD's own spam filters).
Put in all of those keywords that Jonathan March mentioned and more in your filters. That's what I did last night, and it has worked fine so far. The number of spam tickets we are all getting seems to be consistent also - about 90 in the past 24 hours.
we are getting close to 1,000 tickets in the past 2 days. what is the fix?!?!!?
Mike Roberts Please see what I did a few comments above. Use the specific keywords that are in your spam tickets. I have only gotten 2 spam tickets today that were auto closed. Like others I was getting about 90 a day before I put that spam ticket trigger in place.
We too have been hit by this over the weekend into today, with very little assistance from Zendesk. This issue has obviously been known about for a while, and they have not put anything in place to fix it other than make us adjust the way that the email that go to our customers appear. This is not acceptable.
We are getting emails back from people saying "we didn't open this ticket". It can hurt company image, not to mention get our domain black-listed on spam filters.
I would make a trigger that automatically closes out spam tickets, but by doing that, it hurts our analytics that are used to track daily ticket volume and agent performance.
Zendesk, please get your act together.
Sarcastic / My experience has learned that this topic will remain open for a few years without progress, will be closed due to too many responses, or this will become a paid add-on (even for Enterprise customers .... like they did with many new stuff the last years).
Update -- starting sometime early today, no more of these spams have been reaching us or our spam-catching-keyword-triggers. Some of them ended up in our suspended ticket view (as "malicious content"), but it appears that most of them have been blocked altogether, though I don't know whether blocked by some improvement in ReCaptcha (which google is constantly tweaking to meet the latest bot challenges) or by a ZD-specific spam block.
@Eric do you have captcha enabled?
BTW, I don't think that it's accurate to say that this issue has been known about for a while (unless by "this issue" you mean "the existence of malefactors on the internet"). AFAICT this attack began on Saturday.
> I would like to suggest to the Zendesk team that the reCAPTCHA works like all other websites where you have to select a set of images that match the criteria. It says it is protected by reCAPTCHA but doesn't seem like it is required to authenticate reCAPTCHA.
Jeremiah Nuhn your information is outdated. See https://webmasters.googleblog.com/2018/10/introducing-recaptcha-v3-new-way-to.html
Please sign in to leave a comment.