Question
In the last minutes, there were submitted more than 1000 spam tickets from different addresses through the web form. How do I make it stop?
Answer
Firstly, it is important to make sure the tickets are actually coming from your contact form. To do that, you can check the events of the ticket.
To view ticket events
- In a ticket, click Conversations under the active comment area, then select Events.
- If a ticket is submitted through a channel other than the web form, such as Twitter or email, details about the channel appear. Therefore, you are looking for something like this:
Once you are assured the tickets come from your web form, you can enable the Require CAPTCHA setting. This requires users who are not signed in to complete a verification test before they can submit a ticket.
To enable Require CAPTCHA
- Click the Admin icon (
) in the sidebar, then select Settings > Customers. - Under Anybody can submit tickets, select Require CAPTCHA:
- Scroll down and click Save tab.
If you would like to know more about this feature please take a moment to read Managing end-user settings.
If your Zendesk account has been spammed and you suddenly need to bulk delete these spam tickets, instead of manually deleting them, there are different ways to do it and they are all outlined in the article How can I bulk delete spam tickets in Zendesk?.
50 Comments
We are having the same spam issues, as noted by others, with a sudden increase in messages referencing Instagram recently. We also have CAPTCHA enabled and mark all bad emails as spam. A master fix would be wonderful.
I made those changes this morning around 730am and so far it has not stopped the tickets from being created.
I followed all of the instructions in Katie's comment as well as the ones emailed to me directly by ZD support. This issue is still occurring for us.
Yes, the directions being sent out on the tickets do not work. Even after waiting as suggested, they are still coming in. A global solution is required since this is affecting so many companies.
Here also, the solution doesn't work. We also filter on the word 'Instagram' and don't send mail out.
I am also curious how they are able to create tickets with the captcha enabled.
I just wanted to jump in and mentioned that I'm running into the same issue. I've already tried everything listed here with no success. Any additional help is appreciated.
Also jumping in to say the fix didn't work. Still getting the spam messages.
Same issue here have tried suggestions still getting the Re: tickets about instagram spam
We have had our web widget turned off since yesterday afternoon but these keep coming through. The first one we got had subject line of "hello" followed by an odd username. But all those following have had a subject that starts with RE:
None of these have a "Submitted from: " (followed by a page URL). When we tested from our web widget both on our company website and in our Zendesk help center the "Submitted from: https://..." (web page url) was always included.
See screenshot of our test webwidget submission.
We have also been having this issue with Instagram SPAM for the past week or so. We already have ReCaptcha enabled, so we're not sure what else we can do since it seems the suggestion outlined here is not working either.
Hi Katie, we are also experiencing increased spam through our contact form even though we have captcha enabled. Can you please create a support ticket for us as well?
We removed the placeholders and setup.as recommended last Sunday but as of today ( Wednesday) are still receiving spam. Has anyone opted in to the beta spam filter? If so, has it been working and have they noticed if some are being filtered that shouldn't be?
We've done the placeholder changes and opted into the spam beta (but it hasn't been enabled yet).
My understanding is that even after you've removed the placeholders, it'll take several days for the spam to die down because the spammers are using your support address as, basically, a spam proxy. You're not the target, someone else is. So, removing the placeholders makes you a useless proxy and they eventually stop.
Same problem in the last week...and ongoing
We already had the CAPTCHA in place, and I setup multiple automation rules to combat this but it does nothing to fix the problem... I even removed the widget completely when I saw the messages were tagged with web_widget, AND THEY STILL KEEP COMING IN
None of the tickets are even sent to us, I think this is some breach in the Zendesk itself since every ticket is addressed to everyone but us.
This needs to be addressed and fixed asap.
Our account as well has been under attack by the instagram famous spam
We've also been experiencing this issue at our company. Since last Thursday we've received 88 spam tickets from this same instagram spam. I'm going to create a ticket because I would like to be kept up to date on what actions Zendesk is taking to solve this.
Hello Everyone,
I want to start by thanking all those who have posted about the recent spam issue and shared how this has been impacting you. We are aware of this matter and are currently drafting up a solution to which your feedback has been instrumental in aiding this process. I'm sure for those of you still affected are eager for a resolution, and I assure you we're working on delivering on this soon.
As we finalize our response, we ask that for now, you refrain from posting on articles such as this that are not intended to handle feedback on critical incidents. When we post our solution, you will have the ability to comment, ask questions, and have our experts respond to your concerns. Again we appreciate your patience during this turbulence and will deliver this resolution to you the moment it is ready, which will be linked here.
Thank you,
Devan
Hello Everyone,
Here is the article that explains our recommended best practice for dealing with the recent spam wave. If you have questions or require points in this article explained in further detail, please post your question in the article linked below.
Combatting spam submitted via web service
I wanted to thank the team for your efforts. We have not received any new spam emails to our inbox since last Thursday, so it looks like this issue has been resolved. We will be keeping an eye on it though.
Thanks again!
Hi Mike,
Thanks so much for taking the time to share this with us!
I'll be sure to pass your kudos off to the appropriate team :)
Cheers!
Please sign in to leave a comment.