Note: If the spam is coming from your Chat widget, see the article: How can I stop a spam attack coming from the Chat widget? If the spam is coming in via web service, see the article: How can I combat spam submitted via web service?
Question
There were more than 1000 spam tickets submitted from different addresses through the web form. How do I make it stop?
Answer
Firstly, it is important to make sure the tickets are actually coming from your contact form. To do that, you can check the events of the ticket.
To view ticket events
- In a ticket, click Conversations under the active comment area, then select Events.
- If a ticket is submitted through a channel other than the web form, such as Twitter or email, details about the channel appear. Therefore, you are looking for something like this:
Once you are assured the tickets come from your web form, you can enable the Require CAPTCHA setting. For instructions on how to enable Require CAPTCHA, see the article: Managing end-user settings.
If your Zendesk account has been spammed and you suddenly need to bulk delete these spam tickets, instead of manually deleting them, there are different ways to do it and they are all outlined in this article: How can I bulk delete spam tickets in Zendesk?
67 Comments
Jonathan March, yes we do have Captcha enabled, though we receive all requests through email only. I wish Zendesk would let us turn off other channels to close up vulnerabilities.
This issue has been known about (the ability to spam using the web-widget). I have found other articles (as well as this one) from months ago where people have had the same issue (maybe not by the same spammer, but the same method at least).
At this point our spam count is next-to-zero making its way through and starting to slow down in the Suspended Tickets area. Not sure if Zendesk changed anything on their end.
All of my spam has stopped completely as of the middle of last night.
I would either turn off your Notify Requester of Received Request when a ticket is opened or put another condition in there to not reply when one of the words from the spam emails are in the comment text. If you are still getting spam, create a new view for the spam messages filtered on the words that the spammers are using. Then periodically go in that view and mark all the tickets as spam. I am purposely not writing the actual words here because the spammers can then go do a Google search on our threads and change the words! The words I have were consistent in every single message throughout the weekend.
If you haven't already done so, open a ticket with ZenDesk. They will keep you updated that way and add you to their global ticket.
Hope this is helpful to someone!
Eric M. Brodeur This spam is NOT from the web widget at all. The spammer just makes it appear that way by putting that tag in the message. It is from the ZenDesk API that most of us are not even using. Turning on captcha does nothing.
Is it really possible to create a ticket using the API without an authorized API token? I didn't think that it was.
In our case, this spam was coming in via the "Default Ticket Form":
https://enthought.zendesk.com/agent/admin/ticket_forms
Jonathan March It shouldn't be possible,to submit via API but that was the problem as far as I know. ZenDesk was letting that happen. I do not and did not have a default ticket form turned on. Initially, I turned off our web chat, but I turned it back on yesterday once I was sure that was unrelated. See this thread: https://support.zendesk.com/hc/en-us/articles/360025895613-Combating-spam-submitted-via-web-service-
Thanks for the link, Sheryl T. I've asked the API question there, am puzzled by this.
Jonathan March Yes, ZenDesk has documented the ticket events as you mentioned and knows how the spam tickets are being submitted. They tell us to change things to reduce the spam, but the root cause is a vulnerability that they need to fix! A number of people have asked the question in these threads, but ZD does not answer that question. They knew about this 7+ months ago and fixed that attack, but they did not fix the vulnerability at that time. I certainly hope they do this time. Fortunately I have not received any more spam now for about 14 hours.
Please sign in to leave a comment.