How can I stop a spam attack coming from my contact form?

Return to top
Have more questions? Submit a request

67 Comments

  • Meggan King

    Yes, the directions being sent out on the tickets do not work. Even after waiting as suggested, they are still coming in. A global solution is required since this is affecting so many companies. 

    3
  • Mike Joseph

    We've done the placeholder changes and opted into the spam beta (but it hasn't been enabled yet).

    My understanding is that even after you've removed the placeholders, it'll take several days for the spam to die down because the spammers are using your support address as, basically, a spam proxy. You're not the target, someone else is. So, removing the placeholders makes you a useless proxy and they eventually stop.

    2
  • Mike Bandy

    The spam emails we get all have the tag web_widget. We're not even sure what page they're using to send in these tickets. We've tried testing using our contact form and this does not add the web_widget tag. Under Admin > Widget, we aren't even using it and is disabled.

    Following the instructions to add the condition and remove the placeholders did not resolve the issue as we got another email a few minutes after making these changes.

    2
  • Richard Sloggett

    We are also being hit by this issue. Could you explain how these users are able to submit tickets to us through the web service without having to sign in?

    2
  • Sam Peirce

    I just wanted to jump in and mentioned that I'm running into the same issue. I've already tried everything listed here with no success. Any additional help is appreciated.

    1
  • Jeremiah Nuhn

    Mike Roberts Please see what I did a few comments above. Use the specific keywords that are in your spam tickets. I have only gotten 2 spam tickets today that were auto closed. Like others I was getting about 90 a day before I put that spam ticket trigger in place. 

    1
  • Eric M. Brodeur

    We too have been hit by this over the weekend into today, with very little assistance from Zendesk. This issue has obviously been known about for a while, and they have not put anything in place to fix it other than make us adjust the way that the email that go to our customers appear. This is not acceptable.

    We are getting emails back from people saying "we didn't open this ticket". It can hurt company image, not to mention get our domain black-listed on spam filters.

    I would make a trigger that automatically closes out spam tickets, but by doing that, it hurts our analytics that are used to track daily ticket volume and agent performance.

    Zendesk, please get your act together. 

    1
  • Jonathan March
    Community Moderator

    Thanks for the link, Sheryl T. I've asked the API question there, am puzzled by this.

    1
  • Mike Roberts

    we are getting close to 1,000 tickets in the past 2 days. what is the fix?!?!!?

    1
  • Katie D.
    Zendesk Customer Advocate

    I wanted to share the recommendations we have been making to customers within the tickets created from comments on this thread. To combat spam, we recommend removing placeholders from your “Notify requester of received request” trigger. If you have customized triggers, you’ll need to remove any of the placeholders that pass the comment or title content of the tickets to the end-user at ticket creation.

    Making these recommended changes will not immediately stop the spam, but it does stop the spam from being passed. The spam will stop over time. Please submit a ticket to us if you have any questions.
    support@zendesk.com

    Here’s an example of the changes you’ll need to make. In this example, I’m using the “Notify requester of received request” trigger:

    Add this condition under the ALL conditions:

    Current User, is, (End-user)

    In the Actions section, look at the “Email subject” and the “Email body” fields. Remove these two placeholders:

    {{ticket.title}}

    {{ticket.comments_formatted}}

     

     

    Removing the placeholders will prevent spammy notification emails from being sent out and will result in many fewer spammy tickets ending up in your account. This removal effectively stops the spam from being forwarded to the spammer’s target (the requester), though it may take a while for the messages to stop.

    With these changes, the need for the secondary trigger comes into play when you or your agents are creating tickets on behalf of requesters (sending out proactive emails, or any scenario where you need to send out a message on the creation of the ticket). When an agent creates the ticket, there is no risk to sending out the initial message. Creating this trigger will enable your end users to see the content of the agent-created ticket.

    Here are the needed conditions for this trigger, which we’ll call "Notify requester of agent-created request (Proactive Ticket)”:

    ALL conditions:

    Ticket, is, Created

    Status, is not, Solved

    Privacy, is, Ticket has public comments

    Current user, is not, (end-user)

    Actions:

    Email user, (requester)

    Email Subject:

    [Request Received] {{ticket.subject}}

    Email Body:

    A request {{ticket.id}} has been created by our staff!

    To add additional comments, please reply to this email.

    {{ticket.comments_formatted}}

     

     

    With these changes made, your account will no longer be an attractive target for spammers. After removing the placeholders, it may take a bit of time for the spammer to notice their content is no longer being passed, but removing the placeholders removes the motivation to spam your account. 

    For more information on spam prevention on other channels, see our resources here.

    https://support.zendesk.com/hc/en-us/articles/360002046548-Spam-prevention-resources 

    If you have any questions, please submit a ticket to support@zendesk.com, we are here to help.

    1
  • Gil Emery

    I was able to create a ticket on our  submit a request page in zendesk

     

    Even though  it shows this

     

     

    I was never prompted to enter anything to confirm my identify.   I am using Chrome

    Already a ticket created for me with this-- just giving you some information to help solve?

    1
  • Sheryl T

    Jonathan March  Yes, ZenDesk has documented the ticket events as you mentioned and knows how the spam tickets are being submitted.  They tell us to change things to reduce the spam, but the root cause is a vulnerability that they need to fix!  A number of people have asked the question in these threads, but ZD does not answer that question. They knew about this 7+ months ago and fixed that attack, but they did not fix the vulnerability at that time.  I certainly hope they do this time.  Fortunately I have not received any more spam now for about 14 hours.

    1
  • Jeremiah Nuhn

    First, I would like to suggest to the Zendesk team that the reCAPTCHA works like all other websites where you have to select a set of images that match the criteria. It says it is protected by reCAPTCHA but doesn't seem like it is required to authenticate reCAPTCHA. 

    For other administrators,

    I am not sure why setting up a trigger to eliminate this from happening could help as it won't send an automated response if all triggers are set up correctly. This "Spam Trigger" I created is at the top of the list so it is checked first before all others. The ticket is created and immediately closed if it contains the comment strings I added to it. To me, this seems to be a much simpler solution than changing how many of the other triggers work. I hope this helps someone else that might encounter this as I see many other users have. 

     

     

     

    Thank you

    1
  • Mike Bernhard

    I followed all of the instructions in Katie's comment as well as the ones emailed to me directly by ZD support. This issue is still occurring for us. 

    1
  • Sheryl T

    We now have the same issue - nothing works - please help.

    1
  • Gil Emery

    I made those changes this morning around 730am and so far it has not stopped the tickets from being created.




    1
  • Paul McKelvey

    Our account as well has been under attack by the instagram famous spam 

     

    0
  • Steve Ross

    Same problem in the last week...and ongoing

    We already had the CAPTCHA in place, and I setup multiple automation rules to combat this but it does nothing to fix the problem... I even removed the widget completely when I saw the messages were tagged with web_widget, AND THEY STILL KEEP COMING IN

    None of the tickets are even sent to us, I think this is some breach in the Zendesk itself since every ticket is addressed to everyone but us. 

    This needs to be addressed and fixed asap.

    0
  • Jonathan March
    Community Moderator

    Echoing Sheryl T and Jeremiah Nuhn --

    In the last 24 hours or so, a spammer is getting past our default form's recaptcha setting. It's not an avalanche, but it is a flood -- about 90 spam tickets in the past day. They are all promoting a (presumably malicious) website "bit [omit me] biz [DOT] xyz", but the name of the website is embedded in the content, with invisible nested characters such that it cannot be detected by a trigger.

    Also, the detectable keywords that these spams use has been mutating steadily. It started using the word hash-tags and insta-gram and has moved on to influen-cers etc (please remove the hyphens from the words that I cite; I put them in to avoid ZD's own spam filters).

    0
  • Leia S

    We are experiencing the same "Instagram" issues with spam and have the CAPTCHA enabled on our account. Please create a ticket for me.

    0
  • Laura Gaffney

    Also jumping in to say the fix didn't work. Still getting the spam messages. 

    0
  • Sheryl T

    All of my spam has stopped completely as of the middle of last night.

    I would either turn off your Notify Requester of Received Request when a ticket is opened or put another condition in there to not reply when one of the words from the spam emails are in the comment text.  If you are still getting spam, create a new view for the spam messages filtered on the words that the spammers are using. Then periodically go in that view and mark all the tickets as spam. I am purposely not writing the actual words here because the spammers can then go do a Google search on our threads and change the words! The words I have were consistent in every single message throughout the weekend.

    If you haven't already done so, open a ticket with ZenDesk.  They will keep you updated that way and add you to their global ticket.

    Hope this is helpful to someone!

    0
  • Jonathan March
    Community Moderator

    > I would like to suggest to the Zendesk team that the reCAPTCHA works like all other websites where you have to select a set of images that match the criteria. It says it is protected by reCAPTCHA but doesn't seem like it is required to authenticate reCAPTCHA. 

    Jeremiah Nuhn your information is outdated. See https://webmasters.googleblog.com/2018/10/introducing-recaptcha-v3-new-way-to.html

     

    0
  • Brett Bowser
    Zendesk Community Team

    @Mike, Flavien, Laura, I've generated a ticket on behalf of each of you so our Customer Advocacy team can dig into this further.

    I appreciate you bringing this to our attention!

    0
  • Madeline Beard-Ojala

    We've also been experiencing this issue at our company. Since last Thursday we've received 88 spam tickets from this same instagram spam. I'm going to create a ticket because I would like to be kept up to date on what actions Zendesk is taking to solve this. 

    0
  • Blair

    Same issue here have tried suggestions still getting the Re:   tickets about instagram spam

    0
  • Sheryl T

    Eric M. Brodeur This spam is NOT from the web widget at all.  The spammer just makes it appear that way by putting that tag in the message.  It is from the ZenDesk API that most of us are not even using.  Turning on captcha does nothing.

    0
  • Devan - Community Manager
    Zendesk Community Team

    Hello Everyone,

    I want to start by thanking all those who have posted about the recent spam issue and shared how this has been impacting you. We are aware of this matter and are currently drafting up a solution to which your feedback has been instrumental in aiding this process. I'm sure for those of you still affected are eager for a resolution, and I assure you we're working on delivering on this soon.

    As we finalize our response, we ask that for now, you refrain from posting on articles such as this that are not intended to handle feedback on critical incidents. When we post our solution, you will have the ability to comment, ask questions, and have our experts respond to your concerns. Again we appreciate your patience during this turbulence and will deliver this resolution to you the moment it is ready, which will be linked here.

    Thank you,

    Devan 

    0
  • Mike

    Same here, many "Instagram" spams exactly as the others above. 

    0
  • Adam Dragland

    Same thing here, a few dozen Instagram spam tickets a day. Anyone figure out a way to filter this stuff out?

    0

Please sign in to leave a comment.

Powered by Zendesk