How can I stop a spam attack coming from my contact form?

Return to top
Have more questions? Submit a request

67 Comments

  • Hilary Bialek

    We are having the same spam issues, as noted by others, with a sudden increase in messages referencing Instagram recently. We also have CAPTCHA enabled and mark all bad emails as spam. A master fix would be wonderful.

    0
  • Gil Emery

    I made those changes this morning around 730am and so far it has not stopped the tickets from being created.




    1
  • Mike Bernhard

    I followed all of the instructions in Katie's comment as well as the ones emailed to me directly by ZD support. This issue is still occurring for us. 

    1
  • Meggan King

    Yes, the directions being sent out on the tickets do not work. Even after waiting as suggested, they are still coming in. A global solution is required since this is affecting so many companies. 

    3
  • Ben Bos

    Here also, the solution doesn't work. We also filter on the word 'Instagram' and don't send mail out.
    I am also curious how they are able to create tickets with the captcha enabled.

    0
  • Sam Peirce

    I just wanted to jump in and mentioned that I'm running into the same issue. I've already tried everything listed here with no success. Any additional help is appreciated.

    1
  • Laura Gaffney

    Also jumping in to say the fix didn't work. Still getting the spam messages. 

    0
  • Blair

    Same issue here have tried suggestions still getting the Re:   tickets about instagram spam

    0
  • Corrin Duque

    We have had our web widget turned off since yesterday afternoon but these keep coming through. The first one we got had subject line of "hello" followed by an odd username. But all those following have had a subject that starts with RE:

    None of these have a "Submitted from: " (followed by a page URL). When we tested from our web widget both on our company website and in our Zendesk help center the "Submitted from: https://..." (web page url) was always included. 

    See screenshot of our test webwidget submission.

    0
  • Paul

    We have also been having this issue with Instagram SPAM for the past week or so. We already have ReCaptcha enabled, so we're not sure what else we can do since it seems the suggestion outlined here is not working either.

    0
  • Charles Swartz

    Hi Katie, we are also experiencing increased spam through our contact form even though we have captcha enabled. Can you please create a support ticket for us as well?

    0
  • Lisa Rousseau

    We removed the placeholders and setup.as recommended last Sunday but as of today ( Wednesday) are still receiving spam. Has anyone opted in to the beta spam filter? If so, has it been working and have they noticed if some are being filtered that shouldn't be?

    0
  • Mike Joseph

    We've done the placeholder changes and opted into the spam beta (but it hasn't been enabled yet).

    My understanding is that even after you've removed the placeholders, it'll take several days for the spam to die down because the spammers are using your support address as, basically, a spam proxy. You're not the target, someone else is. So, removing the placeholders makes you a useless proxy and they eventually stop.

    2
  • Steve Ross

    Same problem in the last week...and ongoing

    We already had the CAPTCHA in place, and I setup multiple automation rules to combat this but it does nothing to fix the problem... I even removed the widget completely when I saw the messages were tagged with web_widget, AND THEY STILL KEEP COMING IN

    None of the tickets are even sent to us, I think this is some breach in the Zendesk itself since every ticket is addressed to everyone but us. 

    This needs to be addressed and fixed asap.

    0
  • Paul McKelvey

    Our account as well has been under attack by the instagram famous spam 

     

    0
  • Madeline Beard-Ojala

    We've also been experiencing this issue at our company. Since last Thursday we've received 88 spam tickets from this same instagram spam. I'm going to create a ticket because I would like to be kept up to date on what actions Zendesk is taking to solve this. 

    0
  • Devan - Community Manager
    Zendesk Community Team

    Hello Everyone,

    I want to start by thanking all those who have posted about the recent spam issue and shared how this has been impacting you. We are aware of this matter and are currently drafting up a solution to which your feedback has been instrumental in aiding this process. I'm sure for those of you still affected are eager for a resolution, and I assure you we're working on delivering on this soon.

    As we finalize our response, we ask that for now, you refrain from posting on articles such as this that are not intended to handle feedback on critical incidents. When we post our solution, you will have the ability to comment, ask questions, and have our experts respond to your concerns. Again we appreciate your patience during this turbulence and will deliver this resolution to you the moment it is ready, which will be linked here.

    Thank you,

    Devan 

    0
  • Devan - Community Manager
    Zendesk Community Team

    Hello Everyone,

    Here is the article that explains our recommended best practice for dealing with the recent spam wave. If you have questions or require points in this article explained in further detail, please post your question in the article linked below.

    Combatting spam submitted via web service

    0
  • Mike Bandy

    I wanted to thank the team for your efforts. We have not received any new spam emails to our inbox since last Thursday, so it looks like this issue has been resolved. We will be keeping an eye on it though.

    Thanks again!

    0
  • Brett - Community Manager
    Zendesk Community Team

    Hi Mike,

    Thanks so much for taking the time to share this with us!

    I'll be sure to pass your kudos off to the appropriate team :)

    Cheers!

    0
  • Sheryl T

    We now have the same issue - nothing works - please help.

    1
  • Jeremiah Nuhn

    First, I would like to suggest to the Zendesk team that the reCAPTCHA works like all other websites where you have to select a set of images that match the criteria. It says it is protected by reCAPTCHA but doesn't seem like it is required to authenticate reCAPTCHA. 

    For other administrators,

    I am not sure why setting up a trigger to eliminate this from happening could help as it won't send an automated response if all triggers are set up correctly. This "Spam Trigger" I created is at the top of the list so it is checked first before all others. The ticket is created and immediately closed if it contains the comment strings I added to it. To me, this seems to be a much simpler solution than changing how many of the other triggers work. I hope this helps someone else that might encounter this as I see many other users have. 

     

     

     

    Thank you

    1
  • Jonathan March
    Community Moderator

    Echoing Sheryl T and Jeremiah Nuhn --

    In the last 24 hours or so, a spammer is getting past our default form's recaptcha setting. It's not an avalanche, but it is a flood -- about 90 spam tickets in the past day. They are all promoting a (presumably malicious) website "bit [omit me] biz [DOT] xyz", but the name of the website is embedded in the content, with invisible nested characters such that it cannot be detected by a trigger.

    Also, the detectable keywords that these spams use has been mutating steadily. It started using the word hash-tags and insta-gram and has moved on to influen-cers etc (please remove the hyphens from the words that I cite; I put them in to avoid ZD's own spam filters).

    0
  • Sheryl T

    Put in all of those keywords that Jonathan March mentioned and more in your filters.  That's what I did last night, and it has worked fine so far.  The number of spam tickets we are all getting seems to be consistent also - about 90 in the past 24 hours.

    0
  • Mike Roberts

    we are getting close to 1,000 tickets in the past 2 days. what is the fix?!?!!?

    1
  • Jeremiah Nuhn

    Mike Roberts Please see what I did a few comments above. Use the specific keywords that are in your spam tickets. I have only gotten 2 spam tickets today that were auto closed. Like others I was getting about 90 a day before I put that spam ticket trigger in place. 

    1
  • Eric M. Brodeur

    We too have been hit by this over the weekend into today, with very little assistance from Zendesk. This issue has obviously been known about for a while, and they have not put anything in place to fix it other than make us adjust the way that the email that go to our customers appear. This is not acceptable.

    We are getting emails back from people saying "we didn't open this ticket". It can hurt company image, not to mention get our domain black-listed on spam filters.

    I would make a trigger that automatically closes out spam tickets, but by doing that, it hurts our analytics that are used to track daily ticket volume and agent performance.

    Zendesk, please get your act together. 

    1
  • Ben Bos

    Sarcastic / My experience has learned that this topic will remain open for a few years without progress, will be closed due to too many responses, or this will become a paid add-on (even for Enterprise customers .... like they did with many new stuff the last years). 

    -2
  • Jonathan March
    Community Moderator

    Update -- starting sometime early today, no more of these spams have been reaching us or our spam-catching-keyword-triggers. Some of them ended up in our suspended ticket view (as "malicious content"), but it appears that most of them have been blocked altogether, though I don't know whether blocked by some improvement in ReCaptcha (which google is constantly tweaking to meet the latest bot challenges) or by a ZD-specific spam block.

    @Eric do you have captcha enabled? 

    BTW, I don't think that it's accurate to say that this issue has been known about for a while (unless by "this issue" you mean "the existence of malefactors on the internet"). AFAICT this attack began on Saturday.

     

     

    0
  • Jonathan March
    Community Moderator

    > I would like to suggest to the Zendesk team that the reCAPTCHA works like all other websites where you have to select a set of images that match the criteria. It says it is protected by reCAPTCHA but doesn't seem like it is required to authenticate reCAPTCHA. 

    Jeremiah Nuhn your information is outdated. See https://webmasters.googleblog.com/2018/10/introducing-recaptcha-v3-new-way-to.html

     

    0

Please sign in to leave a comment.

Powered by Zendesk