Question

My account received thousands of tickets coming from live chat in the Web Widget (Classic). How can I stop this spam attack?

Answer

Spam tickets arise from various sources. Below are ways you can minimize or stop spam attacks in the Web Widget (Classic).

Require API authentication

Most spam tickets may be submitted through the API. To minimize spam from API endpoints:

  1. In Admin center, go to People in the sidebar > Configuration > End users

  2. In the Anybody can submit tickets section, select Enabled then check Require authentication for request and uploads APIs

    Enabling the require authentication for request and uploads APIs option in the People settings.
  3. Scroll down and click Save tab

For more information, see Requiring authentication for the Requests and Uploads API endpoints.

Check the spammer's IP address

If the spammer uses the same IP address for each request, you can ban them from Chat. You may also restrict the widget by country if you don't have a customer base in the country where the IP address is located.

Important: This may be a temporary solution as spammers often rotate their IP addresses. You may need to ban more IP addresses as you encounter spam attacks in your account.
Temporarily disable the widget

While it may be disruptive to your workflow, a ten-minute break for the offline form or the widget as a whole is enough to interrupt the spam attack. To disable the offline form, see Managing offline form settings. To manage your widget, see How do I enable or disable live chat or messaging?

For information on spam cleanup, see How can I bulk delete spam tickets in Zendesk?

Note: If the spam attack comes from your contact form, see How can I stop a spam attack coming from my contact form?
Powered by Zendesk