My account received thousands of tickets coming from our Chat widget. How can I stop this spam attack?
If you are being spammed, check the IP address of each request and temporarily disable the offline Chat form.
Check if the spammer is using the same IP address for every request
If the spammer is using the same IP address for every request, you can ban it. Consider banning the country of origin if your company doesn't have real customers contacting you from there. For more information, see the article: Restricting the Chat widget by country or domain.
Temporarily disable the offline chat form (or widget as a whole)
Disabling the offline form altogether or the widget as a whole is the most disruptive to your workflow. However, hiding or disabling your Chat widget for a short time, five to ten minutes, is usually enough to interrupt the attack.
To disable the offline Chat form, follow the instructions in this article: Managing offline form settings.
Under Settings, hide the Chat widget until it is configured to appear by a trigger or the API.
- Select Settings > Widget.
- Click the Settings tab.
- In the Hide Widget section, make sure the Turn off Chat Widget checkbox is not selected.
- If you've unchecked the box, click Save Changes.
Alternatively, if you have the widget embed in your Help Center, remove the entire integration under Guide Admin > Settings > Integrations. Unselect the Chat option to make the entire integration disappear. For more information, see the article: Enabling Chat for your help center.
For information about cleaning up any spammy tickets that may have resulted, see the article: How can I bulk delete spam tickets in Zendesk?
Unfortunately, that doesn't solve anything. The widget should have a captcha or two factor of some sort.
We had a spam attack, and even after having enabled "Require authentication for request and uploads APIs.", spam tickets were continuously being created.
By the way, your new "messaging" support channel doesn't work at all. I tried to get help and had no success - unreplied messages and tickets were solved and closed without any intervention.
I apologize for the experience that you have regarding our support.
Just to make sure that you will get the assistance you need, I'll personally create a ticket for you and work on it. Please wait for my update.
How can we prevent spam from being submitted via the Offline Form? Is there honestly no way of doing this? It's virtually useless without this functionality because of the sheer volume of junk which comes in. Consequently our data becomes contaminated by the endless stream of spam messages.
As it turns out, the only option is to turn if off or use JWT Authentication.
Please sign in to leave a comment.