English (US)
  1. Zendesk help
  2. Chat
  3. Live chat advice and troubleshooting
  4. How to manage the widget for live chat

How can I stop a spam attack coming from the Chat widget?

Ricardo Pinto
  • Edited
Zendesk Digital Resources Team

Question

My account received thousands of tickets coming from our Chat widget. How can I stop this spam attack?

Answer

If you are being spammed, check the IP address of each request and temporarily disable the offline Chat form.

Check if the spammer is using the same IP address for every request

If the spammer is using the same IP address for every request, you can ban it. Consider banning the country of origin if your company doesn't have real customers contacting you from there. For more information, see the article: Restricting the Chat widget by country or domain.

Important: Spammers often rotate their IP address so this may only be a temporary solution. You may need to add more IPs as they emerge as spammy.

Temporarily disable the offline chat form (or widget as a whole)

Disabling the offline form altogether or the widget as a whole is the most disruptive to your workflow. However, hiding or disabling your Chat widget for a short time, five to ten minutes, is usually enough to interrupt the attack.

To disable the offline Chat form, follow the instructions in this article: Managing offline form settings.

Under Settings, hide the Chat widget until it is configured to appear by a trigger or the API.

  1. Select Settings > Widget.
  2. Click the Settings tab.
  3. In the Hide Widget section, make sure the Turn off Chat Widget checkbox is not selected.
  4. If you've unchecked the box, click Save Changes.

Alternatively, if you have the widget embed in your Help Center, remove the entire integration under Guide Admin > Settings > Integrations. Unselect the Chat option to make the entire integration disappear. For more information, see the article: Enabling Chat for your help center.

For information about cleaning up any spammy tickets that may have resulted, see the article: How can I bulk delete spam tickets in Zendesk?

Note: If the spam is coming from your Web Widget contact form, see the article: How can I stop a spam attack coming from my contact form?
Return to top

4 Comments

  • Pedro Reis

    Unfortunately, that doesn't solve anything. The widget should have a captcha or two factor of some sort.

    We had a spam attack, and even after having enabled "Require authentication for request and uploads APIs.", spam tickets were continuously being created.

    By the way, your new "messaging" support channel doesn't work at all. I tried to get help and had no success - unreplied messages and tickets were solved and closed without any intervention.

    2
  • Oliver Jackson
    • Edited

    How can we prevent spam from being submitted via the Offline Form? Is there honestly no way of doing this? It's virtually useless without this functionality because of the sheer volume of junk which comes in. Consequently our data becomes contaminated by the endless stream of spam messages.

    0
  • Dane
    Zendesk Engineering
    Hi Pedro,
     
    I apologize for the experience that you have regarding our support.
     
    Just to make sure that you will get the assistance you need, I'll personally create a ticket for you and work on it. Please wait for my update. 
     
    Cheers,
    Dane
    0
  • Dane
    Zendesk Engineering
    Hi Oliver,
     
    As it turns out, the only option is to turn if off or use JWT Authentication.
    0

Please sign in to leave a comment.

Powered by Zendesk