Automatically deflect Zendesk spam tickets via triggers and webhooks

From time to time spammers use open API endpoint in Zendesk to flood your inbox with tickets. This article shows an efficient and automatic way to deflect these tickets.

Automatically deflect Zendesk spam tickets via triggers and webhooks

For anyone using Zendesk in the last few days, the image below will be very familiar. All of the sudden your inbox gets flooded with spam tickets. They seem to originate from the web widget channel and contain Chinese characters.

From what I can gather, and confirmed via other people contacting Zendesk, these tickets are created by spammers misusing the unauthenticated api/v2/requests/ endpoint that's used to create tickets via webforms.

Preventing these tickets is not really possible since the only way to close the endpoint is to prevent unauthenticated users from creating tickets, but that kinda defeats the purpose of having a Help Desk.

Zendesk always finds a way to deflect this spam-attacks by adapting their firewall and content filter settings, but in the meanwhile, here's an easy method to handle these tickets.

How to automatically mark tickets as spam.

Step 1: Identifying the tickets

Any automatic filter can only work as long as you find a way to identify the tickets. In this scenario there's two approached I took:

First I created an organization QQ that has a linked domain, since that's used by most of these requesters.

Secondly I noticed that all these tickets have a similar structure in their subject oZxQh用你IP帮我打婇嘌每天3OO伽qun858543602 so I can also use this to identify them.

This part of the flow is always a bit of cat and mouse and you'll need to adapt your identifiers from time to time.

Step 2: Webhook

May 6th - A previous version of this article showed a wrong placeholder in the web hook URL. This has now been fixed!

Zendesk has an endpoint to mark tickets as spam and suspend end-users which is documented here.

In order to automatically call this endpoint and mark tickets as spam, we'll need to create a webhook.

  1. Go to the admin center and navigate to Apps and integrations > webhooks
  2. Add a new web hook with{{}}/mark_as_spam as the Endpoint URL and set the Request Method toPUT.
  3. Authenticate with Basic Authentication with as the username and a Zendesk API token as the password.

Step 3: Trigger

Finally, we'll need a trigger that will call the web hook if a potential SPAM ticket is created.

For the conditions, you can use the identifiers we defined in step 1:

  • ALL: Tickets are created
  • ANY:
    • Organization is Qq
    • Subject Text contains 3OO伽qun
    • (add your own)

And for the actions, select the webhook we just created. You can leave the JSON body empty or leave the {} that's added by default.

Note that API calls take a few seconds to execute. So it's best to put this trigger before any assignment triggers so the tickets don't temporarily end-up in your agents' views.

Wrap up

Any new tickets that fall under your spam rules will now be automatically marked as spam and be suspended, no longer filing your views.

You can follow the suspensions executed by looking at the Activity tab of your webhook's configuration page in the Admin Center. Each successful suspension will be market with a Success:200 OK status.

And if you check your Deleted or Suspended Tickets views, you'll be greeted with a list of tickets.

The only real maintenance here is that to keep an eye on spammers using some new format and updating your trigger accordingly.

You can also use an automation that looks at the same identifiers and tickets older than one hour to clean up the backlog!