Spam Ticket Being Received?

[ghooke]

*
*
*
************** UPDATE BY KLEMEN ***************

If you are experiencing problems with SPAM please try these steps:

http://www.hesk.com/knowledgebase/?article=27

*******************************************************
*
*
*

HI,

I’m getting ‘spam’ type support ticket being opened. And they seem to be increasing.

The ‘name’ field on the ticket are just a jumble of 7 or 8 letter.

The email address are always Gmail accounts, and they are all different.

The IP addresses are different also.

How can this happen…. because when a ticket is first generated, the person has to complete a captcha question before submitting. Surely these can’t be being done manually.

So I’m totally confused.

Can someone tell me how to stop this, as the frequency of these is getting worse.

I can send screenshot, if it helps

Glen

[aarondwyer]

This started happening to me as well 3 weeks ago. I've been running hesk for a long time, and never once got a spam submission to the support area.

Initially I thought it was since I was running 2.1 and now I've upgraded to 2.4.1 and the spam is still getting through.

I had the captcha method turned on, so they were getting past that.

I've just turned on the human text verification method as well. So we'll see how that goes.

[ghooke]

Yes...ditto Aaron...

I've also had HESK for a long while,and, as I said, this issue started only about a week ago for me

I think the setting function is.."Use anti SPAM Question' , YES - NO - so I'll turn that ON and see if it makes a difference.

--Glen

[jparsons]

I am also getting a ton of spam tickets. Has anyone figured out how to stop them yet?
We have never had an issue, until a few weeks ago and now I am getting 20-30 a day.
I upgraded to the latest version, disabled email submission, turned on both the image verification as well as the human test question, which I wrote my own complicated question for and also enabled email address verification to submit a ticket.
Still, getting several a day.
I think they have found a way to go around the checks and tests. Any ideas?
Ill keep digging in logs and such to see if i can find how they are posting and etc.

[ghooke]

I activated the "Use anti SPAM Question' , YES - NO - function yesterday, and so far, no spam tickets.

It might be a coincidence and they stopped sending. Will wait and see.

[Klemen]

Indeed it looks like someone started targeting HESK installations with SPAM.

If you are having problems, your best bet is to try this:

1. in "Settings" > "Help Desk" > "Security" disable anti-SPAM image
2. enable "Anti-SPAM question"
3. type a unique anti-spam question, don't use a default one. It should be easy to understand to humans and have a simple answer
4. save changes

I will also prepare updates to anti-SPAM filters for the next version.

[Klemen]

One more thing to consider: do you have Email piping or POP3 fetching enabled?

If yes, SPAM tickets may be submitted over email. HESK doesn't check incoming email for SPAM, it relies on your server's SPAM filter.

[ghooke]

Can I have an explanation of what... 'Email piping or POP3 fetching' is in the first place, and why it should be active..or not?

[Klemen]

It's a feature for converting customer emails into tickets, it is disabled by default.

http://www.hesk.com/knowledgebase/index.php?article=58

http://www.hesk.com/knowledgebase/index.php?article=65

[nelson]

I am getting murdered with these all day and night also. I received over 80 just over the weekend, all to my cell phone at night too. Killing me.. lol I was getting them with the older version, that's the main reason I even upgraded to the newest version last Monday, turned on every security setting I could find. I also use the IMAP feature but I turned it off thinking it was it also.

I finally just deleted 7 pages of spam tickets.. and got 2 more just as I was typing this. And yes, 95% of mine are from some crap@gmail.com also.. Love this helpdesk, so I'll stick it out waiting.. keep up the good work

[ghooke]

Not sure if it's a coincidence, but ever since I activated the ' security question' function, the spam has, so far, stopped.

And that was about 6 days ago.

[tahoemike]

I am getting murdered with these all day and night also. I received over 80 just over the weekend, all to my cell phone at night too. Killing me.. lol I was getting them with the older version, that's the main reason I even upgraded to the newest version last Monday, turned on every security setting I could find. I also use the IMAP feature but I turned it off thinking it was it also.

I finally just deleted 7 pages of spam tickets.. and got 2 more just as I was typing this. And yes, 95% of mine are from some crap@gmail.com also.. Love this helpdesk, so I'll stick it out waiting.. keep up the good work

Have you tried keeping track of the IP addresses? Out of the dozens of spams that I received daily, I thought they were all coming from all different IP,s but after logging them I came up with only 4. I added them to my IP address block from my Cpanel and so far (fingers crossed) the spam tickets have stopped. Here are the numbers I saw:
46.105.116.179
142.4.117.21
74.91.23.26
108.171.251.2

[Klemen]

A good anti-SPAM question is definitely the way to go. You can disable the anti-spam image and use just a custom anti-spam question (write your own unique one).

I am testing few anti-spam filtering options, but the problem with any filters is they will also block legit customers who are trying to for example report spam or post HTML code.

Thanks for sharing the IP addresses, I was tracking the same 4 ones.

[nelson]

tahomike - I have not added these IPs to my blocked list in server but you are 100% correct, I'm getting hit w/ the same IP addresses.. i just scanned through 76 new spam tickets that came in just overnight and their IP's all matched. I did however manage to find a new IP to add to everyone's list with the same spam message . 91.237.249.67. Awesome...

** Update **
It's only been a couple hours but I must say, adding the 5 IP addresses to my servers IP blocked list stopped them all so far. I was getting pelted with them so even after this short time, very noticable.

I just want to say, I'm not a programmer, don't know a lot about php/mysql/etc, but have used Hesk versions for several years.. Little bump in the road, but it's still bar far my fav. script I have that helps me in my business. Keep up the good work.

[tahoemike]

A good anti-SPAM question is definitely the way to go. You can disable the anti-spam image and use just a custom anti-spam question (write your own unique one).

I am testing few anti-spam filtering options, but the problem with any filters is they will also block legit customers who are trying to for example report spam or post HTML code.

Thanks for sharing the IP addresses, I was tracking the same 4 ones.

This is the part I don't understand - are you saying (simply by virtue of setting up a custom anti-spam question) that all of these spam tickets are being submitted manually? My first guess was a mysql database brute force injection. (I've seen it happen to other scripts that I run [NOT php junkyard scripts!)
So if everyone is using a custom anti-spam question, how is the spammer getting all of those tickets submitted?

I am definitely using a custom question: "92 + six ="
As well i am using v 2.4.1 and the spam image is disabled.