Call to $contactApi->getList() returns too many results

imog · June 20, 2021, 9:40am

I’m using Mautic 3.3 with the latest API and want to check my contacts agains informations i stored elsewhere (check if email, name, company, and so on fits with div. user directories).
I found that calling
getList('email='.$email);
for every email to check in an iteration takes muuuch to long and so i decided to load all contacts in one go, or by chunks (using the start and limit params) and compare then. But when i simply issue an
$contactApi->getList();
without any searchfilter (which in my opinion should return all contacts) i got 9047 in ‘total’

This puzzles me, as i only got 1689 contacts in my Mautic. Even when i look into the database it gave me that count of 9047:

SELECT count(*) FROM leads;

Any ideas here?

imog · June 20, 2021, 6:01pm

I guess i found something about the strange number of contacts… it seems that Mautic stores also so called “anonymous contacts” in that table. If i click on “Toggle anonymous contacts” icon on the top-right of the contacts-list, or enter the search-term “is:anonymous”, i get 7367 results. And 9047 - 7367 = 1680 which is the expected number of contacts.

So, first thing to do for me is to only let getList() return non-anonymous contacts. It think i could be done using this search filter:

!(is:anonymous)

But my first try ends up in an “memory exhausted” error on the Webserver

But where are all those anons come from? It seems that Mautic puts the IP address of every contact to it into that table. So whenever somebody hits my Mautic it will be recorded, regardless if that lead to any usefull or not.

The majority of my anon contacts tried to access this URL
https://mautic.mydomain.com/wp/wp-login.php
which looks more like Script-Kiddy Wordpress bruteforce.
So first thing for me is to lead this URL to a 404 on the Nginx
Next thing would be to remove all that stuff from the database.

imog · June 20, 2021, 6:10pm

SELECT count(*) FROM mautic.lead_event_log WHERE properties LIKE '%wp_login.php%';
gave out “only” 436 brutes. But there are many more unwanted page-queries in the log.

How can i prevent Mautic from creating a lead from every page-request?
And how can i cleanup my leads? Just using SQL?

joeyk · June 21, 2021, 5:29am

Hi, you can also create a campaign that takes care of it.

imog · June 21, 2021, 8:19am

I think about how to formulate this as SQL… what do you want to get out of this information?
The challenge is to distinguish between wanted and unwanted access to Mautic and filter out the unwanted (brute forces, scanner, bots), right?
I would say, every request Mautic cannot handle, because the URL leads to something that does not exist, should not create a lead and simply be ignored without a trace.