Lots of Anonymous Contacts appearing

Your software
My Mautic version is: 5.1.0
My PHP version is: 8.1.29
My Database type and version is: MySQL 8.0.37

Your problem
My recent and new installation of Mautic shows the existence of many anonymous contacts. These contacts are not registered in the database. Apparently, it is just a “bug” in the graph.

Can anyone tell me if this is normal? Well, look, the list of identified contacts is zero and, in fact, I do not have any registered contacts.

These errors are showing in the log:
That’s not the case.

Steps I have tried to fix the problem:
I really don’t know what to do and if this is such a big mistake.

Did you switch to anonymous contacts in the contact list? By default they are filtered out from the view…

Hi, I didn’t change to anonymous contacts, it was like that by default. Anyway, I would like to know what these anonymous contacts are, where they come from and where they are saved?
Can you explain it to me?

Whenever you have mtc.js or a form embedded in a web page, hits will create anonymous contacts. Thats how Mautic works. You can clean up anonymous records regularly via cron jobs.

Even if you didn’t embed them into a page, there may be random hits, as you IP address may have a history.

The anonymous contact creation is totally normal, so? can you share a exemple of cron job code to exclude they every week, for exemplo? Tks for yout atention and time!

We get this too. No Mautic scripts active anywhere, but hundreds of contacts created every day. I’m quite certain it’s a bug somehow. Started with v5.

Reported here as well: V5 huge spike in "Anonymous contacts" & "Page Visits"

On V4 it does not happend, so? Then, could be a bug… Lets wait if someone by the community aswrer the topic.

Hi @rushagencia , @AlbertMN and everyone else,

I experianced something similar in my case it turned out that mautic was actually firing tracking script on EACH mautic page load. While I did not get to the exact root cause it turned out that I had to reset mautic settings (things saved in config/local.php).

I think in my case migration for local.php from V4 to V5 did not work as expected and so I got this error.

Here are steps I took to resolve that:

• backup current local.php
• replace current local.php content with minimal configuration you get when you first install mautic 5 (something like):

        <?php
        $parameters = array(
                'api_enabled' => true,
                'api_enable_basic_auth' => true,
                'db_driver' => 'pdo_mysql',
                'db_host' => 'db',
                'db_table_prefix' => null,
                'db_port' => 3306,
                'db_name' => 'db',
                'db_user' => 'db',
                'db_password' => 'db',
                'admin_email' => 'mautic@ddev.local',
                'admin_password' => 'mautic',
                'install_source' => 'DDEV',
                'mailer_from_name' => 'DDEV',
                'mailer_from_email' => 'mautic@ddev.local',
                'mailer_dsn' => 'smtp://localhost:1025',
                'db_backup_tables' => false,
                'db_backup_prefix' => 'bak_',
                'secret_key' => '<secret key>',
                'site_url' => '<https://example.com>',
        );

• then login to mautic → Configuration → Save & Close
• go over all mautic settings and adjust it to your needs
• for good masure clear the cache with rm -rf var/cache/prod/*

This fixed the issue for me, I hope its useful to someone else.

Best, M.

For us, this wouldn’t fix it, as we don’t even use the tracking script… It just creates random contacts somehow.

After a little bit of digging, I can see that the contacts are usually created from random domains IPs that have nothing to do with ours.

These screenshots below are just a few of the already 133 created contacts from the past 13 hours for us;

image2474×460 50.9 KB

image2444×494 37.9 KB

image2478×616 96 KB

What all of these have in common, is that the URL leads to a Mautic site with an invalid SSL certificate.

Seems super fishy in my opinion, but how these Mautic sites ping our site or found our domain, I do not know.

We’re looking into whether we can disable this somehow, as we don’t intend to use the Mautic tracking script, and all tracking settings are seemingly disabled;

image1648×1380 157 KB

I think this issue really warrants looking in to, as - in the worst case, going full tinfoil-hat here; could there be some issue where Mautic 5 sites are somehow “connected”, seeing the sites that visitors are created from (https://refreshtab.com/s/login, https://naturebunn.com/s/login, https://tabinex.com/s/login) for us, are all Mautic sites, but have got nothing to do with us.

The problem you described does not seem to be related to Mautic tracking, rather its the problem of web server configuration for those domains.

I would create a separate server block where in your web server catch those other domains and deny access to Mautic, that way since request is not even coming to mautic it wont trigger tracking script.

And just to be sure Mautic is not creating contacts when you are using mautic, I would turn on debug mode in config/local.php with ‘debug’ => true and check the logs for a bit.

Best, M.

We are working on that now. We enabled Cloudflare “Zero Trust”, but even with this enabled, we get the contacts. It seems our IP is pinged directly. We’re now denying all traffic to our Mautic site that doesn’t go through Cloudflare.

Yet, I’m not quite ready to call this a “solution” - unless we’re the only ones experiencing it like this, but it appears that others experience this.

What I don’t get is why pinging the IP of our Mautic dashboard, creates an anonymous contact? Malicious or not, I can’t see a case where we’d want anonymous contacts created from traffic to our Mautic admin dashboard.

We’ll dig a little deeper.

Did you try resetting the config as I suggest above? Even if you are not using tracking script.

And above when I said that tacking script was firing on each page load of mautic I miss spoke perhaps, because tracking script is something that gets fired by web site.

More accurate would be that logic for tracking a contact has been triggered on each page load.

Because of the reason above I still think its a valid thing to try to reset your configuration if you have not done it yet.

Before resetting, we’re trying to find the source in the code; where it’s triggered. We’ll attempt a config reset later, though I must admit I can’t see what the relation might be.

So, in the end, the domains in question seem to be unused domains that pointed to our Mautic server’s IP. So the Mautic instance showed (after ignoring invalid SSL errors), was actually ours. Maybe these sites had our IP, before it was given to us.

The traffic coming from these sites, however, may be a bunch of random crawlers, as it doesn’t seem these domains are in use.

The anonymous contacts were created on 404 page visits, as we missed the “Do not track 404 error (…)” setting in the “Tracking” settings, as this setting - like all others, are defaulted to “No”, but this is the only setting that is sort of “double-negative” and enabled by default, though the setting is set to “No”. I’d definitely recommend this setting be set to “Yes” by default, so 404-traffic is not tracked - unless there’s a point in it being enabled by default, that I do not see?

That means the mystery is solved, on our end at least!

We ended up further disallowing any other hostnames than the one we use, as well as requiring traffic to go through Cloudflare, and thereby “Zero Trust”.

Thanks for your suggestions and time, @mzagmajster. And for OP, @rushagencia; maybe what happened to us, is what happens to you as well. It’s worth checking out, and possibly implementing the fixes we implemented on our end.

Don’t know if any changes from v4 to v5 made this possible, or if it’s just weird timing!