Mautic version is: 4.4.3
Hello, our Mautic system has been operating for about 2 years at https://mailer.xyz.de. However, we have noticed an issue over the last 90 days that we cannot explain. Whenever something is appended to our mautic web address, for example, ‘https://mailer.xyz.de/einfachso’, and this page is then accessed, Mautic automatically creates an anonymous contact.
As a result, nearly 20,000 anonymous contacts have been generated in the past few months. We do not understand how these links are being created, but we suspect that some crawlers or bots might be generating and then ‘visiting’ them? Additionally, we have not made any fundamental changes to the system and are puzzled as to why this is suddenly happening. What could be causing this ‘error’?
Basically when someone visits the page and that page has mautic tracking script on it, Mautic will create anonymous contact, when that contact fills out the form or somehow identifies itself that anonymous contact becomes a known lead.
Theory about the bots is quite possible. On mautic side I suggest you cleanup anonymous contact older then X number of days (there is a command that is provided by mautic core).
The URLs all lead to 404 so no one can fill out any form using that exact address.
Most contacts are created by trying to access existing files for example in
https://mailer.xyz.de/themes/
https://mailer.xyz.de/assets/
that are NOT accessable from the outside.
The links you are posting do not work.
Anyway, if tracking script is somehow triggered, then its normal that anonymous contact gets created.
If we would have the real links here I might be able to provide more insight.
I don’t know if the orginal links will help but here is one example:
Yesterday evening, many contacts were created without visited any link. Their contact history is completely empty, except for the entry that the contact was created.
I just tested it myself, mautic also tracks hits on application itself, if you are not logged in.
I would check the logs see what user agents are doing those hits and try to block them on web server level.