Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Book a Demo
  • Product Updates
  • Contact Us
  • Home
  • Analytics

Spam Checker for Searches

Identify and Manage Suspicious Search Activity

Written by Amanda Helpjuice

Updated at December 11th, 2025, by Amanda Helpjuice

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Getting Started
    Managing Users Permissions & Accessibility Content Management Analytics Video Tutorials
  • Article Editor
  • Swifty AI
  • Languages & Translations
  • Settings
    User Settings User Behavior Knowledge Base Settings Custom Domain
  • Authentication
  • Customization
    Customization Guides
  • API & Webhooks
    API V3 API V2
  • Billing / Subscription
+ More

Table of Contents

Where You can Find Spam-Flagged Searches Understanding Spam Checker Flag Reasons Common Flag Reasons Examples Managing Trusted IPs Troubleshooting Why are legitimate users being flagged? How do I know if the User-Agent is suspicious? Should I unblock a search that was flagged? Why are my integrations being flagged? Why do I see “General spam patterns” so often? Why is one of our office IPs being flagged? Why did a normal search trigger “Unusual amount of symbols”? Why are we seeing spam from many different IPs? Why do searches disappear after a while? Best Practices

The Spam Checker helps protect your Knowledge Base from abusive or automated searches. It automatically identifies unusual traffic patterns and flags queries that may be spam, ensuring your search analytics stay accurate and meaningful.

In this article, you’ll learn:

  • Where flagged searches appear in the Analytics area.
  • How to review spam-like searches.
  • How to add Trusted IPs to prevent legitimate users or integrations from being blocked.
  • Where Spam-Flagged Searches Appear

Where You can Find Spam-Flagged Searches

All search queries detected as spam are displayed in the Flagged Searches tab inside Analytics > Searches. For more information on how to access the Analytics Section, check the Analytics - The Searches Tab article.

There you’ll find:

  • The query that was flagged.
  • The IP address responsible for the search.
  • The reason for the flag.

This view helps you distinguish real user activity from automated or suspicious traffic.

Understanding Spam Checker Flag Reasons

When a search query is flagged as spam, the Flagged Searches tab will display a specific reason to help you understand what triggered the detection. Below is what each reason means:

Common Flag Reasons

  • Unusual amount of symbols
    The search contains an excessive number of special characters or symbols that do not resemble a typical user query.
  • Long character sequence
    The query includes a very long, uninterrupted string of characters, often associated with automated tools or spam scripts.
  • Blocked IP address
    The search originated from an IP address already blocked by the system due to repeated suspicious activity.
  • Suspicious user-agent
    Triggered when the User-Agent string does not match what is expected from a regular browser - for example, bots, crawlers, or custom automations.
  • IP flagged for spamming behavior
    This occurs when the IP performs an unusually high number of searches per minute, indicating possible automation or scraping attempts.
  • General spam patterns
    The query matches common patterns known to be associated with spam or non-human search activity.
  • Manually flagged
    The search was manually marked as spam by an admin reviewing the analytics.

Examples

Here are a few examples to help you understand how these flags appear in real scenarios:

Scripts Running Queries

A script might send a long string like:
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
This would likely trigger Long character sequence or General spam patterns.

 
 

Suspicious Bot Behavior

A query sent with a User-Agent such as:
curl/7.88.1 or Python-requests/2.31.0
would trigger Suspicious user-agent because it doesn’t match a standard browser.

 
 

High-Frequency Searches

If a single IP runs dozens of searches within seconds, the system may trigger IP flagged for spamming behavior.

 
 

Managing Trusted IPs

If the same IP generates a high volume of spam, we block the IP for 1 hour. If it happens again, the block increases to 4 hours. On the third occurrence, the IP is permanently banned.

We enforce this to prevent spammers from attempting to bypass our spam checker and to maintain the integrity and security of the system.

 

If you notice that legitimate users, internal teams, or integrations are being flagged, you can prevent this by adding them as Trusted IPs.

  1. Go to Knowledge Base Settings.
  2. Select Spam Checker.
  3. In the Trusted IPs field, add one IP address per line.
  4. Click Save Changes.

Once added, searches from these IPs will never be blocked or flagged by the system.

Troubleshooting

Why are legitimate users being flagged?

This may happen if users share the same network, use a VPN, or are behind a proxy that triggers spam-like behavior. In these cases, adding the IP to your Trusted IPs list ensures their searches aren’t mistakenly blocked again.

 
 

How do I know if the User-Agent is suspicious?

Most browsers use standard User-Agent strings such as Chrome, Firefox, Safari, or Edge. Anything outside these (like scripts, bots, or automation tools) will appear suspicious. 

 
 

Should I unblock a search that was flagged?

If you recognize the search, user, or IP - and it looks legitimate - you can safely re-allow it. Only unblock queries you are confident are safe to avoid letting automated scripts through.

Once a search is unflagged, it can take up to 3 hours for it to appear in the Analytics metrics.

 
 
 

Why are my integrations being flagged?

Some integrations or internal tools send automated search requests using non-browser User-Agents. This behavior may trigger Suspicious user-agent or General spam patterns.
If you trust the integration, add its IP to Trusted IPs so it won’t be blocked again.

 
 

Why do I see “General spam patterns” so often?

This flag appears when searches match known spam-like structures (e.g., repeated symbols, random strings, or bot-like queries). These patterns are common across automated tools, so you may see this reason frequently even if the IPs vary.

 
 

Why is one of our office IPs being flagged?

Office networks sometimes send many requests through a single shared IP. If multiple employees run searches at the same time, the system may detect it as unusually high volume and trigger IP flagged for spamming behavior.
Adding the office’s IP to Trusted IPs prevents this.

 
 

Why did a normal search trigger “Unusual amount of symbols”?

This can happen if the query includes characters like #, %, *, &, or long sequences of punctuation. Some users use symbols to filter or format their searches, which unintentionally matches spam-like behavior.

 
 

Why are we seeing spam from many different IPs?

Automated tools frequently rotate IP addresses to avoid detection. Seeing many different IPs does not necessarily mean many attackers - just that a single bot or script is rotating addresses.
The Flagged Searches tab helps you identify this pattern.

 
 

Why do searches disappear after a while?

Flagged searches are automatically removed after 30 days to keep your analytics clean and manageable.

 
 

Best Practices

  • Review the Flagged Searches tab regularly to quickly identify unusual activity.
  • Add trusted office or server IPs to prevent legitimate users or integrations from being blocked.
  • Avoid whitelisting unknown or unverified IPs.
  • Look for patterns in repeated spam entries to understand whether a bot or automated system is attempting to access your KB.
  • Encourage your team to report any unexpected blocks so you can review and add Trusted IPs if necessary.
  • If your internal tools rely on automated searches, document their IP addresses to prevent false positives.
  • Use the spam checker insights to identify potential misuse early and tighten access rules when needed.
  • Keep an eye on VPN or proxy usage within your organization, as shared networks can trigger accidental flags.
  • Revisit your Trusted IP list periodically to remove IPs you no longer use.
junk detector searchguard

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Analytics - The Searches Tab
  • How To Archive And Unarchive Content
  • How Does Find and Replace Work

Copyright © 2025 - Helpjuice

Helpjuice, Inc. is a registered US Corporation, EIN # 45-2275731

Download W9
  • Help
  • Features
  • Pricing
  • About
  • Careers
  • Customers
  • Blog
  • Case Studies
  • Resources
  • Knowledge Base Examples
  • Privacy Policy
  • Terms of Service

Why is the knowledge base important?

With a knowledge base, you can allow your customers to self-help themselves, thus reducing your customer support by up to 60%. Furthermore, you can also have your team get instant answers to the questions they need without having to email themselves all using knowledge base software.

What is the purpose of a knowledge base?

The purpose of knowledge base software is to allow you to host your knowledge base/corporate wiki in one centralized 'hub'. Both your customers, and employees can now access information within seconds!

Made with from Miami, Bosnia, Morocco & Brasil

+1 (833) 387 3877 support@helpjuice.com
Expand