atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Venkatesh Seetharam <venkat...@apache.org>
Subject Fwd: Jira Spam - And changes made as a result.
Date Fri, 22 Apr 2016 05:03:25 GMT
FYI

---------- Forwarded message ---------
From: Gav <gmcdonald@apache.org>
Date: Thu, Apr 21, 2016 at 5:13 PM
Subject: Jira Spam - And changes made as a result.
To: infrastructure@apache.org Infrastructure <infrastructure@apache.org>


Hi All,

Apologies for notifying you after the fact.

Earlier today (slowing down to a halt about 1/2 hr ago due to our changes)
we had a
big Spam attack directed at the ASF Jira instance.

Many project were affected, including :-

TM, ARROW ACCUMULO, ABDERA, JSPWIKI, QPIDIT, LOGCXX, HAWQ, AMQ, ATLAS,
AIRFLOW, ACE, APEXCORE, RANGER and KYLIN .

During the process we ended up banning 27 IP addresses , deleted well over
200 tickets, and about 2 dozen user accounts.

The spammers were creating accounts using the normal system and going
through the required captchas.

In addition to the ban hammer and deletions and to prevent more spam coming
in, we changed the 'Default Permissions Scheme' so that anyone in the
'jira-users' group are no longer allowed to 'Create' tickets and are no
longer allowed to 'Comment' on any tickets.

Obviously that affects genuine users as well as the spammers, we know that.

Replacement auth instead of jira-users group now includes allowing those in
the 'Administrator, PMC, Committer, Contributor and Developer' ROLES in
jira.

Projects would you please assist in making this work - anyone that is not
in any of those roles for your project; and needs access to be able to
create issues and comment, please do add their jira id to one of the
available roles. (Let us know if you need assistance in this area)

This is a short term solution. For the medium to long term we are working
on providing LDAP authentication for Jira and Confluence through Atlassian
Crowd (likley).

If any projects are still being affected, please notify us as you may be
using another permissions scheme to the one altered. Notify us via INFRA
jira ticket or reply to this mail to infrastructure@apache.org or join us
on hipchat (https://www.hipchat.com/gIjVtYcNy)

Any project seriously adversely impacted by our changes please do come talk
to us and we'll see what we can work out.

Thanks all for your patience and understanding.

Gav... (ASF Infra)

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message