April 20th we had a big Spam attack directed at the ASF Jira instance.
Many project were affected, including :-

TM, ARROW ACCUMULO, ABDERA, JSPWIKI, QPIDIT, LOGCXX, HAWQ, AMQ, ATLAS, AIRFLOW, ACE, APEXCORE, RANGER and KYLIN .

During the process we ended up banning 27 IP addresses , deleted well over 200 tickets, and about 2 dozen user accounts.

The spammers were creating accounts using the normal system and going through the required captchas.

In addition to the ban hammer and deletions and to prevent more spam coming in, we changed the 'Default Permissions Scheme' so that anyone in the 'jira-users' group are no longer allowed to 'Create' tickets and are no longer allowed to 'Comment' on any tickets.

Obviously that affects genuine users as well as the spammers, we know that.

This is a short term solution. For the medium to long term we are working on providing LDAP authentication for Jira and Confluence through Atlassian Crowd (likely).
We've moved back to allowing all jira-users to create issues and comment, as we believe we have remedied the situation.
If any projects are still being affected, please notify us as you may be using another permissions scheme to the one altered. Notify us via INFRA jira ticket or reply to this mail to infrastructure@apache.org or join us on hipchat (https://www.hipchat.com/gIjVtYcNy)

Any project seriously adversely impacted by our changes please do come talk to us and we'll see what we can work out.

Thanks all for your patience and understanding.
  • No labels