Spam again :(

[Achim Nierbeck]

Hi guys, just wanted to let you know, 

it only took about a week or two for the spammers of our Jira to come back again. 

I instantly de-activated the account of the person to spam ... it's a pita. 

Does anyone have an idea how we can go on with this constant spamming of our Jira?
Will it help to use some oauth stuff or two-factor authentication stuff to block this?

regards, Achim 

--

Apache Member

Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>

Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>

Software Architect / Project Manager / Scrum Master 

[Achim Nierbeck]

Here's the link to the person in question: 

https://ops4j1.jira.com/admin/users/view?username=Smithcolman12

[Niclas Hedhman]

Shouldn't Atlassian be pushed on the issue?

--
You received this message because you are subscribed to the Google Groups "OPS4J Infrastructure" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ops4j-infra+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Niclas Hedhman, Software Developer
http://zest.apache.org - New Energy for Java

[Achim Nierbeck]

Guess so ... 

and here we go again ... 

https://ops4j1.jira.com/browse/QI-459?jql=reporter%20%3D%20rpaul9596

this just sucks. 

[Achim Nierbeck]

Hi, 

I just opened a ticket at atlassian: 

https://support.atlassian.com/servicedesk/customer/portal/23/JST-231714

btw, it looks like our license or atlassian will expire on November 3rd ... don't know what the impact will be :(

regards, Achim 

[Toni Menzel]

Maybe it is time to leave Atlassian Cloud (or whatever it is called these days) and move to Github Issues. Yes they are limited, but thanks to Gradles recent announcement (same move!)[1] i got aware of Zenhub [2], which operates on top of Github issues. 

Wdyt?

[1] https://blog.gradle.org/github-issues

[2] https://www.zenhub.com

Toni Menzel

www.rebaze.de | www.rebaze.com | @rebazeio

[Achim Nierbeck]

Hi,

It's worth considering.

But right now we do have the complete history of our projects in jira. And a migration of that would need to be done first. 

It's the same for our wiki.

But a real Diskussion would need to take place on users first at this list only has limited users. 

Regards, Achim 

[Niclas Hedhman]

I think the solution, at least in the short term, is quite easy; if the email is not subscribed to Google Groups, don't allow it to be post on Jira.

If possible, then additional rule could be added, that a post has to be made to the group before post is allowed on Jira.

And IF this was open source, we could fix this ourselves, instead of relying on corporations that don't care.

Niclas

[Achim Nierbeck]

yeah ... I disabled self-sign-on again ... and added a banner to Jira ... 
Maybe in the longterm moving to GitHub does exactly that .. you need to have a github account ... oth it won't last long for spammers to register themselves there to and do the same thing on github ... it just needs the crucial amount of people using it for them to be attracted. AFAIK Apache did have the same issue and it's not solved there either ...

regards, Achim 

[Achim Nierbeck]

So here's the feedback of Atlassian, 

in short since there is a captcha and since we don't have a email handler for "automagic" registration. 

There is nothing we can do about it[1]. It's a pita, Atlassian is aware of the issue they even have a 

ticket[2] for their system. 

So right now, we have to go the same way, as Apache does. Enabling new users only when called to do so. 

regards, Achim 

[1] - https://support.atlassian.com/servicedesk/customer/portal/23/JST-231714

[2] - https://jira.atlassian.com/browse/JRA-39368