Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


What options are available for blocking/filtering spam reports in a public issue tracker?


I've been using Bitbucket for the source repo, public issue tracker, wiki, etc., for my projects since 2015. Once in a while I've seen a spam comment added to an existing issue, but today I'm seeing a number of actual new issues being opened that are completely spam. Here's one that I haven't deleted yet so it could serve as a concrete example:

The volume is still pretty low right now, but I fear I'll wake up one morning with hundreds or even thousands of such issues having been logged.

Is there any first-class mitigation strategy aside from changing the issue tracker from public to private? That wouldn't really be a viable option for me as this is the public issue tracker for users of my project.

Any insights or suggestions you can provide are sincerely appreciated.

3 answers

Hi. I've been communicating with Atlassian/Bitbucket Cloud support for a few days now and they're actively working on a solution for this. The problem is NOT solved yet, though, and they recommend that any affected public issue trackers be made private until they are. If you have a large number of spam issues, they should be able to help remove them en masse. I'll be happy to post an update here when they've informed me of a solution.

Yeah, the spam rate increased considerably overnight (hundreds) and now I'm going to be spending my morning cleaning up my issue tracker and taking it offline until/unless there's a resolution. Sigh...

We are seeing spam from the same malicious group starting today on several of our public issue trackers. I suspect BitBucket is being subjected to a widespread concerted spam attack this evening.

This incident highlights the woefully inadequate tools that BitBucket provides repo admins for mitigating spam/defacement attacks.

Please go vote and comment on feature request BCLOUD-21131, which is not a fool-proof solution but at least would be a step in a positive direction.

Done. Thank you for responding here!

Hi @bonachea. A few questions if you don't mind and have the time:

What are you doing with your public issue trackers that are under attack? Have you changed them to private temporarily until this attack ends? If so, how are going to decide when it's safe to make them public again?

How are you letting users of disabled issue trackers know what's going on in the interim? I really wish that a public/read-only option was offered so that the issue tracker is still available publicly in a read-only state.

Have you reported the attacker accounts to Atlassian somehow? If so, what report channel did you use?

Are you aware of any kind of bulk issue delete mechanism in BitBucket Cloud? After changing my issue tracker to private, I had to remove ~600 spam issues this morning, one at a time, three clicks per-issue.

Thanks in advance for any additional guidance you can provide.

Hi @RoseSilverSoftware  - I recommend creating an Atlassian support ticket here:

We've had a similar problem before and they are disappointingly slow to respond, but they do eventually respond.

I strongly agree that issue tracker features like a public/read-only state and bulk edits (a frequently requested feature) would be useful in this situation. Unfortunately BitBucket Cloud's issue tracker is deliberately underpowered for business reasons (self-competition) so I wouldn't hold your breath for any "fancy" features like that.

Sadly the best advice is probably to ditch Atlassian products entirely and move to a competitor hosting service whose business model doesn't depend on saddling non-enterprise users with offensively feature-poor tools.

Like astanin likes this

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events