Automatic removal of spam comments?

Hello, we’ve recently had a couple of times a following strange incident:

1. Somebody adds a spam comment to some of our spaces that enable anonymous commenting (w captcha)

2. Space admin or somebody else receives a notification message about the comment, opens the spammed page but the spam comment is already removed!

We are sure that the spam comment isn’t removed by any other user.

I tried to reproduce the incident by adding the original spam comment myself (as anonymous user) but the comment wasn’t removed.

I also tried mispelling the captcha several times but it won’t send the notification message since the comment won’t be saved.

Could it be so, that those comments are posted by some other method which is automatically monitored by Confluence, but there is a slight delay before the removal which causes the notification message be sent?

If so, is there any documentation about this available?

We have been running Confluence 4.3.7 over a year but faced these kind of incidents only recently. We’ve suggested disabling the anonymous commenting or monitoring the comments as a workaround.

2 answers

I'd like to second that question. We are experiencing exactly the same problem with our Confluence 4.3.3 installation since about 3 weeks:

* Anonymous users may view pages and add comments in our wiki space, but a CAPTCHA test is required.

* The repeated addition of spam comments is notified via mail as "Anonymous added a comment to the page".

* However, the spam comment is not to be found on the actual page.

* This behaviour cannot be triggered by an anonymous user submitting comments using the web UI and failing the CAPTCHA test.

The problem here is that this generates a fair number of pretty annoying excess notifications. Also, I suspect that the spammer is actually using some kind of (bugged?) API access instead of the web UI since it cannot be reproduced using the web UI.

For bonus credits: Is there a way to learn the IP the annonymous user is using solely from the notification mail and/or the log files? I'd say such a behaviour deserves an entry to our IP blacklist ...

Any help is appreciated!

No, it seems that the spammer just floods Confluence with comments and somehow triggers a hidden bug that causes the notification be sent in spite of failed captcha. There is nothing strange in the logs, just a massive flood of attempted comments: - - [28/Feb/2014:04:51:15 +0200] "GET /pages/doaddcomment.action?pageId=84088443 HTTP/1.1" 200 96047 - - [28/Feb/2014:04:51:18 +0200] "GET /pages/doaddcomment.action?pageId=28211315 HTTP/1.1" 200 97641 - - [28/Feb/2014:04:51:20 +0200] "GET /pages/doaddcomment.action?pageId=122031618 HTTP/1.1" 200 96860 - - [28/Feb/2014:04:51:17 +0200] "GET /display/network/Network+bulleting+-+Institute+of+Biotechnology HTTP/1.1" 200 92812 - - [28/Feb/2014:04:51:16 +0200] "GET /display/cerclesfocus/Past+Scientific+and+Organising+Committees HTTP/1.1" 200 108398 - - [28/Feb/2014:04:51:19 +0200] "GET /pages/doaddcomment.action?pageId=123602853 HTTP/1.1" 200 96940 - - [28/Feb/2014:04:51:24 +0200] "GET /jcaptcha?id=2073667068 HTTP/1.1" 200 3430 - - [28/Feb/2014:04:51:25 +0200] "GET /jcaptcha?id=315987874 HTTP/1.1" 200 3449 - - [28/Feb/2014:04:51:25 +0200] "GET /jcaptcha?id=-1251394768 HTTP/1.1" 200 3380 - - [28/Feb/2014:04:51:24 +0200] "GET /pages/doaddcomment.action?pageId=120463010 HTTP/1.1" 200 96641 - - [28/Feb/2014:04:51:26 +0200] "GET /jcaptcha?id=1968416061 HTTP/1.1" 200 3396

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Feb 06, 2019 in Confluence

Try out the new editing experience

Hi team, I’m Avinoam, a product manager on Confluence Cloud, and today I’m really excited to let the Community know that all customers can now try out the new editing experience and see some of the ...

1,300 views 91 8
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you