Automatic removal of spam comments?

Hello, we’ve recently had a couple of times a following strange incident:

1. Somebody adds a spam comment to some of our spaces that enable anonymous commenting (w captcha)

2. Space admin or somebody else receives a notification message about the comment, opens the spammed page but the spam comment is already removed!

We are sure that the spam comment isn’t removed by any other user.

I tried to reproduce the incident by adding the original spam comment myself (as anonymous user) but the comment wasn’t removed.

I also tried mispelling the captcha several times but it won’t send the notification message since the comment won’t be saved.

Could it be so, that those comments are posted by some other method which is automatically monitored by Confluence, but there is a slight delay before the removal which causes the notification message be sent?

If so, is there any documentation about this available?

We have been running Confluence 4.3.7 over a year but faced these kind of incidents only recently. We’ve suggested disabling the anonymous commenting or monitoring the comments as a workaround.

2 answers

I'd like to second that question. We are experiencing exactly the same problem with our Confluence 4.3.3 installation since about 3 weeks:

* Anonymous users may view pages and add comments in our wiki space, but a CAPTCHA test is required.

* The repeated addition of spam comments is notified via mail as "Anonymous added a comment to the page".

* However, the spam comment is not to be found on the actual page.

* This behaviour cannot be triggered by an anonymous user submitting comments using the web UI and failing the CAPTCHA test.

The problem here is that this generates a fair number of pretty annoying excess notifications. Also, I suspect that the spammer is actually using some kind of (bugged?) API access instead of the web UI since it cannot be reproduced using the web UI.

For bonus credits: Is there a way to learn the IP the annonymous user is using solely from the notification mail and/or the log files? I'd say such a behaviour deserves an entry to our IP blacklist ...

Any help is appreciated!

No, it seems that the spammer just floods Confluence with comments and somehow triggers a hidden bug that causes the notification be sent in spite of failed captcha. There is nothing strange in the logs, just a massive flood of attempted comments:

175.42.11.121 - - [28/Feb/2014:04:51:15 +0200] "GET /pages/doaddcomment.action?pageId=84088443 HTTP/1.1" 200 96047
175.42.11.121 - - [28/Feb/2014:04:51:18 +0200] "GET /pages/doaddcomment.action?pageId=28211315 HTTP/1.1" 200 97641
175.42.11.121 - - [28/Feb/2014:04:51:20 +0200] "GET /pages/doaddcomment.action?pageId=122031618 HTTP/1.1" 200 96860
175.42.11.121 - - [28/Feb/2014:04:51:17 +0200] "GET /display/network/Network+bulleting+-+Institute+of+Biotechnology HTTP/1.1" 200 92812
175.42.11.121 - - [28/Feb/2014:04:51:16 +0200] "GET /display/cerclesfocus/Past+Scientific+and+Organising+Committees HTTP/1.1" 200 108398
175.42.11.121 - - [28/Feb/2014:04:51:19 +0200] "GET /pages/doaddcomment.action?pageId=123602853 HTTP/1.1" 200 96940
175.42.11.121 - - [28/Feb/2014:04:51:24 +0200] "GET /jcaptcha?id=2073667068 HTTP/1.1" 200 3430
175.42.11.121 - - [28/Feb/2014:04:51:25 +0200] "GET /jcaptcha?id=315987874 HTTP/1.1" 200 3449
175.42.11.121 - - [28/Feb/2014:04:51:25 +0200] "GET /jcaptcha?id=-1251394768 HTTP/1.1" 200 3380
175.42.11.121 - - [28/Feb/2014:04:51:24 +0200] "GET /pages/doaddcomment.action?pageId=120463010 HTTP/1.1" 200 96641
175.42.11.121 - - [28/Feb/2014:04:51:26 +0200] "GET /jcaptcha?id=1968416061 HTTP/1.1" 200 3396


Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 24, 2018 in Confluence

Atlassian Research opportunity with Confluence templates

Do you use templates with Confluence? Take part in a remote 1-hr workshop. You'll receive USD $100 for your time!   We're looking for people to participate in a   remote 1-hr workshop...

1,035 views 15 13
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you