Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

captcha bypassaed

Matteo Monfredini
Matteo Monfredini January 14, 2014

every day we receive about a dozen of spam comments by Anonymous user on our documentation website, that is powered by Confluence.

Our website settings require captcha before submitting a comment as Anonymous. Is it possible that the spammer is exploiting a bug that bypasses the captcha?

This problem is very annoying because it forces us to frequently remove unwanted comments. Is there a way to add a moderator or some sort of approval workflow on comments that are edited by an anonymous user?

Thank you in advance

Answer
Watch
Like # people like this
1811 views

3 answers

2 votes
Matteo Monfredini
Matteo Monfredini March 5, 2014

Alex, I am totally with you.

IMHO, Atlassian should:
1- Implement comment moderation (it exist since a long time... why you don't have implemented?)
2- Implement a series of different captchas (based on words, images), or better again, let developers write plugins to use wathever captcha verifications available on the net (recaptcha, mollom, identipic...)

Reply
1 vote
Alex Yasurek
Alex Yasurek
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 4, 2014

We have just started going through the same thing. It started out slowly only getting 1 or 2 spam comments so we had our hosting company blacklist the IP addresses, but each new spam comment had a different IP address. It then exploded over night and we had like 30 new spam comments. It's very time consuming to go through and blacklist the IP address of every new comment since they are all different. We had to disable anonymous commenting for now but this is not a solution for us since we want legitamate comments from real users. I hope confluence comes up with some solution or replaces their captcha system for a better one.

Reply
1 vote
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 14, 2014

I'm afraid it's not a bug in Confluence, it's a general problem with the "Captcha" process. First, Captcha is easily bypassed by brute force - you can hire teams of people who will read captchas for you for fractions of a penny, and I know several sites that are constantly being hit by these. Secondly, last year, a security team demonstrated an AI that was capable of passing most schemes nearly as well as a human (but thousands of times faster).

So, your instinct to go for comment approval is probably the right one, but I'm not aware of any plugin that would do that for you. (Atlassian have said they won't do it inside Confluence - https://jira.atlassian.com/browse/CONF-13202)


Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events