A few months ago we opened-up our JIRA instance for anonymous access so that our customers can comment on and create issues without having to log-in into JIRA (reason for that being that we only have a 25 users license and cannot afford an unlimited user license).
Unfortunately yesterday a spambot detected our page and created > 1.500 spam comments over night. The only solution I saw was to revoke the permission for anonymous comments again.
Isn't there another possibility to protect against spammers? Captcha system, moderated comments, spam-detection,...
As a temporary workaround I've updated our workflow blocking comments on issues which a spambot is creating spam for individually and found this useful post from @Henning Tietgens with a way to clean-up existing comments: https://answers.atlassian.com/questions/194260
In-case this is helpful for someone else, I've put-together a blog post to show the steps I did to clean-up the spam: http://www.luke1410.de/blog/?p=29
Hello @Stefan Hett. Can you share the steps in how you updated your workflow in "blocking comments on issues which a spambot is creating spam for individually" and maybe elaborate a bit on how this affects all my JIRA tickets. Are you basically not allowing comments to be posted after a ticket is closed status (how)?
We are having an issue with just one of our closed tickets and a handful of spam comments that are ramping up as of two days ago. If the blocking keeps comments from being posted, then you would be providing a very valuable way to block spam so that ticket comments and reporter/watchers emails of a particular ticket or ticket status will not get spammed.
Thank you in advance!
Hopefully I'll find the time to finish writing the blog post describing this in detail at some point.
In principle what we did was to add two more workflow steps: "Closed (blocked)" and "Open (blocked)".
These steps correspond to our normal main workflow steps (i.e. "Closed" and "Open").
The steps then set the jira.permission.comment.user property to denied.
That way you get a new workflow transition which you can use on individual issues which are attacked by a spam bot to disable the comment functionality on just these issues.
Thanks for the tips!
In waiting I reached out to support and their instructions were this:
"If you want to block the comment operation in an issue based on the status, you need to add the property jira.permission.comment.denied with the value denied to the workflow status."
So for those reading, Edit workflow and go to the Closed status and click View Properties (you must edit workflow first). Then click Add:
Property Key: jira.permission.comment.denied
Property Value: denied
After I added the property to my Closed workflow status that kept Anonymous email from entering back through that ticket (and any others that may follow that workflow). You'll know when this property is in affect when the Comment box at the bottome of a ticket profile no longer appears.
Yes I did consider using JIRA Service Desk, but that's not quite what we would require, because
a) for more direct user support we have set-up a bulletin board which our users simply use to post their support requests. This has the advantage of user <-> user support
b) I'm convinced that JIRA Service Desk is a nice addition to JIRA, if you have a dedicated support team/process in the company for direct customer support. But this is not the case for our company.
Therefore we determined JIRA Service Desk is nothing we would require/use at the current time.
Hey admins! I’m Dave, Principal Product Manager here at Atlassian working on our cloud platform and security products. Cloud security is a moving target. As you adopt more products, employees consta...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs