Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Projects and spams

Antoine Lafarge
Antoine Lafarge June 7, 2023

Hello, I receive many spams through fake jira projects.
I would like to know :

Why am I automatically added to these projects, Without an email confirmation to accept to join the project?
And why I can't find any button to leave a project?

Your website and processes are lacking some base features and are very anoying when you are the target of spams...

(This really does not make me want to deepen my exploration of your services...)

Is the only solution to delete my account ?

Answer
Watch
Like Be the first to like this
362 views

2 answers

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 19, 2023

So...

Atlassian has a problem with its account system.  It is far too easy to set up an Atlassian account. There's very little verification (and to stay with the current big thing in IT, yes, you can ask an AI to do the whole lot for you, so yay for the ability to create abuse).

  • This means it is easy to create a non-human account (i.e. a 'bot or a fake account.  There are legitimate uses for "service" accounts).
  • Any Atlassian account can create free Atlassian systems in the Cloud.
  • Any Atlassian system in the Cloud can be set up to add Atlassian accounts or even just arbitrary emails to them.
  • Which lets them send email
  • This means they can then spam people

There's no point railing against Atlassian for this - the maliciousness is not theirs.

Most of the problem here is not their systems or the way they work. They are designed to make it easy to let people work together.

The biggest problem is poor verification (ironically, something that the wonders of Generative AI are going to make a lot worse).  If they could improve the "hey, you're a 'bot account, go away" detection, we'd see a massive reduction in the spam problem and the "wastes my time" problem you rightly talk about.

The best thing to do, as @Max Foerster - K15t says, is to forward any email you get from an unwanted <something>.atlassian.net site to abuse@atlassian.com (no need to explain, just forward).  The worst case I've had was a fortnight for them to shut it down, but I've seen the floodgate shut off inside an hour sometimes.

View More Comments
Antoine Lafarge
Antoine Lafarge June 19, 2023

I disagree, you could simply request permission from the guest user in an instance if they agree to join. This would greatly reduce spammers' interest in using this service because phishing links would not be automatically sent by email.
You are really the only ones to be so failing and to defend body-and-souls your wobbly system. It's very disappointing.
Since you don't want to take your responsibilities, I'm going to choose to delete my pro and personal accounts from your services, and stop wasting time giving you feedback that you don't listen to. Good continuation all the same.

Like
Reply
0 votes
Max Foerster - K15t
Max Foerster - K15t
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 7, 2023

Hi @Antoine Lafarge , welcome to the community.

I have a few questions. First of all, what do you mean by "fake jira projects"? There's nothing like fake Jira projects. Projects are created deliberately by either Jira admins (company-managed) or by anyone with the global permission for creating team-managed projects. So only licensed users can create projects.

If you have projects in your Jira site that you did not create and that should not be there because there are "spam", you should have a look at who created them and why the user is in the system.

And access to projects is managed through permissions. If you don't want access to these projects anymore, this can be fixed, but I think that will not remedy your underlying problem.

Best,

Max

View More Comments
Antoine Lafarge
Antoine Lafarge June 7, 2023

Your answer is completely off the mark.

The thing is, there are fake JIRA projects, and I get spams from your services, and I have no way to prevent it except by deleting my account.

It is clear that there is a big problem in your system and it is inadmissible that I have to post here, and I have to solve the spam problem by myself by contacting these spamers...

I shouldn't be automatically added to projects if I didn't accept it.

Take your responsibilities, because the next time it occurs, I will simply and permanently delete my account from your services.

Here is the list of projects from which I receive spams (for proof) :

https://dk85c9b7z6ytbd4qh51r.atlassian.net/jira/core/projects/TJNDBPOQP/board

https://jn0jmtmknqrfvo8vk4l2.atlassian.net/jira/core/projects/XQJLMDYPJ/board

https://k0aol3smuclm3w162wbx.atlassian.net/jira/core/projects/GQXZYNOCZ/board

Like Inna S likes this
Max Foerster - K15t
Max Foerster - K15t
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 7, 2023

Hi Antoine

I would not say that my answer is completely inaccurate. But your description was not clear to me, so I need to ask further questions to better understand the issue.

The links you posted are three separate Jira Cloud instances, and there's a known issue with bot accounts creating free instances to cause some harm. This is the downside of generously allowing users to use the tools for free for up to 10 users.

Why are you then invited? Because your email address probably ended up in a very long list of many of them. It's nothing remotely personal against you. By the way, I never received this kind of spam in many years.

You can actually send these to abuse@atlassian.com, and I recommend to stop interacting with these spam emails as you can and should simply ignore them.

Here's what has previously been posted on the community by the support:

 

One way we can gather more information about this would be for you to take that spam message and then forward it directly to abuse@atlassian.com

 

This in turn will generate a support ticket with out anti-abuse team that should also provide them the information they need to investigate this problem further and shut down that site that is sending this spam.

Best, Max

P.S. In this community, mainly other users or partners of Atlassian are interacting. We help and moderate on a voluntary and honorary basis because we like to do it. The applications are not "my" system, and the community or atlassian.com is not "my" website. And I can understand your frustration, but please mind your manners when dealing with others who are trying to help. Thank you very much. :)

Like
Antoine Lafarge
Antoine Lafarge June 7, 2023

I hear, but I'm not convinced because I think that:

- You shouldn't start an answer by saying: "no, the problem you're highlighting doesn't exist."
It's pretty annoying to have to come here and waste time dealing with a problem that shouldn't exist but does.

- We are all on the same internet, we all know that someone will necessarily abuse and divert a service (especially free). That shouldn't come as a surprise, especially for a company like Atlassian

- So your Jira Cloud instance service should not be permissive by default. You should email collaborators to see if they want to join a Jira Cloud instance project. It's a bad design to not ask, and I shouldn't have to tell you that.

- There should be an option to leave a Jira Cloud instance project. It's not normal that we are stuck in it.

- I receive spam via your email services, which means that google considers them to be legitimate. You are responsible for what passes through your platforms. So you can't get away with not being responsible for it, especially when it's the result of bad service design. Also, if I start marking your atlassian notification emails as spam, google may consider other legitimate atlassian emails as spam in the future. Which of course is not a viable solution.

- It's not normal that I had to come and post a message here to find a solution. Competing services have similar spam problems, but provide one or more of the basic solutions listed above to overcome these problems. Your service is the only one I had issues with and got stuck like this with no solution available.

I understand that you want to help, and thank you for your time, but it's not normal that Atlassian wastes my time posting here and countering its own customer abuse. A solution must be found on your side, not mine.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events