I seems our JIRA has been targeted for SPAM due to its "public" mode...
The https://jira.netic.dk/secure/Signup!default.jspaurl is redirected before the request getting to jira and I can see that no mail is comming in.
Anyway, the attacker creates several accounts a day, costing us 1 license each (unless I de-activate) the user. Going into private mode is not really an option.
Is there a way to disable/secure public signup and let it be allowed by mail only?
Hi Norman,
I thnk there is an option to add a CAPTCHA during registration.
Have a look at the configuration: URL/secure/admin/ViewApplicationProperties.jspa
Maybe that could help.
Kind regards
André
Thanks, the Capcha is on, but is seems that they are just entering the damn capcha manually (which I btw also see on my personal Confluence :-( )
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We host our own Jira server and are having a similar problem with about 100'000 users who are bogus (very long user names, images, etc). However, these users never log on. What could be the point of creating such users?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.