Atlassian Answers - Spam Prevention

Hi all,

I see that Atlassian Answers are facing issues with massive spam attacks. Today the same situation...

I can say that this is a little bit annoying. It looks like the same source is attacking all the time. I was wondering is there any chance to finally prevent from that kind of situation...

My suggestion for now is to simply implement CAPTCHA implementation before adding every question/comment..

Any other suggestions?

5 answers

I instaban those accounts as soon as I see them (which removes all their posts).

Everybody with 3000 or more Karma can instaban accounts.

Simply click on the name of the spammer and select instaban underneath the cog icon menu to the right.

But it's indeed very annoying.

Best regards,


Thanks @Peter, i am not aware about that option, as of now i am using the report option!!

Blocking is good to remove spam, but we should have a solution to prevent upcomming spam messages.

1 vote
Joseph Clark Atlassian Team Feb 06, 2014

We have a number of prevention measures in place to reduce spam content on Answers. The content that actually gets through our multiple filters and becomes visible to you is only about 20%-30% of all the spam content that gets submitted. The other 70% is correctly blocked (there is a small number of false positives that we release manually).

Unfortunately, fighting spammers really is an arms race - things like Captchas and text recognition are not foolproof and can be subverted.

We already have a number of the systems you suggest in place already, but I am reluctant to go into detail about them (security through obscurity and all that).

In general I am against the implementation of a whitelist since that could actually negatively impact the experience for real users.

Thanks for being passionate about this and holding us to account. We'll continue to work on this.

People with high enough points can ban users. It's still a couple of clicks away from the landing page, but it's not too far off.

0 vote

Captcha's aren't really that good at stopping spam any more. I'd like to see some more simple blocks, like "you can only post a question once a day until your Karma is above X", and a similar rule for comments.

One thing I've noticed is that when we instaban someone, they get recreated by the 'bot. Something that remembers the name and automatically kills the repeat accounts off would be nice.

Oh, and blocking anything with a link in it that doesn't conform to a whitelist (Again, that rule could be dropped for anyone with >50 karma or something). I suspect the whitelist would be simple - atlassian, OnDemand, and a pastebin.

White list is a good option, CAPTCHA maybe is not perfect but should make more problems for "non expirienced spammer" to pass it.

My personal idea is to merge all small solutions into one big. You can only add few Questions in a row (less than 10 min) only if:

* You have more than X Karma (50 I think is enough as Nic suggested.. )

* You typed CAPTCHA correctly (no more than 5 attempts) or answered correctly a simple question (2+2 = ? - better solution)

* You do not have untrusted links... (only problem with tiny links)

* Your questions is not similar to the one created last time (by comparing only text)

* You checed a Checkbox such as "I am not spamming". (Bots mostly do not check a checkboxes and if it will be required then it is even harder)

If only one of above points is not checked then you Questions for example should be going to the queue where can be validated by a moderator and published after that.

Another technique is to use field values checks with obfuscated field names or fake form fields...

@Dennis Kromhout Van Der Meer,

I think you know the road map. Are there any plans to reduce the Atlassian Answers spam or maybe there is already something going on?

Best Regards,


Hmm.. Today once again, a spam attack on Atlassian Answers..

I do not clearly understand... We moved to Confluence Questions but I am also seeing new spam questions created by dummy users (the same like when it was powered by OSQA.. How explain that? Isn't Confluence safe enough to not allow that?

It's still a public-sign-up system, and it's still a doddle to bypass Captcha. At least the postings are now throttled, so the spammer can't post more than a couple of times before an admin can kill them off. (There's a bug in the permissions at the moment - only admins can ban users, those of us with high karma can't do it yet)

I just banned 2 users. So the option is back up :)

I've probably clobbered 50 in the last couple of weeks. Captcha is known to be broken.

Suggest an answer

Log in or Join to answer
Community showcase
Louis De Jaeger
Posted 8 hours ago in Off-topic

Friday fun: your best joke

Hi all Lets make this Friday fun really fun and post one (or more) of your best jokes! The joke can be about an Atlassian product, or just a really fun joke you want to share! I’m not the best j...

25 views 1 2
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot