You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by Simon Steiner <si...@gmail.com> on 2016/04/22 10:17:10 UTC
FW: Jira Spam - And changes made as a result.
Hi,
I cant create/comment on pdfbox issues anymore.
Thanks
From: Gav [mailto:gmcdonald@apache.org]
Sent: 22 April 2016 01:14
To: infrastructure@apache.org Infrastructure <in...@apache.org>
Subject: Jira Spam - And changes made as a result.
Hi All,
Apologies for notifying you after the fact.
Earlier today (slowing down to a halt about 1/2 hr ago due to our changes) we had a
big Spam attack directed at the ASF Jira instance.
Many project were affected, including :-
TM, ARROW ACCUMULO, ABDERA, JSPWIKI, QPIDIT, LOGCXX, HAWQ, AMQ, ATLAS, AIRFLOW, ACE, APEXCORE, RANGER and KYLIN .
During the process we ended up banning 27 IP addresses , deleted well over 200 tickets, and about 2 dozen user accounts.
The spammers were creating accounts using the normal system and going through the required captchas.
In addition to the ban hammer and deletions and to prevent more spam coming in, we changed the 'Default Permissions Scheme' so that anyone in the 'jira-users' group are no longer allowed to 'Create' tickets and are no longer allowed to 'Comment' on any tickets.
Obviously that affects genuine users as well as the spammers, we know that.
Replacement auth instead of jira-users group now includes allowing those in the 'Administrator, PMC, Committer, Contributor and Developer' ROLES in jira.
Projects would you please assist in making this work - anyone that is not in any of those roles for your project; and needs access to be able to create issues and comment, please do add their jira id to one of the available roles. (Let us know if you need assistance in this area)
This is a short term solution. For the medium to long term we are working on providing LDAP authentication for Jira and Confluence through Atlassian Crowd (likley).
If any projects are still being affected, please notify us as you may be using another permissions scheme to the one altered. Notify us via INFRA jira ticket or reply to this mail to infrastructure@apache.org <ma...@apache.org> or join us on hipchat (https://www.hipchat.com/gIjVtYcNy)
Any project seriously adversely impacted by our changes please do come talk to us and we'll see what we can work out.
Thanks all for your patience and understanding.
Gav... (ASF Infra)
Re: Jira Spam - And changes made as a result.
Posted by Andreas Lehmkühler <an...@lehmi.de>.
> Petr Slabý <sl...@kadel.cz> hat am 22. April 2016 um 10:49 geschrieben:
>
>
> Hi,
> does that mean that you are free of bug reports from now on? That is a great
> invention, we should make the same in our company internal JIRA, that would
> save a lot of work to me :-)
Hopefully nowone already filed a patent on that ;-)
>
> Can you please add me to a group which is allowed to post issues, too?
Done.
BR
Andreas
>
> Best regards,
> Petr.
>
> -----Původní zpráva-----
> From: Andreas Lehmkühler
> Sent: Friday, April 22, 2016 10:31 AM
> To: dev@pdfbox.apache.org
> Subject: Re: FW: Jira Spam - And changes made as a result.
>
>
> Hi,
>
> > Simon Steiner <si...@gmail.com> hat am 22. April 2016 um 10:17
> > geschrieben:
> >
> >
> > Hi,
> >
> >
> >
> > I cant create/comment on pdfbox issues anymore.
> I've added your account ot the contributor group so that you should be able
> to
> comment/creat again
>
> BR
> Andreas
>
> >
> >
> >
> > Thanks
> >
> >
> >
> > From: Gav [mailto:gmcdonald@apache.org]
> > Sent: 22 April 2016 01:14
> > To: infrastructure@apache.org Infrastructure <in...@apache.org>
> > Subject: Jira Spam - And changes made as a result.
> >
> >
> >
> > Hi All,
> >
> > Apologies for notifying you after the fact.
> >
> > Earlier today (slowing down to a halt about 1/2 hr ago due to our changes)
> > we
> > had a
> >
> > big Spam attack directed at the ASF Jira instance.
> >
> > Many project were affected, including :-
> >
> > TM, ARROW ACCUMULO, ABDERA, JSPWIKI, QPIDIT, LOGCXX, HAWQ, AMQ, ATLAS,
> > AIRFLOW, ACE, APEXCORE, RANGER and KYLIN .
> >
> > During the process we ended up banning 27 IP addresses , deleted well over
> > 200
> > tickets, and about 2 dozen user accounts.
> >
> > The spammers were creating accounts using the normal system and going
> > through
> > the required captchas.
> >
> > In addition to the ban hammer and deletions and to prevent more spam
> > coming
> > in, we changed the 'Default Permissions Scheme' so that anyone in the
> > 'jira-users' group are no longer allowed to 'Create' tickets and are no
> > longer
> > allowed to 'Comment' on any tickets.
> >
> > Obviously that affects genuine users as well as the spammers, we know
> > that.
> >
> > Replacement auth instead of jira-users group now includes allowing those
> > in
> > the 'Administrator, PMC, Committer, Contributor and Developer' ROLES in
> > jira.
> >
> > Projects would you please assist in making this work - anyone that is not
> > in
> > any of those roles for your project; and needs access to be able to create
> > issues and comment, please do add their jira id to one of the available
> > roles.
> > (Let us know if you need assistance in this area)
> >
> > This is a short term solution. For the medium to long term we are working
> > on
> > providing LDAP authentication for Jira and Confluence through Atlassian
> > Crowd
> > (likley).
> >
> > If any projects are still being affected, please notify us as you may be
> > using
> > another permissions scheme to the one altered. Notify us via INFRA jira
> > ticket
> > or reply to this mail to infrastructure@apache.org
> > <ma...@apache.org> or join us on hipchat
> > (https://www.hipchat.com/gIjVtYcNy)
> >
> > Any project seriously adversely impacted by our changes please do come
> > talk to
> > us and we'll see what we can work out.
> >
> > Thanks all for your patience and understanding.
> >
> > Gav... (ASF Infra)
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: dev-help@pdfbox.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org
Re: Jira Spam - And changes made as a result.
Posted by Petr Slabý <sl...@kadel.cz>.
Hi,
does that mean that you are free of bug reports from now on? That is a great
invention, we should make the same in our company internal JIRA, that would
save a lot of work to me :-)
Can you please add me to a group which is allowed to post issues, too?
Best regards,
Petr.
-----Původní zpráva-----
From: Andreas Lehmkühler
Sent: Friday, April 22, 2016 10:31 AM
To: dev@pdfbox.apache.org
Subject: Re: FW: Jira Spam - And changes made as a result.
Hi,
> Simon Steiner <si...@gmail.com> hat am 22. April 2016 um 10:17
> geschrieben:
>
>
> Hi,
>
>
>
> I cant create/comment on pdfbox issues anymore.
I've added your account ot the contributor group so that you should be able
to
comment/creat again
BR
Andreas
>
>
>
> Thanks
>
>
>
> From: Gav [mailto:gmcdonald@apache.org]
> Sent: 22 April 2016 01:14
> To: infrastructure@apache.org Infrastructure <in...@apache.org>
> Subject: Jira Spam - And changes made as a result.
>
>
>
> Hi All,
>
> Apologies for notifying you after the fact.
>
> Earlier today (slowing down to a halt about 1/2 hr ago due to our changes)
> we
> had a
>
> big Spam attack directed at the ASF Jira instance.
>
> Many project were affected, including :-
>
> TM, ARROW ACCUMULO, ABDERA, JSPWIKI, QPIDIT, LOGCXX, HAWQ, AMQ, ATLAS,
> AIRFLOW, ACE, APEXCORE, RANGER and KYLIN .
>
> During the process we ended up banning 27 IP addresses , deleted well over
> 200
> tickets, and about 2 dozen user accounts.
>
> The spammers were creating accounts using the normal system and going
> through
> the required captchas.
>
> In addition to the ban hammer and deletions and to prevent more spam
> coming
> in, we changed the 'Default Permissions Scheme' so that anyone in the
> 'jira-users' group are no longer allowed to 'Create' tickets and are no
> longer
> allowed to 'Comment' on any tickets.
>
> Obviously that affects genuine users as well as the spammers, we know
> that.
>
> Replacement auth instead of jira-users group now includes allowing those
> in
> the 'Administrator, PMC, Committer, Contributor and Developer' ROLES in
> jira.
>
> Projects would you please assist in making this work - anyone that is not
> in
> any of those roles for your project; and needs access to be able to create
> issues and comment, please do add their jira id to one of the available
> roles.
> (Let us know if you need assistance in this area)
>
> This is a short term solution. For the medium to long term we are working
> on
> providing LDAP authentication for Jira and Confluence through Atlassian
> Crowd
> (likley).
>
> If any projects are still being affected, please notify us as you may be
> using
> another permissions scheme to the one altered. Notify us via INFRA jira
> ticket
> or reply to this mail to infrastructure@apache.org
> <ma...@apache.org> or join us on hipchat
> (https://www.hipchat.com/gIjVtYcNy)
>
> Any project seriously adversely impacted by our changes please do come
> talk to
> us and we'll see what we can work out.
>
> Thanks all for your patience and understanding.
>
> Gav... (ASF Infra)
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org
Re: FW: Jira Spam - And changes made as a result.
Posted by Andreas Lehmkühler <an...@lehmi.de>.
Hi,
> Simon Steiner <si...@gmail.com> hat am 22. April 2016 um 10:17
> geschrieben:
>
>
> Hi,
>
>
>
> I cant create/comment on pdfbox issues anymore.
I've added your account ot the contributor group so that you should be able to
comment/creat again
BR
Andreas
>
>
>
> Thanks
>
>
>
> From: Gav [mailto:gmcdonald@apache.org]
> Sent: 22 April 2016 01:14
> To: infrastructure@apache.org Infrastructure <in...@apache.org>
> Subject: Jira Spam - And changes made as a result.
>
>
>
> Hi All,
>
> Apologies for notifying you after the fact.
>
> Earlier today (slowing down to a halt about 1/2 hr ago due to our changes) we
> had a
>
> big Spam attack directed at the ASF Jira instance.
>
> Many project were affected, including :-
>
> TM, ARROW ACCUMULO, ABDERA, JSPWIKI, QPIDIT, LOGCXX, HAWQ, AMQ, ATLAS,
> AIRFLOW, ACE, APEXCORE, RANGER and KYLIN .
>
> During the process we ended up banning 27 IP addresses , deleted well over 200
> tickets, and about 2 dozen user accounts.
>
> The spammers were creating accounts using the normal system and going through
> the required captchas.
>
> In addition to the ban hammer and deletions and to prevent more spam coming
> in, we changed the 'Default Permissions Scheme' so that anyone in the
> 'jira-users' group are no longer allowed to 'Create' tickets and are no longer
> allowed to 'Comment' on any tickets.
>
> Obviously that affects genuine users as well as the spammers, we know that.
>
> Replacement auth instead of jira-users group now includes allowing those in
> the 'Administrator, PMC, Committer, Contributor and Developer' ROLES in jira.
>
> Projects would you please assist in making this work - anyone that is not in
> any of those roles for your project; and needs access to be able to create
> issues and comment, please do add their jira id to one of the available roles.
> (Let us know if you need assistance in this area)
>
> This is a short term solution. For the medium to long term we are working on
> providing LDAP authentication for Jira and Confluence through Atlassian Crowd
> (likley).
>
> If any projects are still being affected, please notify us as you may be using
> another permissions scheme to the one altered. Notify us via INFRA jira ticket
> or reply to this mail to infrastructure@apache.org
> <ma...@apache.org> or join us on hipchat
> (https://www.hipchat.com/gIjVtYcNy)
>
> Any project seriously adversely impacted by our changes please do come talk to
> us and we'll see what we can work out.
>
> Thanks all for your patience and understanding.
>
> Gav... (ASF Infra)
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org