Btw, how about whitelisting everyone who has commented (a non-spam comment) at a Lucene/Solr issue before?
On Sat, Apr 23, 2016 at 6:13 AM, Ishan Chattopadhyaya < [email protected]> wrote: > Anshum, please add me as well. Thanks. > > > On Sat, Apr 23, 2016 at 6:01 AM, Anshum Gupta <[email protected]> > wrote: > >> Hi Ryan, >> >> I've added you to the contributors group. You should be able to comment >> on JIRAs now. >> >> On Thu, Apr 21, 2016 at 8:51 PM, Ryan Josal <[email protected]> wrote: >> >>> Woah, yeah, I have filed a few bugs as well as posted patches and >>> comments. Indeed I don't seem to be able to comment anymore. Anyone >>> want to add me (rjosal) to a role that can comment or create? >>> >>> Ryan >>> >>> >>> On Thursday, April 21, 2016, David Smiley <[email protected]> >>> wrote: >>> >>>> Wow! My reading of this is that the general public (i.e. not >>>> committers) won't be able to really do anything other than view JIRA issues >>>> unless we expressly add individuals to a specific project group? :-( >>>> Clearly that sucks big time. Is anyone reading this differently? >>>> Assuming this is true... at this point maybe there is nothing to do but >>>> wait until the inevitable requests come in for people to create/comment. >>>> Maybe send a message to the user lists? >>>> >>>> ~ David >>>> >>>> ---------- Forwarded message --------- >>>> From: Gav <[email protected]> >>>> Date: Fri, Apr 22, 2016 at 12:14 AM >>>> Subject: Jira Spam - And changes made as a result. >>>> To: [email protected] Infrastructure <[email protected] >>>> > >>>> >>>> >>>> Hi All, >>>> >>>> Apologies for notifying you after the fact. >>>> >>>> Earlier today (slowing down to a halt about 1/2 hr ago due to our >>>> changes) we had a >>>> big Spam attack directed at the ASF Jira instance. >>>> >>>> Many project were affected, including :- >>>> >>>> TM, ARROW ACCUMULO, ABDERA, JSPWIKI, QPIDIT, LOGCXX, HAWQ, AMQ, ATLAS, >>>> AIRFLOW, ACE, APEXCORE, RANGER and KYLIN . >>>> >>>> During the process we ended up banning 27 IP addresses , deleted well >>>> over 200 tickets, and about 2 dozen user accounts. >>>> >>>> The spammers were creating accounts using the normal system and going >>>> through the required captchas. >>>> >>>> In addition to the ban hammer and deletions and to prevent more spam >>>> coming in, we changed the 'Default Permissions Scheme' so that anyone in >>>> the 'jira-users' group are no longer allowed to 'Create' tickets and are no >>>> longer allowed to 'Comment' on any tickets. >>>> >>>> Obviously that affects genuine users as well as the spammers, we know >>>> that. >>>> >>>> Replacement auth instead of jira-users group now includes allowing >>>> those in the 'Administrator, PMC, Committer, Contributor and Developer' >>>> ROLES in jira. >>>> >>>> Projects would you please assist in making this work - anyone that is >>>> not in any of those roles for your project; and needs access to be able to >>>> create issues and comment, please do add their jira id to one of the >>>> available roles. (Let us know if you need assistance in this area) >>>> >>>> This is a short term solution. For the medium to long term we are >>>> working on providing LDAP authentication for Jira and Confluence through >>>> Atlassian Crowd (likley). >>>> >>>> If any projects are still being affected, please notify us as you may >>>> be using another permissions scheme to the one altered. Notify us via INFRA >>>> jira ticket or reply to this mail to [email protected] or join >>>> us on hipchat (https://www.hipchat.com/gIjVtYcNy) >>>> >>>> Any project seriously adversely impacted by our changes please do come >>>> talk to us and we'll see what we can work out. >>>> >>>> Thanks all for your patience and understanding. >>>> >>>> Gav... (ASF Infra) >>>> -- >>>> Lucene/Solr Search Committer, Consultant, Developer, Author, Speaker >>>> LinkedIn: http://linkedin.com/in/davidwsmiley | Book: >>>> http://www.solrenterprisesearchserver.com >>>> >>> >> >> >> -- >> Anshum Gupta >> > >
