Thanks Anshum! And yeah, a whitelist like that makes sense to me too. On Friday, April 22, 2016, Ishan Chattopadhyaya <ichattopadhy...@gmail.com> wrote:
> Btw, how about whitelisting everyone who has commented (a non-spam > comment) at a Lucene/Solr issue before? > > On Sat, Apr 23, 2016 at 6:13 AM, Ishan Chattopadhyaya < > ichattopadhy...@gmail.com > <javascript:_e(%7B%7D,'cvml','ichattopadhy...@gmail.com');>> wrote: > >> Anshum, please add me as well. Thanks. >> >> >> On Sat, Apr 23, 2016 at 6:01 AM, Anshum Gupta <ans...@anshumgupta.net >> <javascript:_e(%7B%7D,'cvml','ans...@anshumgupta.net');>> wrote: >> >>> Hi Ryan, >>> >>> I've added you to the contributors group. You should be able to comment >>> on JIRAs now. >>> >>> On Thu, Apr 21, 2016 at 8:51 PM, Ryan Josal <r...@josal.com >>> <javascript:_e(%7B%7D,'cvml','r...@josal.com');>> wrote: >>> >>>> Woah, yeah, I have filed a few bugs as well as posted patches and >>>> comments. Indeed I don't seem to be able to comment anymore. Anyone >>>> want to add me (rjosal) to a role that can comment or create? >>>> >>>> Ryan >>>> >>>> >>>> On Thursday, April 21, 2016, David Smiley <david.w.smi...@gmail.com >>>> <javascript:_e(%7B%7D,'cvml','david.w.smi...@gmail.com');>> wrote: >>>> >>>>> Wow! My reading of this is that the general public (i.e. not >>>>> committers) won't be able to really do anything other than view JIRA >>>>> issues >>>>> unless we expressly add individuals to a specific project group? :-( >>>>> Clearly that sucks big time. Is anyone reading this differently? >>>>> Assuming this is true... at this point maybe there is nothing to do but >>>>> wait until the inevitable requests come in for people to create/comment. >>>>> Maybe send a message to the user lists? >>>>> >>>>> ~ David >>>>> >>>>> ---------- Forwarded message --------- >>>>> From: Gav <gmcdon...@apache.org> >>>>> Date: Fri, Apr 22, 2016 at 12:14 AM >>>>> Subject: Jira Spam - And changes made as a result. >>>>> To: infrastruct...@apache.org Infrastructure < >>>>> infrastruct...@apache.org> >>>>> >>>>> >>>>> Hi All, >>>>> >>>>> Apologies for notifying you after the fact. >>>>> >>>>> Earlier today (slowing down to a halt about 1/2 hr ago due to our >>>>> changes) we had a >>>>> big Spam attack directed at the ASF Jira instance. >>>>> >>>>> Many project were affected, including :- >>>>> >>>>> TM, ARROW ACCUMULO, ABDERA, JSPWIKI, QPIDIT, LOGCXX, HAWQ, AMQ, ATLAS, >>>>> AIRFLOW, ACE, APEXCORE, RANGER and KYLIN . >>>>> >>>>> During the process we ended up banning 27 IP addresses , deleted well >>>>> over 200 tickets, and about 2 dozen user accounts. >>>>> >>>>> The spammers were creating accounts using the normal system and going >>>>> through the required captchas. >>>>> >>>>> In addition to the ban hammer and deletions and to prevent more spam >>>>> coming in, we changed the 'Default Permissions Scheme' so that anyone in >>>>> the 'jira-users' group are no longer allowed to 'Create' tickets and are >>>>> no >>>>> longer allowed to 'Comment' on any tickets. >>>>> >>>>> Obviously that affects genuine users as well as the spammers, we know >>>>> that. >>>>> >>>>> Replacement auth instead of jira-users group now includes allowing >>>>> those in the 'Administrator, PMC, Committer, Contributor and Developer' >>>>> ROLES in jira. >>>>> >>>>> Projects would you please assist in making this work - anyone that is >>>>> not in any of those roles for your project; and needs access to be able to >>>>> create issues and comment, please do add their jira id to one of the >>>>> available roles. (Let us know if you need assistance in this area) >>>>> >>>>> This is a short term solution. For the medium to long term we are >>>>> working on providing LDAP authentication for Jira and Confluence through >>>>> Atlassian Crowd (likley). >>>>> >>>>> If any projects are still being affected, please notify us as you may >>>>> be using another permissions scheme to the one altered. Notify us via >>>>> INFRA >>>>> jira ticket or reply to this mail to infrastruct...@apache.org or >>>>> join us on hipchat (https://www.hipchat.com/gIjVtYcNy) >>>>> >>>>> Any project seriously adversely impacted by our changes please do come >>>>> talk to us and we'll see what we can work out. >>>>> >>>>> Thanks all for your patience and understanding. >>>>> >>>>> Gav... (ASF Infra) >>>>> -- >>>>> Lucene/Solr Search Committer, Consultant, Developer, Author, Speaker >>>>> LinkedIn: http://linkedin.com/in/davidwsmiley | Book: >>>>> http://www.solrenterprisesearchserver.com >>>>> >>>> >>> >>> >>> -- >>> Anshum Gupta >>> >> >> >
