-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
0
-
0
-
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
We need something like MT-Blacklist: the ability to define URL patterns that flag a page and/or comment as spam.
It shouldn't be too hard to do - we already track URL links. The UI will need some thought though (what do you do if you define a URL as spam, and it's in a page? Revert the page back to the first version without the URL? What if the URL's been there a while and survived several edits?)
- is related to
-
- Closed
- relates to
-
- Gathering Interest
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[CONFSERVER-1469] Spam-protection
Ricardo Mayerhofer
added a comment - My site is also facing comment spam attacks. A way to prevent this and/or to facilitate admin job is necessary.
Ricardo Mayerhofer
added a comment - My site is also facing comment spam attacks. A way to prevent this and/or to facilitate admin job is necessary. 
Guy Fraser [Adaptavist.com]
added a comment - This plugin might be of use:
https://plugins.atlassian.com/plugin/details/4926
https://www.adaptavist.com/display/free/User+Management+Plugin
Guy Fraser [Adaptavist.com]
added a comment - This plugin might be of use:
https://plugins.atlassian.com/plugin/details/4926
https://www.adaptavist.com/display/free/User+Management+Plugin 
Bruno Duarte
added a comment - My company has an internet facing confluence with public signup activated and we are having spamming attacks that grow over time. In the last two month we had almost 100 registered spam users that changed they profile to ads.
Workarounds such as blocking IP addresses, reviewing created pages/comments, etc. do not work and create a huge overhead maintenance to the administrators.
Ideally the CAPTCHA system needs to be improved (two prevent spamming from anonymous users) and an activation email should be sent on signup (maybe a plugin for this already exists?).
Bruno Duarte
added a comment - My company has an internet facing confluence with public signup activated and we are having spamming attacks that grow over time. In the last two month we had almost 100 registered spam users that changed they profile to ads.
Workarounds such as blocking IP addresses, reviewing created pages/comments, etc. do not work and create a huge overhead maintenance to the administrators.
Ideally the CAPTCHA system needs to be improved (two prevent spamming from anonymous users) and an activation email should be sent on signup (maybe a plugin for this already exists?). Guy Fraser [Adaptavist.com]
added a comment - I think we definitely need some sort of system that detects spammy URLs an rejects the post (or allows moderated posting).
Comment spam is generally not to hard to deal with on well maintained sites - as soon as space admin sees a spam comment they go in and nuke it.
The more troublesome one is spam users. Spammer sets up a user account with spammy email address and additional spam in the profile (eg. bio, website, department = used to store spam).
If an admin has signed up for daily summary notification they'll see the new user and can delete it, but in many cases this goes unnoticed resulting in gradual build-up of spam users.
Guy Fraser [Adaptavist.com]
added a comment - I think we definitely need some sort of system that detects spammy URLs an rejects the post (or allows moderated posting).
Comment spam is generally not to hard to deal with on well maintained sites - as soon as space admin sees a spam comment they go in and nuke it.
The more troublesome one is spam users. Spammer sets up a user account with spammy email address and additional spam in the profile (eg. bio, website, department = used to store spam).
If an admin has signed up for daily summary notification they'll see the new user and can delete it, but in many cases this goes unnoticed resulting in gradual build-up of spam users. Fixing CONF-16691 would help with at least part of this, i. e. it would be harder to automatically create a spam account.
Yeah, but I would like to see spam handling become a bit more adaptive. Even allowing admins to manually run a 'spam cleanup' process would be a major step forward...
Guy Fraser [Adaptavist.com]
added a comment - I guess the first thing that needs doing is to find out how the current spammer on c.a.c is bypassing the captcha. He's either found a way of completely bypassing it or is using OCR in which case recaptca would put a quick stop to his activities.
Guy Fraser [Adaptavist.com]
added a comment - I guess the first thing that needs doing is to find out how the current spammer on c.a.c is bypassing the captcha. He's either found a way of completely bypassing it or is using OCR in which case recaptca would put a quick stop to his activities. Ah, gotcha. It could help I guess, but I'm not convinced it would really help that much. It would be pretty easy to get around and would just inconvience real users who do happen to take more than 45 minutes to respond to a page - personally I've done that on many occasions.
Guy Fraser [Adaptavist.com]
added a comment - The timestamp function would mean that any spammer who grabs the form values would only be able to comment using those values for the next 45 minutes or so. For normal users, this wouldn't be a problem as they are generally going to add a comment within 45 minutes of viewing the page.
Guy Fraser [Adaptavist.com]
added a comment - The timestamp function would mean that any spammer who grabs the form values would only be able to comment using those values for the next 45 minutes or so. For normal users, this wouldn't be a problem as they are generally going to add a comment within 45 minutes of viewing the page.
Been talking to myself on [CONF-22700]
TONS of spam every day on our wiki. We want to be open and public.
Maybe people here care and can make actionable improved spam protection.
The captcha is pretty useless to date.
I am super annoyed.