For those of you maintaining a public JIRA instance, who are suffering from the recent bout of comment spam..
I’ve created a Confluence space for collaboration on solutions to this, as well as a Subversion repository for utilities:
http://svn.atlassian.com/svn/public/contrib/jira/spamfighting/
Currently this contains:

  • Shell scripts for detecting comment or trackback spam as it happens, and notifying someone. These are intended to be run from a cron job. SQL variants for PostgreSQL and MySQL are included (other translations welcome).
  • A growing blacklist of spammer IPs. All the spam I’ve seen so far is from three Romanian ISPs, so tracking down the IP and complaining to ISPs is worthwhile. This is where you can help. If you are spammed, please take the time to track down the IP in your logs (instructions provided), register a svn username and commit the evidence to Subversion. The more people who do this, the more evidence ISPs have to act on, or failing that, at least JIRA administrators have a list of IPs to block at the firewall.
  • cleancommentspam.jsp, introduced in a previous post as a way of detecting and deleting spam permanently. If you come up with any improvements or derivatives (a JSP that deletes spammed issue histories would be nice), please contribute back so others can benefit.

To keep up-to-date on future developments, please subscribe to the space feed (atom or RSS).

Fresh ideas, announcements, and inspiration for your team, delivered weekly.

Subscribe now