Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vandalism in Jira #4229

Closed
daniel-beck opened this issue Aug 12, 2024 · 12 comments
Closed

Vandalism in Jira #4229

daniel-beck opened this issue Aug 12, 2024 · 12 comments

Comments

@daniel-beck
Copy link

Service(s)

Jira

Summary

https://issues.jenkins.io/secure/ViewProfile.jspa?name=chsonu_5 and https://issues.jenkins.io/secure/ViewProfile.jspa?name=bablo_515 took a bunch of actions that should be reverted.

Reproduction steps

No response

@daniel-beck daniel-beck added the triage Incoming issues that need review label Aug 12, 2024
@dduportal dduportal added this to the infra-team-sync-2024-08-13 milestone Aug 12, 2024
@dduportal dduportal self-assigned this Aug 12, 2024
@dduportal dduportal removed the triage Incoming issues that need review label Aug 12, 2024
@dduportal
Copy link
Contributor

For info: related to #4224 and #4223

@dduportal
Copy link
Contributor

I've blocked bablo_515 in JIRA on short term

@dduportal
Copy link
Contributor

For info, since @MarkEWaite did enable the circuit breaker, we've had some GH helpdesk issues asking for account confirmation:

@dduportal
Copy link
Contributor

@daniel-beck I don't know how to revert changes in JIRA. Do we have prior runbook or something?

Last "big set of unwanted changes", we reverted to a previous backup which made us lost days of legit changes. If we have to do this know, I would rather do it quickly. WDYT?

@dduportal
Copy link
Contributor

I guess it is also a good trigger for #2232: our accountapp is really weak and easy to batch-create stuff on it.

Switching to another system would help limiting the impact of such things (note: it would NOT prevent a user to deface JIRA)

@MarkEWaite
Copy link

I reverted the "close" actions of those two spammers by reopening each of the issues that were closed. I did not attempt to undo the other actions because they seemed too small to be worth the time to interactively repair the damage.

@daniel-beck
Copy link
Author

daniel-beck commented Aug 12, 2024

I don't know how to revert changes in JIRA. Do we have prior runbook or something?

I don't think anything convenient exists. I'd look at the changes, do the opposite.

If we have to do this know, I would rather do it quickly. WDYT?

I don't think this rises to the same level. FWIW we've removed "Bulk Change" permission from regular Jira users.

@mawinter69
Copy link

What I noticed is that the users bablo_515, chsonu_512 and chsonu_5 have the same email [email protected].
Is there a way to block users based on email?

@timja
Copy link
Member

timja commented Aug 13, 2024

Is there a way to block users based on email?

there's a hardcoded list, 👉 jenkins-infra/account-app#397

@dduportal
Copy link
Contributor

Are there more actions required on this one?

@MarkEWaite
Copy link

I'm not aware of any further actions that are needed. I will continue to monitor Jira for issue spam and will block users that are detected creating spam comments and spam changes.

@dduportal
Copy link
Contributor

Thanks! I'm closing the issue then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

5 participants