Vandalism in Jira #4229
Comments
|
I've blocked |
|
For info, since @MarkEWaite did enable the circuit breaker, we've had some GH helpdesk issues asking for account confirmation: |
|
@daniel-beck I don't know how to revert changes in JIRA. Do we have prior runbook or something? Last "big set of unwanted changes", we reverted to a previous backup which made us lost days of legit changes. If we have to do this know, I would rather do it quickly. WDYT? |
|
I guess it is also a good trigger for #2232: our accountapp is really weak and easy to batch-create stuff on it. Switching to another system would help limiting the impact of such things (note: it would NOT prevent a user to deface JIRA) |
|
I reverted the "close" actions of those two spammers by reopening each of the issues that were closed. I did not attempt to undo the other actions because they seemed too small to be worth the time to interactively repair the damage. |
I don't think anything convenient exists. I'd look at the changes, do the opposite.
I don't think this rises to the same level. FWIW we've removed "Bulk Change" permission from regular Jira users. |
|
What I noticed is that the users |
there's a hardcoded list, 👉 jenkins-infra/account-app#397 |
dduportal
modified the milestones:
infra-team-sync-2024-08-13,
infra-team-sync-2024-08-20
|
Are there more actions required on this one? |
|
I'm not aware of any further actions that are needed. I will continue to monitor Jira for issue spam and will block users that are detected creating spam comments and spam changes. |
|
Thanks! I'm closing the issue then. |
Service(s)
Jira
Summary
https://issues.jenkins.io/secure/ViewProfile.jspa?name=chsonu_5 and https://issues.jenkins.io/secure/ViewProfile.jspa?name=bablo_515 took a bunch of actions that should be reverted.
Reproduction steps
No response
The text was updated successfully, but these errors were encountered: