helpdesk icon indicating copy to clipboard operation
helpdesk copied to clipboard

Published 20 hours ago verified publisher icon jenkins-infra

Vandalism in Jira

Open daniel-beck opened this issue 1 year ago • 9 comments

Service(s)

Jira

Summary

https://issues.jenkins.io/secure/ViewProfile.jspa?name=chsonu_5 and https://issues.jenkins.io/secure/ViewProfile.jspa?name=bablo_515 took a bunch of actions that should be reverted.

Reproduction steps

No response

daniel-beck avatar Aug 12 '24 07:08 daniel-beck

For info: related to https://github.com/jenkins-infra/helpdesk/issues/4224 and https://github.com/jenkins-infra/helpdesk/issues/4223

dduportal avatar Aug 12 '24 09:08 dduportal

I've blocked bablo_515 in JIRA on short term

dduportal avatar Aug 12 '24 09:08 dduportal

For info, since @MarkEWaite did enable the circuit breaker, we've had some GH helpdesk issues asking for account confirmation:

  • https://github.com/jenkins-infra/helpdesk/issues/4230
  • https://github.com/jenkins-infra/helpdesk/issues/4227

dduportal avatar Aug 12 '24 09:08 dduportal

@daniel-beck I don't know how to revert changes in JIRA. Do we have prior runbook or something?

Last "big set of unwanted changes", we reverted to a previous backup which made us lost days of legit changes. If we have to do this know, I would rather do it quickly. WDYT?

dduportal avatar Aug 12 '24 09:08 dduportal

I guess it is also a good trigger for https://github.com/jenkins-infra/helpdesk/issues/2232: our accountapp is really weak and easy to batch-create stuff on it.

Switching to another system would help limiting the impact of such things (note: it would NOT prevent a user to deface JIRA)

dduportal avatar Aug 12 '24 09:08 dduportal

I reverted the "close" actions of those two spammers by reopening each of the issues that were closed. I did not attempt to undo the other actions because they seemed too small to be worth the time to interactively repair the damage.

MarkEWaite avatar Aug 12 '24 11:08 MarkEWaite

I don't know how to revert changes in JIRA. Do we have prior runbook or something?

I don't think anything convenient exists. I'd look at the changes, do the opposite.

If we have to do this know, I would rather do it quickly. WDYT?

I don't think this rises to the same level. FWIW we've removed "Bulk Change" permission from regular Jira users.

daniel-beck avatar Aug 12 '24 16:08 daniel-beck

What I noticed is that the users bablo_515, chsonu_512 and chsonu_5 have the same email [email protected]. Is there a way to block users based on email?

mawinter69 avatar Aug 13 '24 10:08 mawinter69

Is there a way to block users based on email?

there's a hardcoded list, 👉 https://github.com/jenkins-infra/account-app/pull/397

timja avatar Aug 13 '24 10:08 timja

Are there more actions required on this one?

dduportal avatar Aug 14 '24 17:08 dduportal

I'm not aware of any further actions that are needed. I will continue to monitor Jira for issue spam and will block users that are detected creating spam comments and spam changes.

MarkEWaite avatar Aug 14 '24 18:08 MarkEWaite

Thanks! I'm closing the issue then.

dduportal avatar Aug 14 '24 18:08 dduportal