Confluence 4.0 : Preventing and Cleaning Up Spam
This page last changed on Aug 31, 2011 by edawson.
If you have a public-facing Confluence site, your site may be affected by spammers. Stopping SpammersTo prevent spammers:
Blocking Spam at Apache or System LevelIf a spam bot is attacking your Confluence site, they are probably coming from one IP address or a small range of IP addresses. To find the attacker's IP address, follow the Apache access logs in real time and filter for a page that they are attacking. For example, if the spammers are creating users, you can look for $ tail -f confluence.atlassian.com.log | grep signup.action 1.2.3.4 - - [13/Jan/2010:00:14:51 -0600] "GET /signup.action HTTP/1.1" 200 9956 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 37750 Compare the actual spam users being created with the log entries to make sure you do not block legitimate users. By default, Apache logs the client's IP address in the first field of the log line. Once you have the offender's IP address or IP range, you can add it to your firewall's blacklist. For example, using the popular Shorewall firewall for Linux you can simply do this: # echo "1.2.3.4" >> /etc/shorewall/blacklist # /etc/init.d/shorewall reload To block an IP address at the Apache level, add this line to your Apache vhost config: Deny from 1.2.3.4 You can restart Apache with a "graceful" command which will apply the changes without dropping any current sessions. If this still does not stop the spam, then consider turning off public signup. Deleting SpamProfile SpamBy 'profile spam', we mean spammers who create accounts on Confluence and post links to their profile page. If you have had many such spam profiles created, it is easier to delete them via SQL, as described below. To delete a spam profile:
Notes
|
![]() |
Document generated by Confluence on Sep 19, 2011 02:50 |