Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

What options are available for blocking/filtering spam reports in a public issue tracker?

RoseSilverSoftware
RoseSilverSoftware March 8, 2023

I've been using Bitbucket for the source repo, public issue tracker, wiki, etc., for my projects since 2015. Once in a while I've seen a spam comment added to an existing issue, but today I'm seeing a number of actual new issues being opened that are completely spam. Here's one that I haven't deleted yet so it could serve as a concrete example:

https://bitbucket.org/RoseSilverSoftware/illuminatedcloud/issues/2331

The volume is still pretty low right now, but I fear I'll wake up one morning with hundreds or even thousands of such issues having been logged.

Is there any first-class mitigation strategy aside from changing the issue tracker from public to private? That wouldn't really be a viable option for me as this is the public issue tracker for users of my project.

Any insights or suggestions you can provide are sincerely appreciated.

Answer
Watch
Like # people like this
638 views

3 answers

0 votes
RoseSilverSoftware
RoseSilverSoftware March 19, 2023

Hi. I've been communicating with Atlassian/Bitbucket Cloud support for a few days now and they're actively working on a solution for this. The problem is NOT solved yet, though, and they recommend that any affected public issue trackers be made private until they are. If you have a large number of spam issues, they should be able to help remove them en masse. I'll be happy to post an update here when they've informed me of a solution.

Reply
0 votes
RoseSilverSoftware
RoseSilverSoftware March 9, 2023

Yeah, the spam rate increased considerably overnight (hundreds) and now I'm going to be spending my morning cleaning up my issue tracker and taking it offline until/unless there's a resolution. Sigh...

Reply
0 votes
bonachea
bonachea March 8, 2023

We are seeing spam from the same malicious group starting today on several of our public issue trackers. I suspect BitBucket is being subjected to a widespread concerted spam attack this evening.

This incident highlights the woefully inadequate tools that BitBucket provides repo admins for mitigating spam/defacement attacks.

Please go vote and comment on feature request BCLOUD-21131, which is not a fool-proof solution but at least would be a step in a positive direction.

View More Comments
RoseSilverSoftware
RoseSilverSoftware March 8, 2023

Done. Thank you for responding here!

Like
RoseSilverSoftware
RoseSilverSoftware March 9, 2023

Hi @bonachea. A few questions if you don't mind and have the time:

What are you doing with your public issue trackers that are under attack? Have you changed them to private temporarily until this attack ends? If so, how are going to decide when it's safe to make them public again?

How are you letting users of disabled issue trackers know what's going on in the interim? I really wish that a public/read-only option was offered so that the issue tracker is still available publicly in a read-only state.

Have you reported the attacker accounts to Atlassian somehow? If so, what report channel did you use?

Are you aware of any kind of bulk issue delete mechanism in BitBucket Cloud? After changing my issue tracker to private, I had to remove ~600 spam issues this morning, one at a time, three clicks per-issue.

Thanks in advance for any additional guidance you can provide.

Like
bonachea
bonachea March 9, 2023

Hi @RoseSilverSoftware  - I recommend creating an Atlassian support ticket here:

https://support.atlassian.com/contact

We've had a similar problem before and they are disappointingly slow to respond, but they do eventually respond.

I strongly agree that issue tracker features like a public/read-only state and bulk edits (a frequently requested feature) would be useful in this situation. Unfortunately BitBucket Cloud's issue tracker is deliberately underpowered for business reasons (self-competition) so I wouldn't hold your breath for any "fancy" features like that.

Sadly the best advice is probably to ditch Atlassian products entirely and move to a competitor hosting service whose business model doesn't depend on saddling non-enterprise users with offensively feature-poor tools.

Like astanin likes this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.