Confluence 6 block garbage at Apache or system level

If a spam-releasing bot attacks your confluence site, these programs may come from the same IP address, or a small range of IP address segments. To find the attacker's IP address, refer to the real-time content in Apache access logs and find the page where these attackers were attacking.

For example, a junk publisher is creating a user, and you can find it in the logsignup.action：

$ tail-f Confluence.atlassian.com.log | grep signup.action1.2.3.4--[13/jan/2010:00:14:51-0600] "get/signup.action http/1.1" 9956 "-" "mozilla/4.0 (Compat ible; MSIE 6.0; Windows NT 5.1; SV1) "37750

Compare the content that is created by the actual junk user and the contents of the log to make sure that you don't have an organization that actually uses the user's access. By default, Apache logs will record the visitor's IP address in the first paragraph of the log.

Once you have acquired the IP address or IP address segment of your confluence site, you can add this address or address segment to your firewall blacklist. For example, for Linux platforms, using the Shorewall firewall, you can simply run the following command:

# echo "1.2.3.4" >>/etc/shorewall/blacklist#/etc/init.d/shorewall Reload

To block an IP address at the Apache level, add this line to your Apache Vhost configuration:

Deny from 1.2.3.4

You can add the "graceful" command when you start Apache, and this command will run you to restart Apache while maintaining the current user's session.

If you are not yet able to organize junk users, you can consider disabling allowing public users to enroll.

Https://www.cwiki.us/display/CONF6ZH/Preventing+and+Cleaning+Up+Spam

Confluence 6 block garbage at Apache or system level