I recently noticed a large number (123634 and counting) of spam accounts on my Gitea server. These accounts would have profiles and repositories linking to further spam and possibly nefarious content. I didn’t spend very long investigating the content, but it needed to be removed from the server.
https://community.ui.com/questions/EdgeRouter-6P-Firewall-Rules-to-Block-a-Specific-IP/166d23f4-80df-4437-89e6-790fb708036c
opened 06:09PM - 13 May 25 UTC
topic/ui
### Description
Hi all, I am the maintainer of git.nixmagic.com. As of late Mar… ch, I have had a large amount of abusive sign-ups on my Gitea instance. Below is a screenshot of the current user list. 30 pages are from the last week alone. For now, I am immediately disabling sign-up entirely.
What I would like to do with such a large number of accounts, is to select valid accounts for exclusion and delete / ban everything else. Not sure if the web UI can do this, Linux shell is something I'm fairly comfortable with too. If there is an easier way to do it from there, please let me know. FWIW, I believe that the backend used by the Gitea instance is SQLite.
In the long term, I'll have to also either restrict sign-up, or at the very least get email verification to work properly. Currently it cannot send such verification email, and immediately marks the account as activated instead. As such, writings such as [this one](https://blog.roberthallam.org/2022/11/mass-delete-remove-purge-users-in-gitea/) unfortunately do not seem to apply here.
The idea for the email component would be that it either connects to my Postfix instances for relay, or sends out the emails by itself. I think I would prefer going through Postfix. Any suggestions on documentation I could use for this? Thank you!
### Screenshots
Below is the user list at page 29.
The most recent spam accounts do not have a profile description, while the older ones are.. colourful, let's call it?
### Gitea Version
1.23.7
### Can you reproduce the bug on the Gitea demo site?
No
### Operating System
Windows 10
### Browser Version
Microsoft Edge Version 136.0.3240.64 (Official build) (64-bit)
I encountered the same problem. Due to forgetting to close user registration, my self built Gitea service port located on the public network was scanned and over 1000 users were registered. Most of the users’ repositories were empty, and their...
opened 11:01AM - 24 Jan 25 UTC
type/proposal
### Feature Description
Hello and happy new year,
I have an issue that a lot o… f people that did not deactivated the registration button have : hundreds of bot accounts.
I wish to delete them all and purge their spam repos but, I cannot do that via the GUI, where you have to go onto each of the 600 accounts to delete/purge them. And no, the inactive users deletion option is useless against that because all of those "users" are active.
I'm usually pro-command line but when I'm out and about or connecting to a friends workstation, i dont want to have to connect to my wireguard VPN ssh into my docker host and make a script to delete all of those users.
Thanks for your consideration !
### Screenshots
_No response_
I was able to reduce the creation of spam accounts by setting the following in my Gitea config under service :
REGISTER_EMAIL_CONFIRM: true
ENABLE_CAPTCHA: true
EMAIL_DOMAIN_BLOCKLIST: "spammer.com,mailinator.com,tempmail.com,10minutemail.com,guerrillamail.com,dispostable.com,fakemail.com,maildrop.cc,trashmail.com,yopmail.com,techstrategylab.com,timminsgoldminetour.com,claxyn.org,sise.claxyn.org,blyxen.com,seti.blyxen.com,sise.blyxen.org,ivolix.com,seti.lyvix.org,seti.ivolix.org,semo.ivolix.com,elyquin.org,simu.elyquin.org,semo.claxyn.com,sise.oxilv.com,simu.glinxy.org,simu.hivoltz.org,semo.elyquin.com,prisite.online,sise.dravix.org,dravix.org,semo.glinxy.com,glinxy.com,dark-webmarket.com,seti.juxal.org,juxal.org,9e5d.getir.space,getir.space,topcompanygroup.com,6d43.getir.space,9e2d.mikrowellen-tests.com,verifiedlinklist.com"
and then running the following on my Gitea container to remove existing accounts:
for i in $(seq 24 123634) # first to last account id
do
gitea admin user delete --id $i --purge
done
Some accounts are still being created; however, it is at a slower rate and they are unverified, which prevents the creation of repositories and makes periodic removal a simple task of running one of the jobs from the admin dashboard.
This post is a work in progress