gogs developers don’t want to use recaptcha for whatever idiotic reason, so i get a constant torrent of spam bot registrations, usually via gmail and such addresses.
several times some fucktard registered a shitload of accounts for a particular email domain effectively using gogs as a DDOS amplification attack vector against it. this particularly bothers me but i guess gogs developers don’t mind contributing to criminal activity.
therefore, i’m going to institute automatic retention rules for users who have zero repositories and, at least, have their website field set (which bots are trying to use for SEO i suppose). such users are going to be auto-pruned.
- i’m not going to describe an exact criteria used for automatic removal for obvious reasons.
e: gogs went from 3800 users to 110 after the script has finished running.