gogs developers don’t want to use recaptcha for whatever idiotic reason, so i get a constant torrent of spam bot registrations, usually via gmail and such addresses.
several times some fucktard registered a shitload of accounts for a particular email domain effectively using gogs as a DDOS amplification attack vector against it. this particularly bothers me but i guess gogs developers don’t mind contributing to criminal activity.
therefore, i’m going to institute automatic retention rules for users who have zero repositories and, at least[1], have their website field set (which bots are trying to use for SEO i suppose). such users are going to be auto-pruned.
- i’m not going to describe an exact criteria used for automatic removal for obvious reasons.
e: gogs went from 3800 users to 110 after the script has finished running.