Automatic purging of gogs users

gogs developers don’t want to use recaptcha for whatever idiotic reason, so i get a constant torrent of spam bot registrations, usually via gmail and such addresses.

several times some fucktard registered a shitload of accounts for a particular email domain effectively using gogs as a DDOS amplification attack vector against it. this particularly bothers me but i guess gogs developers don’t mind contributing to criminal activity. :man_shrugging:

therefore, i’m going to institute automatic retention rules for users who have zero repositories and, at least[1], have their website field set (which bots are trying to use for SEO i suppose). such users are going to be auto-pruned.

  1. i’m not going to describe an exact criteria used for automatic removal for obvious reasons.

e: gogs went from 3800 users to 110 after the script has finished running. :roll_eyes:

migrating to a different platform because of this minor issue seems like too much effort.

e: another thing i did, which in retrospect was very obvious, is that i put gogs registration page behind cloudflare javascript challenge. this pretty much stopped all bots right there.

LOL. Looks like I got pruned. ¯\_(ツ)_/¯ It’s been a long while since I made a PR, TBH.

oops, my purging script checks for issues created by user but i completely forgot PRs exist. my bad.

e: fixed but too late for some i guess!