How to completely nuke and delete a spam account posting illegal content?

I am currently running a gitea as a service offered by a politically opinionated organization I am part of.
Say that a spammer creates an account and uses it to spam extremely illegal content in the various repositories of the instance, how do I completely nuke and delete from the entire system his account and anything he has ever posted or written?
We already have this issue in another service my organization offers, and we react to this by deleting the post and banning the IP, but gitea doesn’t seem to provide any obvious tool to deal with this kind of legally liable spam

I encountered the same problem.
Due to forgetting to close user registration, my self built Gitea service port located on the public network was scanned and over 1000 users were registered. Most of the users’ repositories were empty, and their intentions were unclear. It is understood that these users may have been used for illegal purposes.
So I also searched the Gitea documentation, hoping to easily delete these users and their associated repositories in bulk. In the end, I found a command line based user deletion instruction here .

So my solution is as follows:

1

Firstly, use the command:

gitea admin user list |awk '{print $1}' |xargs 

Retrieve a list of IDs for all users, separate IDs with spaces, and create ids.txt file, write the IDs into it.
Attention, be sure to remove user IDs that do not need to be deleted from the ids.txt file!

2

Then, in the same directory as the ids.txt file, write a script:

#!/bin/bash

# Gitea config file path
CONFIG_FILE="/etc/gitea/app.ini"

# check if ids.txt exist
if [ ! -f "ids.txt" ]; then
  echo "Error:no ids.txt file!"
  exit 1
fi

# read user id from ids.txt
while read -r line; do
  # split id
  ids=($line)

  for user_id in "${ids[@]}"; do
    # check if ID is empty
    if [ -z "$user_id" ]; then
      continue
    fi

    echo "Deleting ID: $user_id ..."

    # execute delete
    gitea admin user delete --id "$user_id" --purge --config "$CONFIG_FILE"

    # check command execute status
    if [ $? -eq 0 ]; then
      echo "User ID: $user_id delete succeed!"
    else
      echo "User ID: $user_id delete fail!"
    fi

    echo "----------------------------------------"
  done
done < ids.txt

echo "All done."

Run the script and wait for the deletion to complete.

3

Finally, I would like to remind you again that if your service is exposed to the public network, be sure to limit the registration related functions!

1 Like