fsebugoutzone.org:9999

       Post AOVH1bqCgL98unXgJs by codeberg@mastodon.technology
 (DIR) More posts by codeberg@mastodon.technology
 (DIR) Post #AOUNCwHRQzws3i6m6S by blacklight@social.platypush.tech
       2022-10-12T10:40:18Z
       
       0 likes, 1 repeats
       
       #Gitea #spam25 more spam users have been created today on my Gitea instance.Again, same patterns - GMail email addresses, spammy links in the description, most of them about services in India (ranging from tours in Ooty or Agra, to help with programming assignments, to escort services in Pune). I&#39;ve noticed that some of them also started created empty repos.This is in spite of the block to direct registrations I&#39;ve put on the website - it&#39;s now only possible to register/sign-in through a 3rd-party.The solution for now has been to run again my script for spam accounts deletion, and to disable logins through the Google OAuth2.It seems quite clear to me, however, that there are real humans behind these campaigns, even if the registration patterns seem to concentrate around certain times of the day. Me and other Gitea admins reported that even CAPTCHAs couldn&#39;t stop them. In my case, with direct registrations disabled on the server, it means that some real humans with some real Google accounts were clicking on the &quot;Sign in with Google&quot; button and signing in. Now if they want to sign in they have to go through some extra steps (having a Twitter, Mastodon or Github account), and I hope that this at least frustrates their efforts a bit. The reason why real humans would spend so much effort targeting a Gitea instance with just about 100 users is still unclear to me though.@codeberg do other instances report similar patterns as well? Anything we can do to mitigate this flood?
       
 (DIR) Post #AOUNCxnNnj5ol43nWq by blacklight@social.platypush.tech
       2022-10-12T10:45:55Z
       
       0 likes, 0 repeats
       
       @codeberg one more spam account got created just while I posted this. So the absence of a &quot;Sign in with Google&quot; button doesn&#39;t discourage them. Proceeding with setting `REGISTER_MANUAL_CONFIRM=true`.Can you confirm if these are indeed humans trying their best to spam their links, or scripts that are leveraging some issues with the #Gitea authentication process? I&#39;d be quite puzzled by the existence of human beings who go through so much effort to spam their content...
       
 (DIR) Post #AOUNKNFbYdOhjVnJk8 by neglesaks@mstdn.io
       2022-10-12T10:55:56Z
       
       0 likes, 0 repeats
       
       @blacklight @codeberg Establishing zombie accounts ready for future activation.
       
 (DIR) Post #AOVH1bqCgL98unXgJs by codeberg@mastodon.technology
       2022-10-12T21:19:57Z
       
       0 likes, 0 repeats
       
       @neglesaks The main reason is SEO spam. You can often search the internet for the profiles, you&#39;ll also find them on arbitrary forums and blogs with same name, profile picture and same offers (e.g. assignment help).They just click through random sites in the hope that their URLs are ranked up.@blacklight