Just deleted over 800 users from my database that joined in the last few hours from obviously fake emails and botted usernames. Make sure to either close registration or have some sort of safety check in place because things are getting hairy out here.
Hey! I’ve been caught up in this. Have closed registration for now but what do I do with the created accounts? Unless I’m missing something I can’t find the admin tools to deal with users except through their posts (and they haven’t posted anything).
What worked for me is manually deleting those entries from the database through the console. Gotta delete it from the postgresql database if you don’t have any real user sign ups during the spam sign ups, you can just delete all entries after a certain point. That’s how I did it.
Did you actually delete them or set the deleted column? I’m anxious of leaving dangling references which might cause errors to pop up elsewhere but I’d rather get rid of them completely if that doesn’t seem to cause problems.
I also found it wasn’t reflected in the user count until I manually manipulated the
site_aggregates
table. I don’t know if that would have caught up eventually.You have to delete them from local_users and person tables. Be careful with person table to not delete entries from users outside your Instance. It worked for me and fixed the user count in my sidebar.
Cool. I think I’m going to give it a few days in case I deleted someone I didn’t want to. If I hear no complaints (I’m pretty sure I’m the only real local user on my instance anyway 😂) I’ll delete out the db. Thanks!
No problem! Hopefully others that had this problem can fix their instance too. Since we don’t know when the spam accounts will become active and start posting or if that spam attack was just to mess with us.
Holy shit