[issue] Spam accounts gets created trough local account (no way?!)

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD

https://gitea.com

MIT License

45.24k stars 5.5k forks source link

[issue] Spam accounts gets created trough local account (no way?!) #32556

Open 0n1cOn3 opened 3 days ago

0n1cOn3 commented 3 days ago

Description

Spammers found a way to register an account without using the given Login Providers (as you can see from the screenshot below)

Gitea Version

1.22.0

Can you reproduce the bug on the Gitea demo site?

Log Gist

No response

Screenshots

Git Version

2.34.1

Operating System

Ubuntu 20.04 LTS

How are you running Gitea?

Docker-Compose V2

Database

MySQL/MariaDB

lunny commented 3 days ago

You can enable captcha and other methods to avoid spammers. If you want to disable local user, it's duplicated of #13606

0n1cOn3 commented 3 days ago

Thank you ! 🥇

0n1cOn3 commented 3 days ago

I have saddly to say, that Captcha is already enabled. And the given thread from you is also saddly not really helpful to get that issue fixed :-(

jiriks74 commented 1 day ago

I have saddly to say, that Captcha is already enabled.

I've enabled reCAPTCHA and verified that it appears on the registration website. Sadly it does nothing to stop the account spam I've been battling over the last few days.