Lots of spam or unused users created every day on GitLab
We currently have 2595 users on GitLab, compared to 1057 on 2020-09-01. That's a huge increase.
On https://gitlab.tails.boum.org/admin/users?sort=created_desc I see 3-15 users created daily. Most of them did not confirm their registration. Some of them look like future spammers to me but I can't be sure.
I think it would be good hygiene to avoid having thousands of unused accounts.
I suppose we could:
- Periodically block user accounts that are unconfirmed for a long time. Then, after some more time, delete them?
- Make it harder for bots to create user accounts. GitLab has a few options for that, which all have pros & cons, such as:
- Domain denylist
- reCAPTCHA for creating accounts