this post was submitted on 22 Jun 2023
14 points (100.0% liked)

Lemmy

12535 readers
3 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
 

Trying to purge them and set up with Lemmy Ansible, I've disabled signups without admin approval for now.

I see a postgres container and a password but I'm not very familiar with postgres, I tried psql but can't get access

Edit: Also anyone who's de-federated with us, please reconsider. We're a small server with active admin and will get a handle on this, I promise! We had an easy process to sign up for a few days while I got my users over and forgot to turn it off

Edit2: Looking much more healthy now, I will put the commands I've used in a comment below

top 12 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 1 year ago (1 children)

Turn on captchas too.

I think the easiest is login to the docker and run the postgres client to run sql to delete users. I dont know how to differentiate between your bot and normal

[–] [email protected] 3 points 1 year ago (1 children)

Yeah that's the issue I'm having, someone sent me a postgres command in DM earlier but it does seem to be a bit of a nuke/picking up ordinary users....

[–] [email protected] 2 points 1 year ago (1 children)

I wound up adding adminer to the docker-compose file temporarily to help me look through the data. In my case, there were no legitimate users who hadn't verified their email, so I deleted all from local_users where the email verified column was false.

[–] [email protected] 2 points 1 year ago (1 children)

Huh adminer would definitely be an easier way to do this, do you have the part of the docker-compose you used with the env vars etc?

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Yeah, I really just did a very basic setup:

adminer: image: adminer restart: always ports: - 8080:8080

When entering the database host, just enter "postgres" since that's the host name it will have in the virtual network.

[–] [email protected] 3 points 1 year ago

That's okay I found it, luckily there's a pattern here too... I dug up 27k with repeating numbers on emails which is a good start!

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (1 children)

Hey there! Thank you for reaching out. I'll definitely not block your instance then. Regarding postgres, first login to the postgres container with docker exec -it containername busybox /bin/sh

You can get the container name by running docker ps. Once inside login to psql console with psql -U lemmy

I've written this from memory, but it should be very similar if not the same.

EDIT: Consider saving the usernames and details of the bots that signed up. We might be able to use that for some analysis.

[–] [email protected] 1 points 1 year ago (1 children)

Yup I've got them, luckily 5 or more repeating numbers in their email pretty much identified 99% of them. Would you like me to send the CSV somewhere? 27k+ bots

[–] [email protected] 1 points 1 year ago (1 children)

It's be interesting to see where they are coming from, do you have up and user agents in the logs at all?

[–] [email protected] 1 points 1 year ago

I don't unfortunately, I deliberately don't log that due to some of the sensitive stuff on my own instance (we're China based)

[–] [email protected] 2 points 1 year ago

docker exec -it postgres sh export PGPASSWORD=$POSTGRES_PASSWORD psql -u $POSTGRES_USER

Something like this by heart.

PM me tomorrow if you are stuck (I’m in Europe).

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

The command to connect to the DB is psql -U <user> <DB_name>.
Usually you also have to use the -p flag but I've been connecting directly to the container without it. Not sure if it's because the container already has the password in a environment variable

load more comments
view more: next ›