[GH-ISSUE #2420] Bot spammed database what should i do? - Admin Panel can't load anymore. Over 40K Accounts have been created... #1255

New issue

Closed

opened 2026-03-03 02:07:33 +03:00 by kerem · 1 comment

kerem commented

2026-03-03 02:07:33 +03:00

Owner

Originally created by @Skyfay on GitHub (Apr 15, 2022).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/2420

A bot has spammed my Vaultwarden with an extremely large number of accounts.
He has apparently created over 40,000 accounts.
Fortunately, the performance is good, but the Admin Panel tab users now loads extremely slowly.

Is there a command to remove these users at once with one command?
Is there a possibility that users who have created an account but have not logged in for 1 week will have their account deleted?

If these accounts were created with the same IP, I think that's a security risk...
What should I do now?

Originally created by @Skyfay on GitHub (Apr 15, 2022). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/2420 A bot has spammed my Vaultwarden with an extremely large number of accounts. He has apparently created over 40,000 accounts. Fortunately, the performance is good, but the Admin Panel tab users now loads extremely slowly. Is there a command to remove these users at once with one command? Is there a possibility that users who have created an account but have not logged in for 1 week will have their account deleted? ![image](https://user-images.githubusercontent.com/76796007/163585326-85d328c5-0fbc-47af-b2d6-e315f2ccefca.png) If these accounts were created with the same IP, I think that's a security risk... What should I do now?

kerem closed this issue

2026-03-03 02:07:33 +03:00

kerem commented

2026-03-03 02:07:34 +03:00

Author

Owner

@BlackDex commented on GitHub (Apr 15, 2022):

You could try to solve this in two ways.
Either use the admin API via curl or something. there is a /admin/users endpoint which returns all the users with all the info as a json. You could use that to filter those users. And then generate a POST to /admin/users/<uuid>/delete to delete these users.

That would be the safe way.

The other way would be to delete these users directly from the database.
It should just be as easy as removing those users from the users table.
You may also need to remove the from the invitations table, but I'm not sure from the top of my head.

Both options should work. And looking at the users since they are not linked to an organizations or have any vault items, both should work just fine.

@BlackDex commented on GitHub (Apr 15, 2022): You could try to solve this in two ways. Either use the admin API via curl or something. there is a `/admin/users` endpoint which returns all the users with all the info as a json. You could use that to filter those users. And then generate a `POST` to `/admin/users/<uuid>/delete` to delete these users. That would be the safe way. The other way would be to delete these users directly from the database. It should just be as easy as removing those users from the `users` table. You may also need to remove the from the `invitations` table, but I'm not sure from the top of my head. Both options should work. And looking at the users since they are not linked to an organizations or have any vault items, both should work just fine.