Bot spammed database what should i do? - Admin Panel can't load anymore. Over 40K Accounts have been created... #1252

New Issue

OVERLORD · 2026-02-05T00:23:41+03:00

OVERLORD commented

2026-02-05 00:23:41 +03:00

Originally created by @Skyfay on GitHub (Apr 15, 2022).

A bot has spammed my Vaultwarden with an extremely large number of accounts.
He has apparently created over 40,000 accounts.
Fortunately, the performance is good, but the Admin Panel tab users now loads extremely slowly.

Is there a command to remove these users at once with one command?
Is there a possibility that users who have created an account but have not logged in for 1 week will have their account deleted?

If these accounts were created with the same IP, I think that's a security risk...
What should I do now?

Originally created by @Skyfay on GitHub (Apr 15, 2022). A bot has spammed my Vaultwarden with an extremely large number of accounts. He has apparently created over 40,000 accounts. Fortunately, the performance is good, but the Admin Panel tab users now loads extremely slowly. Is there a command to remove these users at once with one command? Is there a possibility that users who have created an account but have not logged in for 1 week will have their account deleted? ![image](https://user-images.githubusercontent.com/76796007/163585326-85d328c5-0fbc-47af-b2d6-e315f2ccefca.png) If these accounts were created with the same IP, I think that's a security risk... What should I do now?

OVERLORD closed this issue

2026-02-05 00:23:43 +03:00

OVERLORD commented

2026-02-05 00:23:46 +03:00

@BlackDex commented on GitHub (Apr 15, 2022):

You could try to solve this in two ways.
Either use the admin API via curl or something. there is a /admin/users endpoint which returns all the users with all the info as a json. You could use that to filter those users. And then generate a POST to /admin/users/<uuid>/delete to delete these users.

That would be the safe way.

The other way would be to delete these users directly from the database.
It should just be as easy as removing those users from the users table.
You may also need to remove the from the invitations table, but I'm not sure from the top of my head.

Both options should work. And looking at the users since they are not linked to an organizations or have any vault items, both should work just fine.

@BlackDex commented on GitHub (Apr 15, 2022): You could try to solve this in two ways. Either use the admin API via curl or something. there is a `/admin/users` endpoint which returns all the users with all the info as a json. You could use that to filter those users. And then generate a `POST` to `/admin/users/<uuid>/delete` to delete these users. That would be the safe way. The other way would be to delete these users directly from the database. It should just be as easy as removing those users from the `users` table. You may also need to remove the from the `invitations` table, but I'm not sure from the top of my head. Both options should work. And looking at the users since they are not linked to an organizations or have any vault items, both should work just fine.

OVERLORD referenced this issue

2026-02-05 05:02:48 +03:00

[PR #1252] [MERGED] Updated dependencies and Dockerfiles #2902

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1252