I’m using an self hosted, isolated gitlab (v16.2.4-ee) and I’m wondering about a bot, which has been appeared a few days ago. I 've informed myself about bots and their usage, but I haven’t found a responsible answer for that.
This is a system based bot, which has been created or activated or else (?) for no currently known reason. Based on the gitlab docs for “internal users”: Internal users | GitLab there’re also other bots listed. When I click on the “admin bot” link, I’ll be refered to the source code for users. This bot comes with admin privilegues automatically. This source file has been updated 2 months ago.
Unlike to real users, which are located in the pending approval tab, this bot has been confirmed automatically. I also don’t want to have a bot with admin settings, however, I’m unable to edit this bot like other users or bots, which I’ve created by myself.
We have a user called “test” marked as a bot, but it was created in November last year.
We also have that “GitLab Admin Bot” user, created on wednesday last week, probably when we upgraded from 16.2 til 16.3. I have no idea what the purpose is, but luckily it seems like it hasn’t been used (yet).
Hi, 4 weeks ago I also got an " GitLab Admin Bot" and shortly after a user has registerred with our private community instance of gitlab, despite the fact that self registration was disabled.
I’m not sure if this is related. But having a bot with administration rights, where absolutely no information is present, what it does and in times where a lot of hacking takes place, this must be avoided at all.
So please explain why and what this “Admin bot” does and how I can disable this. I don’t like to give anything and anyone admin rights. This includes also the upgrade operation of gitlab self.
Hope gitlab developer will provide usefull information and how I can prevent such “bots”.
Thanks a lot
hi, I found that disabling account creation in GUI does not disable the account creation when user logins with OAuth provider (Google, Facebook,…). only after search I found that I have to edit the gitlab config file and disable it there too.
This is not transparent or mentioned in GUI, that only password account creation is disabled.
The other thing about the Admin Bot, which was created 4 weeks ago is still unclear and also what is it for. this makes me still uncomfortable.
perhaps you can tell me when it does what action?
