Large number of spurious users

Thank you for your prompt answer.

> Is Jira connected to an external user directory?

No.

 > How are users added or granted application access?

Anyone can browse projects. Users ("project role: users" and the "group: jira-users") can create, comment on and link issues. So users are granted certain rights automatically.

Maybe the project permissions need to be changed?

> Have you enabled public signup and CAPTCHA?

Yes.

> Are users invited through email?

No.

> Are users created automatically?

No.

Is public signup absolutely necessary? What's the reasoning behind this configuration?

The jira server in question is used for open source projects. So, yes, the public signup seems quite necessary.

Here is a record from cwd_users table with fields (user_name, lower_user_name, email_address, created_dat):

8345 ryb в день \ бaланc 779156 RUB afhsаq https://anvtinkag.tumblr.com/Fox GesPoeddy Unennamarline devy | 8345 ryb в день \ бaланc 779156 rub afhsаq https://anvtinkag.tumblr.com/fox gespoeddy unennamarline devy | freethdifi1988+1@mail.ru | 2023-03-13 21:44:08.178+01

What is the point of creating such users? What is there to be gained?

I reiterate my question. What is the point of creating bogus users? What is there to be gained?

Mostly spam, but sometimes bot nets for other more malicious reasons as well.

You have two problems here.

• Whilst your settings now may well prevent the problem, your settings in the past enabled spam bots to create these accounts.
• You are using SQL to delete them.  This is unlikely to actually work unless you get it exactly right (this means significant and complete downtime on your Jira, potentially days depending on size)

My suspicion is that these two are combining to give you what you are seeing.  It's not that "new ones keep coming in", but that your SQL deletions are failing.  Your "new" spam accounts are the ones you think you've removed are not removed. 

To minimise downtime, you must turn off public signup for a few hours/days/weeks - as long as it takes you to identify the actual problem. 

I would

• do this immediately
• add a banner saying you've got a problem and new signups are suspended until it is fixed
• record the number of users you have overall
• get the admins to record every new user they add until the end of the experiment
• manually delete (say) 200 spam users, recording which ones you kill.  Do this via the UI, never touch an Atlassian system's database

Then monitor it for a week - every few hours or days, look at the numbers of accounts you have.  Is it still going up?  Can the increase be accounted for by your admins adding accounts?  If not, then search for the 200 users you deleted and see if any have re-appeared.