diff --git a/src/routes/activitypub/inbox.rs b/src/routes/activitypub/inbox.rs
index 23362a3..038cf6c 100644
--- a/src/routes/activitypub/inbox.rs
+++ b/src/routes/activitypub/inbox.rs
@@ -53,7 +53,9 @@ pub async fn post(
 	Json(activity): Json<serde_json::Value>
 ) -> crate::Result<()> {
 	if !matches!(auth, Identity::Remote(_)) {
-		tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity));
+		if activity.activity_type() != Some(ActivityType::Delete) { // this is spammy af, ignore them!
+			tracing::warn!("refusing unauthorized activity: {}", pretty_json!(activity));
+		}
 		match auth {
 			Identity::Local(_user) => return Err(UpubError::forbidden()),
 			Identity::Anonymous => return Err(UpubError::unauthorized()),
diff --git a/src/server/inbox.rs b/src/server/inbox.rs
index cecd002..6eeb635 100644
--- a/src/server/inbox.rs
+++ b/src/server/inbox.rs
@@ -158,7 +158,7 @@ impl apb::server::Inbox for Context {
 	async fn delete(&self, activity: serde_json::Value) -> crate::Result<()> {
 		// TODO verify the signature before just deleting lmao
 		let oid = activity.object().id().ok_or(UpubError::bad_request())?;
-		tracing::info!("deleting '{oid}'");
+		tracing::debug!("deleting '{oid}'"); // this is so spammy wtf!
 		// TODO maybe we should keep the tombstone?
 		model::user::Entity::delete_by_id(&oid).exec(self.db()).await.info_failed("failed deleting from users");
 		model::activity::Entity::delete_by_id(&oid).exec(self.db()).await.info_failed("failed deleting from activities");