Solved Spam in internal Kunena forum

Hi,

I have an internal Kunena forum which is only for members of our clubs. Kunena is 3.0.5.

Today I found a spam link in one of my topics In the MySQL database I do not find this link in my topic.

When I edit the topic and delete the link it will still appear in the topic after saving.

What is wrong here? Is there any infection?

hotch wrote:

When I edit the topic and delete the link it will still appear in the topic after saving.

What is the URL of this "topic"? It would also help if you watched the video vimeo.com/69818669

I do not yet know how this problem is related to Kunena. I do not have enough information to work with to help you.

Because it only appears in Kunena but not in Joomla articles.

The URL will not help you as it is an internal forum. I would need to create an user account.

hotch wrote: Because it only appears in Kunena but not in Joomla articles.

I believe you but I don't see it from what you posted at the start of this discussion.

hotch wrote: The URL will not help you as it is an internal forum. I would need to create an user account.

It may still help, even if your forum is "internal", if we could see the configuration report that I referred to in my last reply to you. I am still struggling to help you without information that confirms exactly what kind of Kunena-related problem you seem to be having.

try backend-kunena-recount

select all option then recount.

Recount done. Problem still existing.

Configuration report:

Database collation check: The collation of your table fields are correct

Joomla! SEF: Enabled | Joomla! SEF rewrite: Enabled | FTP layer: Enabled |

This message contains confidential information

htaccess: Exists | PHP environment: Max execution time: 30 seconds | Max execution memory: 128M | Max file upload: 200M

Kunena menu details:

Warning: Spoiler!

ID	Name	Menutype	Link	Path
103	Forum	kunenamenu	view=home&defaultmenu=104	forum
104	Index	kunenamenu	view=category&layout=list	forum/index
105	Aktuell	kunenamenu	view=topics&layout=default&mode=replies	forum/aktuell
106	Neues Thema	kunenamenu	view=topic&layout=create	forum/neuesthema
107	Ohne Antwort	kunenamenu	view=topics&layout=default&mode=noreplies	forum/ohneantwort
108	Meine Themen	kunenamenu	view=topics&layout=user&mode=default	forum/meinethemen
109	Profil	kunenamenu	view=user	forum/profil
110	Regeln	kunenamenu	view=misc	forum/regeln
111	Hilfe	kunenamenu	view=misc	forum/hilfe
112	Suche	kunenamenu	view=search	forum/suche
102	Forum	mainmenu	view=home&defaultmenu=113	mitglieder22/forum1
327	Forum	mainmenu-en	view=home&defaultmenu=113	mitglieder22-2/forum1

Joomla default template details : full_screen_3 | author: JoomSpirit | version: 1.0 | creationdate: Unknown

Kunena default template details : Blue Eagle | author: Kunena Team | version: 3.0.5 | creationdate: 2014-03-09

Kunena version detailed: Kunena 3.0.5 | 2014-03-09 [ Invecchiato ]
| Kunena detailed configuration:

Warning: Spoiler!

Kunena config settings:
board_offline	0
enablerss	0
threads_per_page	20
messages_per_page	6
messages_per_page_search	15
showhistory	1
historylimit	6
shownew	1
disemoticons	0
template	blue_eagle
showannouncement	1
avataroncat	0
catimagepath	category_images/
showchildcaticon	1
rtewidth	450
rteheight	300
enableforumjump	1
reportmsg	1
username	1
askemail	0
showemail	0
showuserstats	1
showkarma	0
useredit	1
useredittime	0
useredittimegrace	600
editmarkup	1
allowsubscriptions	1
subscriptionschecked	0
allowfavorites	1
maxsubject	60
maxsig	300
regonly	1
pubwrite	0
floodprotection	0
mailmod	0
mailadmin	0
captcha	0
mailfull	1
allowavatarupload	1
allowavatargallery	1
avatarquality	65
avatarsize	2048
imageheight	800
imagewidth	800
imagesize	150
filetypes	zip,txt,doc,gz,tgz,pdf,xls,docx
filesize	5000
showranking	1
rankimages	1
userlist_rows	30
userlist_online	1
userlist_avatar	0
userlist_name	0
userlist_posts	1
userlist_karma	0
userlist_email	0
userlist_joindate	1
userlist_lastvisitdate	1
userlist_userhits	1
latestcategory	0
showstats	1
showwhoisonline	1
showgenstats	1
showpopuserstats	1
popusercount	5
showpopsubjectstats	1
popsubjectcount	5
usernamechange	0
showspoilertag	1
showvideotag	1
showebaytag	1
trimlongurls	0
trimlongurlsfront	40
trimlongurlsback	20
autoembedyoutube	1
autoembedebay	0
ebaylanguagecode	de-de
sessiontimeout	1800
highlightcode	0
rss_type	topic
rss_timelimit	month
rss_limit	100
rss_included_categories
rss_excluded_categories
rss_specification	rss2.0
rss_allow_html	1
rss_author_format	name
rss_author_in_title	1
rss_word_count	0
rss_old_titles	1
rss_cache	900
defaultpage	categories
default_sort	asc
sef	1
showimgforguest	1
showfileforguest	1
pollnboptions	10
pollallowvoteone	1
pollenabled	1
poppollscount	5
showpoppollstats	1
polltimebtvotes	00:15:00
pollnbvotesbyuser	100
pollresultsuserslist	1
maxpersotext	50
ordering_system	mesid
post_dateformat	datetime
post_dateformat_hover	datetime_today
hide_ip	1
imagetypes	jpg,jpeg,gif,png
checkmimetypes	1
imagemimetypes	image/jpeg,image/jpg,image/gif,image/png
imagequality	50
thumbheight	32
thumbwidth	32
hideuserprofileinfo	put_empty
boxghostmessage	0
userdeletetmessage	0
latestcategory_in	1
topicicons	1
debug	0
catsautosubscribed	0
showbannedreason	0
version_check	1
showthankyou	1
showpopthankyoustats	1
popthankscount	5
mod_see_deleted	0
bbcode_img_secure	text
listcat_show_moderators	0
lightbox	1
show_list_time	720
show_session_type	0
show_session_starttime	0
userlist_allowed	1
userlist_count_users	1
enable_threaded_layouts	0
category_subscriptions	post
topic_subscriptions	every
pubprofile	0
thankyou_max	10
email_recipient_count	0
email_recipient_privacy	bcc
captcha_post_limit	0
keywords	0
userkeywords	0
image_upload	everybody
file_upload	everybody
topic_layout	flat
time_to_create_page	1
show_imgfiles_manage_profile	1
hold_newusers_posts	0
hold_guest_posts	0
attachment_limit	8
pickup_category	0
article_display	intro
send_emails	1
fallback_english	1
cache	1
cache_time	60
iptracking	1
rss_feedburner_url
autolink	1
access_component	1
statslink_allowed	1
userlist_usertype	0
sefutf8	0
enablepdf	1
jmambot	0
annmodid	62, 65, 71
changename	0
userlist_username	1
rules_infb	1
help_infb	1
onlineusers	1

| Kunena integration settings:

Warning: Spoiler!

Kunena - AlphaUserPoints Disabled
Kunena - Community Builder Enabled: access=1 login=0 activity=0 avatar=0 profile=0 private=0
Kunena - Gravatar Disabled
Kunena - JomSocial Enabled: access=1 login=0 activity=0 avatar=0 profile=0 private=0 activity_points_limit=0 activity_stream_limit=0
Kunena - Joomla Enabled: access=1 login=1
Kunena - Kunena Enabled: avatar=1 profile=1
Kunena - UddeIM Enabled: private=1

| Joomla! detailed language files installed:

Warning: Spoiler!

Joomla! languages installed:
de-DE	German (DE-CH-AT)
en-GB	English (United Kingdom)

Third-party components: UddeIM 2.9

Third-party SEF components: None

Plugins: Search - Kunena Search 3.0.1 | Content - Kunena Discuss 3.0.1

Modules: Kunena Stats 3.0.1 | Kunena Login 3.0.1

Thank you for your configuration report. I would like to suggest a couple of small changes to the forum integration plugin settings (as indicated in red below):

Kunena - AlphaUserPoints Disabled
Kunena - Community Builder Disabled
Kunena - Gravatar Disabled
Kunena - JomSocial Enabled: Disabled
Kunena - Joomla Enabled: access=1 login=1
Kunena - Kunena Enabled: avatar=1 profile=1
Kunena - UddeIM Enabled: private=1

You have a lovely website and, I agree, it's not good when you get spam messages posted in your forum. I am still trying to find the source of the problem you seem to be having. The problem is not that someone posted a spam message; the problem is

hotch wrote:

When I edit the topic and delete the link it will still appear in the topic after saving.

The issue is not so much about "spam in the forum"; the issue is about how you how you "[edited] the topic and [deleted] the link and [the deleted information] still appears in the topic after saving".

It would be a great help if you could show me exactly which topic contains the message that you are trying to edit. I understand that your forum is restricted to logged-in members of your community but, if you have a test account that we could use, we could save a lot of time if we were able to see for ourselves this problem that you are trying to fix.

Therefore, I am asking if you can post here

1. the URL of the topic that contains the spam; and
2. username/password details of a test account that we can use to access this topic; you can use the following BBcode to post that information here:
   Code:

   [confidential]Username Password:[/confidential]

The sooner we get this information, the sooner we will be able to find why it seems you are not able to fix your problem.

I had a closer look at your website. The spam links - "buy v****a s*****s" (and there are others) - was not put there by Kunena.

This is not a Kunena problem.

The link appears on other pages on your website, too.

It appears that someone installed a module on your website that generates links at random on certain pages.

This module modifies the "About the club" menu item.

It looks to me that your website has been hacked.

@sozzled
You were right. The website was hacked.

The Joomla file /includes/application.php was modified and loaded joomla_rss.php with base64 encoded malicious code. Thus the links were generated.

A freelance helped me to get rid of all this stuff.