Sticky How to protect my forum from spam

My page content is of no interest for Russian, Ukraine or Lithuanian visitor, but Joomlastats tells me that 30-40% of my visitors are from these countries. This visitors almost ALWAYS visits 6 pages. The registration page is visited one time, the "forgot password" page is visited 2-3 times, and the Forum index 2-3 times.
OS is almost always WinXP, and IE 6.0 is used.

Before I installe AlphaRegistration, all these visitors registered, but they never activated the account. After AlphaReg no one of these registers, but they still follow the same pattern of visiting 6 pages.

Can anyone tell me what this is? Is it some kind of security risk here? Should I do something, or should I just forget about it?

G'day, gugne, and welcome to Kunena.

It is a fairly well-established fact that many attempts by people to infiltrate legitimate websites originate from the places that you have found. It is most unfortunate that there is not as much policing done in those areas to stamp out these unwarranted attacks. However, the mere fact the people have tried to worm their way into your website is not, of itself, any more of a risk that, say, crossing a busy road. There is always traffic that you have to watch out for.

But, as far as Kunena is concerned, this is not really a Kunena problem. This is a website administration problem. I am pleased to read that you have taken appropriate steps to minimise the risk. It's good to see people watching the busy road before they try to cross it.

Why do you see the same "six pages" visited, time after time? Most probably these are not real people trying to hack into your website. They're 'bots - automated software that hunts for potential targets to hit. In your case they've tried but failed to gain entry. Good. Let's keep things that way.

For those of you with a general interest in how to protect your forum from spam, although I have written on many occasions before that there really is no substitute for vigilance in dealing with spam on your website, there are a couple of fairly simple things that people can avoid doing to prevent spam.

(1) If you are using K 1.5 you should upgrade to K 1.6. We are not saying that K 1.5 is more "spam-prone" but the toolkit for dealing with spam is not as good as the toolkit included in K 1.6.

(2) If you are using K 1.5 with the unofficial "discussbot" plugin - software that is no longer available on the JED - this software actually can make it easier for spambots to post on your forum because of a security flaw in that software. This is another reason for people who use Kunena to only use add-ons that are endorsed, supported and maintained by the Kunena project team. The K 1.5 "discussbot" was never officially part of the project.

(3) Although K 1.6 is not perfect, it is better than K 1.5 for preventing spam.

(4) If you are worried about the possibility of your site becoming a dumping ground for unwanted rubbish on your website then don't offer people an irresistible invitation by allowing non-registered guests to post on your forum. Certain sites are more attractive than other sites (for some strange reason) such as sites that deal in games, "warez", anime, etc. Don't ask me why, that's just the way things are. This website gets the occasional spam posting but (as far as I know) we have not yet been successfully attached by a spam 'bot.

This is all good advice. However there's little worse than logging on to find loads of explicit porn on the site which has been put up overnight.

I know for a fact that making the first X posts require moderation removes this problem completely and cuts spam appearing on the board to virtually nothing.

Do you think it will be implemented on Kunena? It's by far the best way to stop spam.

I just got a hint that using this component spam was dropped almost into zero -- wihtout captha!

extensions.joomla.org/extensions/access-.../authentication/7319

It prevents users from registering by using suspicious or invalid email addresses.

Exactly - but the new 2.0 version is even better: extensions.joomla.org/extensions/access-...authentication/10802

After converting one of our sites from Wordpress to Joomla + JomSocial + Kunena, within a few weeks, we we're heavily targeted by spammers.

Every morning I would wake up to ridiculous amounts of russion spam in forum and sometimes more than 100 new spam-users in JomSocial.

I found this, bought it, installed it and haven't had a single spampost, nor spam-user registration, since.

Even though it's a paid/commercial plugin, this is a must-have for us and I will deploy it on all our sites from now on!

Also, support is excellent - I had a question about installation and it was handled very polite and quickly!