Merged How to protect my forum from spam

I've taken the hack from here:
www.kunena.org/forum/114-user-written-ha...for-x-first-messages

and updated it to work with Kunena 1.6.3

To use it, you would edit the /components/com_kunena/lib/kunena.posting.class.php file around line 389 and add the below code. You can edit the $ks_minposts variable to however many posts you want to set as the minimum before the user is no longer moderated.

I'm open to suggestions on how to improve it. I would love to see something like that implemented in the core. I hope its useful to someone.



// Hold the post for new users
$ks_minposts = 2;
$query = "SELECT (count(*)<{$ks_minposts}) AS review FROM #__kunena_messages WHERE userid={$this->_my->id} AND hold=0";
$this->_db->setQuery ( $query );
$this->_db->query ();
$dberror = $this->checkDatabaseError ();
if ($dberror){
return $this->setError ( '-post-', JText::_ ( 'COM_KUNENA_POST_ERROR_SAVE' ) );
}
$ks_userposts = $this->_db->loadResult ();
if ($ks_userposts <= $ks_minposts) {
$this->set ( 'hold', 1 );
}

I couldn't find it in the board but can a guest be banned?

If so .... how?

If not ... can it be a future request.

Let me tell you why I look for this possibility.

I let people who want to join write an introduction.
When they are accepted all is ok but some who get refused start to spam
and can be very rude and threatening. Now I have to put the ip number manual
in the htaccess file. Would be a help to have the ban option for guest simply
by ip address.

Thanks in advance,

Groenteman

Yes, it would be simpler to allow banning by IP and this want an idea intended for K 1.6 by it was not implemented because it requires the writing of a special plugin. Perhaps this will be included in the future.

Rather than banning guests (after you have allowed them to post on your forum) perhaps it would be better and more appropriate in your case to not allow non-registered users the means to post on your forum. This is the default setting for Kunena. When you allow non-registered users the ability to post to your website you also offer a means for spammers to disrupt the smooth operation of your forum. The choice is yours. I hope this helps.

Thanks Sozzled for the reply.

You are correct about the spam but with chaptca its reduce to 3 spams a day.
I have to allow guest to post else they can't write an introduction why we
should grand them access to our information.

People who register have to take a nickname, enter chaptca, reply link in e-mail and
a administrator will grand access. The most spam is by rejected who want to become
member in the community.

This is why the IP blocking would be a big help. Who knows it will be implemented
in future. It would be a help to disable guest to post a url. This was a small hack
in the TMF forum for years. I don't know this is possible in Kunena?

Kind regards,

Groenteman

Hi, I need my users stop spam with a continuous post.

Exist some feature for set time between create post and create new post?


Thanks friends.

G'day, MrChuky, and welcome to Kunena.

You can use the flood control feature of Kunena.

sozzled wrote: G'day, MrChuky, and welcome to Kunena.

You can use the flood control feature of Kunena.

Warmly thank sozzled. :laugh:

We are getting a large amount of SPAM recently through our forum, and are having a hard time keeping up with deleting the posts and users. When we delete the users, they just create nother account.

Is there an easy way to put an end to this through Kunena?

Hello All,

I know this topic has been discussed extensively on this forum, but the posts I can find are very disjointed and very old.
Can anybody maybe give us all a simple, single forum example to solve this issue?

1. A spam user or bot registers on a Joomla! site and defeats captcha and email confirmation.
2. They begin posting spam on a Kunena forum that only allows posting by registered users.

I have seen many different posts and ideas on stopping this, but how does Kunena do it? How does Joomla.org do it?

Any help would be greatly appreciated - links to what I am asking or just a nice simple tutorial because I know I am one of the thousands having this problem.

Thanks!

*** Topics Merged ***

flatmattj wrote: I know this topic has been discussed extensively on this forum, but the posts I can find are very disjointed and very old.

G'day

Yes, the topic has been discussed extensively on this forum but the discussion has been kept in the one place so as to assist everyone with the same basic question: "How do I protect my website (and my forum, obviously) from attack?" Rather than tackle your question as a separate, new topic - as you have done - I've merged your topic with the one we've used in the past. I will, however, try to give your questions more detailed treatment than by responding with a facile how-you-protect-your-forum-is-something-for-you-to-decide kind of answer.

Even though some of the messages posted in this discussion may be old, the problem of spam is much older than when this topic started. Spam has been a persistent problem that is older than the internet. So, while some of the messages may seem "dated", the advice given in this topic is as fresh and relevant today as when it was first offered.

flatmattj wrote: Can anybody maybe give us all a simple, single forum example to solve this issue?

The reason that there is no single, simple answer is because the issue quite complex. If we start with the understanding that everyone has a different way of implementing a website (and a web-based discussion forum like Kunena) you might begin to understand that many factors may contribute to this problem.

Some people like the idea of allowing anyone to post whatever they like without requiring them to login. The problem with that, of course, is that they have little control over the content of what people post on their forum apart from challenging people every time they post with some simple "identity" check (e.g. CAPTCHA) and all that CAPTCHA does is to ensure that it's a human being posting objectionable material instead of a 'bot.

Some people restrict their sites so that everyone can view what's posted on the forum (and only registered users can login in order to post) but then allow anyone to register with their site; they then wonder how their sites become littered with material that they consider "objectionable". Other people still further restrict their sites so that only registered members of the community must login - in order to see the forum - but they still have the "open door" policy to allowing material to appear on the site automatically, without review. Again, the root cause of this problem is a registration issue. How do you know, when someone registers at your site, that they're not going to abuse the privileges of posting on your site?

Still, other people even further restrict their sites by requiring that all messages are subjected to moderator review before they are published on the board. This is about the ultimate preventive measure but it impacts on the smooth flow of the discussions and comes at a cost to management. This is a question for forum managers/site administrators to weigh up as to how much management overhead is the "right amount" and how much is not justifiable.

Some website genres seem more "attractive" to spam than others. I don't know why that seems to be the case but anime and game sites are more likely to be targeted by spammers than old ladies' quilting or bird-watching society websites.

flatmattj wrote: 1. A spam user or bot registers on a Joomla! site and defeats captcha and email confirmation.

Of course as we all know, this has nothing to do with Kunena. Kunena is not responsible for user registration on a Joomla website. User registration is a Joomla function that may be optionally assisted by other Joomla extensions better equipped to deal with registration scrutiny. Basic Joomla has two variations: allow everyone to register (and new registrations must confirm by using a valid email address) or allow no-one to register. If you allow no-one to register you, the system administrator, must perform all user registration yourself.

flatmattj wrote: 2. They begin posting spam on a Kunena forum that only allows posting by registered users.

As I mentioned earlier in my reply, if you allow people to register and give them the unfettered right use the forum after they have joined, then you allow people the ability to post whatever they like ... unless you review everything that they write beforehand. The question that everyone needs to individually answer is, how much scrutiny is the "right amount" of scrutiny. On the one hand you can scrutinise to the point of terrorising people and they may be reluctant to post anything at all if they're continually subjected to this kind of treatment.

For instance, take a community-driven, self-help forum like the one here at www.kunena.org . Messages are not screened before they appear on the forum. They appear instantly. So, you may ask, how do we prevent spam posting on this website?

The answer to this question, as I have often written, is simple:

The only effective remedy against spam is vigilance.

We have an active moderation team here, one that operates close to 24 hours a day, and spam rarely lasts for more than a few minutes before it's detected, removed and the account(s) responsible for this rubbish are blocked from accessing the site in future. This site has a zero tolerance of spam and the moderation team is equipped with the necessary tools to deal with the problem.

However, if you are asking what preventive measures can be taken in the first place to stop spam from showing up on your forum, the answer really lies in how you screen new user registrations. There must be hundreds of guides on the internet to help people with this "management problem"; the forum here at this site is one place where people can meet to discuss various ideas, hints, tips and tricks-of-the-trade. I've given you a few ideas and I hope they help. I'm sure that others may have their own suggestions that will help you, too.