Sticky How to protect my forum from spam

sozzled wrote: G'day, MrChuky, and welcome to Kunena.

You can use the flood control feature of Kunena.

Warmly thank sozzled. :laugh:

We are getting a large amount of SPAM recently through our forum, and are having a hard time keeping up with deleting the posts and users. When we delete the users, they just create nother account.

Is there an easy way to put an end to this through Kunena?

Hello All,

I know this topic has been discussed extensively on this forum, but the posts I can find are very disjointed and very old.
Can anybody maybe give us all a simple, single forum example to solve this issue?

1. A spam user or bot registers on a Joomla! site and defeats captcha and email confirmation.
2. They begin posting spam on a Kunena forum that only allows posting by registered users.

I have seen many different posts and ideas on stopping this, but how does Kunena do it? How does Joomla.org do it?

Any help would be greatly appreciated - links to what I am asking or just a nice simple tutorial because I know I am one of the thousands having this problem.

Thanks!

*** Topics Merged ***

flatmattj wrote: I know this topic has been discussed extensively on this forum, but the posts I can find are very disjointed and very old.

G'day

Yes, the topic has been discussed extensively on this forum but the discussion has been kept in the one place so as to assist everyone with the same basic question: "How do I protect my website (and my forum, obviously) from attack?" Rather than tackle your question as a separate, new topic - as you have done - I've merged your topic with the one we've used in the past. I will, however, try to give your questions more detailed treatment than by responding with a facile how-you-protect-your-forum-is-something-for-you-to-decide kind of answer.

Even though some of the messages posted in this discussion may be old, the problem of spam is much older than when this topic started. Spam has been a persistent problem that is older than the internet. So, while some of the messages may seem "dated", the advice given in this topic is as fresh and relevant today as when it was first offered.

flatmattj wrote: Can anybody maybe give us all a simple, single forum example to solve this issue?

The reason that there is no single, simple answer is because the issue quite complex. If we start with the understanding that everyone has a different way of implementing a website (and a web-based discussion forum like Kunena) you might begin to understand that many factors may contribute to this problem.

Some people like the idea of allowing anyone to post whatever they like without requiring them to login. The problem with that, of course, is that they have little control over the content of what people post on their forum apart from challenging people every time they post with some simple "identity" check (e.g. CAPTCHA) and all that CAPTCHA does is to ensure that it's a human being posting objectionable material instead of a 'bot.

Some people restrict their sites so that everyone can view what's posted on the forum (and only registered users can login in order to post) but then allow anyone to register with their site; they then wonder how their sites become littered with material that they consider "objectionable". Other people still further restrict their sites so that only registered members of the community must login - in order to see the forum - but they still have the "open door" policy to allowing material to appear on the site automatically, without review. Again, the root cause of this problem is a registration issue. How do you know, when someone registers at your site, that they're not going to abuse the privileges of posting on your site?

Still, other people even further restrict their sites by requiring that all messages are subjected to moderator review before they are published on the board. This is about the ultimate preventive measure but it impacts on the smooth flow of the discussions and comes at a cost to management. This is a question for forum managers/site administrators to weigh up as to how much management overhead is the "right amount" and how much is not justifiable.

Some website genres seem more "attractive" to spam than others. I don't know why that seems to be the case but anime and game sites are more likely to be targeted by spammers than old ladies' quilting or bird-watching society websites.

flatmattj wrote: 1. A spam user or bot registers on a Joomla! site and defeats captcha and email confirmation.

Of course as we all know, this has nothing to do with Kunena. Kunena is not responsible for user registration on a Joomla website. User registration is a Joomla function that may be optionally assisted by other Joomla extensions better equipped to deal with registration scrutiny. Basic Joomla has two variations: allow everyone to register (and new registrations must confirm by using a valid email address) or allow no-one to register. If you allow no-one to register you, the system administrator, must perform all user registration yourself.

flatmattj wrote: 2. They begin posting spam on a Kunena forum that only allows posting by registered users.

As I mentioned earlier in my reply, if you allow people to register and give them the unfettered right use the forum after they have joined, then you allow people the ability to post whatever they like ... unless you review everything that they write beforehand. The question that everyone needs to individually answer is, how much scrutiny is the "right amount" of scrutiny. On the one hand you can scrutinise to the point of terrorising people and they may be reluctant to post anything at all if they're continually subjected to this kind of treatment.

For instance, take a community-driven, self-help forum like the one here at www.kunena.org . Messages are not screened before they appear on the forum. They appear instantly. So, you may ask, how do we prevent spam posting on this website?

The answer to this question, as I have often written, is simple:

The only effective remedy against spam is vigilance.

We have an active moderation team here, one that operates close to 24 hours a day, and spam rarely lasts for more than a few minutes before it's detected, removed and the account(s) responsible for this rubbish are blocked from accessing the site in future. This site has a zero tolerance of spam and the moderation team is equipped with the necessary tools to deal with the problem.

However, if you are asking what preventive measures can be taken in the first place to stop spam from showing up on your forum, the answer really lies in how you screen new user registrations. There must be hundreds of guides on the internet to help people with this "management problem"; the forum here at this site is one place where people can meet to discuss various ideas, hints, tips and tricks-of-the-trade. I've given you a few ideas and I hope they help. I'm sure that others may have their own suggestions that will help you, too.

I am new to Kunena and just installed K1.63 My Joomla1.6 site is going to replace my existing site but I do not keep it "on line" yet. I had a BBB forum on my old site and it was taken over by spammers and I had to shut it down. I hope the Kunena site will be better. Is there a captcha program that will work on Joomla1.6? Also can I make every post go to my computer to authorize it before it goes on the forum? I know this is extra work, but we may not have that much activity anyway. Is there any other measures I can take. I see some plugins - but they are not for Joomla1.6

OOps - I guess this is the wrong spot - I'll try to find the right one