Sticky How to protect my forum from spam

Hi Sozzled, first off, thanks for your reply and your hard work. Second, I really do not want to criticise or take away from your and the Kunena team's fantastic efforts, so please please please take this feedback in the spirit of genuine goodwill it is intended, and please do not be too sarcastic in your reply this time although you must be fed up of Captcha issues.

The real cause of the problem is that people are posting rubbish on your website and the real problem is how to discourage that.

Very respectfully, I really disagree. I agree that spam can never be eradicated, but forum spam can be controlled effectively - for around 6 months with the hacked, custom non-changing captcha I described in the previous thread, barely a single guest spammer got through (except for when spammers managed to register a main Joomla account and would go haywire for a little while, which would happen every week or two). Obviously, my system worked only because it was obscure/unique and spammers couldn't be bothered to automate for it.

My problem is that now for some reason, the new 1.7.1 Re-Captcha implementation is not stopping unregistered bots from posting. Others in this thread seem to have the same problem.

Let me repeat for avoidance of doubt - right now the volume of spam that is posted by unregistered guests that clearly got past the Re-Captcha check is ridiculous - at least 30 a day - compared to none before.

There are three possibilities I see.

1. I am being stupid and installed Kunena 1.7.1 and Re-Captcha wrongly (which is possible, although yes, I did follow the wiki guide you linked to and it works as intended in the front-end).
2. Kunena's implementation of Re-Captcha is not working properly and there's an exploit.
3. Spammers now employ farms of people to crack Re-Captchas, in particular also automating Kunena forums protected by Re-Captcha.

I would like to know which of these you think is more likely. 1 or 2 would be easy to fix.

The third possibility is more worrying and means Re-Captcha has become worthless, not just for Kunena but every other site that uses it. If that is the case, I'll begrudgingly revert to hacking the code into a botch-job custom Captcha that did the trick. And yes, I will also happily raise it with the Re-Captcha devs.

Again, I don't want to rant but this is something I really believe can be improved, even though the majority of users probably run registration-only forums and don't run into this.

Also, again a big thanks to Matias for taking the time to integrate ReCaptcha. I think Kunena is on a good path and this Captcha thing we can sort out too!

In this vein, I wanted to plug the SpamFighter component again.

Everyone struggling with spam in Kunena (or 2 other forums) should try it. In 2 days of using it, it's blocked at least 90% of the spammy posts without much training so far.

Plus, it adds a funky 'spam' button in the Kunena front-end that automatically deletes the post and trains the Bayes database. Plus, in the back-end you can ban the IPs of all the spammers with two clicks.

If it trains itself to be a tiny bit better in its detection, I might just consider turning Captcha off completely... Honestly, try it out, it's magical - would love to hear your feedback.

extensions.joomla.org/extensions/access-...ty/site-access/16331

(I'm not affiliated with these guys, obviously! )

Oh god, now I am depressed. The Onlywire mass social media submission service coincidentally just sent me an email saying that they are now offering Captcha solving.

So I googled "Captcha Solver" and one of the hits down the page (I don't want to even name the site to give it any google juice) offers: "An incredible low price of $1.39 for 1000 solved CAPTCHAs." Apparently they use a combination of OCR and a "24/7" team of Captcha solvers.

So does this mean that any Captcha is basically dead now as a security measure?

The internet is doomed... :ohmy:

Hi

I havent read the whole thread, but I can give some insight and answer your question;

Yes - captcha farms does exists and people are getting paid to solve them (i read about that 6 years ago). Imho that will happen with anything that is solveable by humans too.
So nothing new here.

I worked as a webmaster at an open forum (no need to register to write) for four years and we recieved at that time under 1% spam (of the total # of postings). So it is highly possible.

What Im trying to say is, that there are many other ways to deal with spam and we are trying to solve this as best as possible in Kunena 2.0. Both natively and by plugin.

In the mean time I'd recommend to turn on captcha in K1.7 and also find a plugin that can do it for the Joomla registration form to prevent bots from signing up.

My site used to be a big target for forum spammers. Years ago, I'd have to monitor it every day when I used phpBB as the forum. When migrated to Kunena, it stopped a lot, but didn't stop altogether. I have JomSocial installed for the standard registration and there's a captcha there. I have the captcha enabled on Kunena as well and a limit of three posts where the captcha is required (after that, they don't need it). Even with both of these, I still get the occasional spam.

As LittleJohn mentioned, there are companies that "specialize" in trying to improve SEO by spamming forums. They have hundreds of people working for them and their job is to register on forums and post spam on as many places as they can (especially sites with a higher than average page rank). Since captcha wasn't made to stop "humans" (I put that word in quotes because they're the scourge of the Earth and far below humans), it won't stop them. There are telltale signs it's a human, like they've uploaded an avatar, filled out their profile and a few other activities that a bot wouldn't/couldn't do. They linger for a bit on your site—maybe a few days—then they blast you thinking that their posts will be overlooked. They copy/paste content from related sites mixed with their links to make it look like they are participating in a discussion with relevant information. These are just a few of the obvious things, but there are not-so-obvious ones too.

So if your Joomla registration is using a captcha (or your user system like CB or JomSocial) and you're using the Kunena captcha, you're doing the best anyone can to prevent forum spam (short of moderating every single post). Both Joomla and Kunena take security and spam very seriously so make sure both are up to date.

edit : ups sry, i post in wrong topic
sry again