Kunena 6.3.0 released
The Kunena team has announce the arrival of Kunena 6.3.0 [K 6.3.0] in stable which is now available for download as a native Joomla extension for J! 4.4.x/5.0.x/5.1.x. This version addresses most of the issues that were discovered in K 6.2 and issues discovered during the last development stages of K 6.3
Merged How to protect my forum from spam
As LittleJohn mentioned, there are companies that "specialize" in trying to improve SEO by spamming forums. They have hundreds of people working for them and their job is to register on forums and post spam on as many places as they can (especially sites with a higher than average page rank). Since captcha wasn't made to stop "humans" (I put that word in quotes because they're the scourge of the Earth and far below humans), it won't stop them. There are telltale signs it's a human, like they've uploaded an avatar, filled out their profile and a few other activities that a bot wouldn't/couldn't do. They linger for a bit on your site—maybe a few days—then they blast you thinking that their posts will be overlooked. They copy/paste content from related sites mixed with their links to make it look like they are participating in a discussion with relevant information. These are just a few of the obvious things, but there are not-so-obvious ones too.
So if your Joomla registration is using a captcha (or your user system like CB or JomSocial) and you're using the Kunena captcha, you're doing the best anyone can to prevent forum spam (short of moderating every single post). Both Joomla and Kunena take security and spam very seriously so make sure both are up to date.
Author of Using Joomla from O'Reilly Media. | www.usingjoomlabook.com
Please Log in or Create an account to join the conversation.
sry again
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
- beyondthenet
- Offline
- Junior Member
- Posts: 25
- Thank you received: 0
We require new users to demonstrate some knowledge of the topic.
A nice upgrade would be a hotlink in the "new user email notification" so that the admin could approve the new user without even logging in.
Currently the admin must login, find the new user, open the user, read the 'demonstration of knowledge' then approve the user.
Please Log in or Create an account to join the conversation.
Interesting approach beyondthenet...
Maybe something similar - involving customisation - is the future of spam fighting on Joomla sites?
Just thinking out loud here. The problem with re-captcha is that it is so widespread, so it makes sense for people to specialise solving recaptchas, and then spam across 1000s of smaller sites that all use Re-Captcha.
Obscurity and small size, here, would provide some security.
What about a Captcha system in Kunena where every admin could specify whatever Captcha challenge they could think of - their only limit being their imagination and their audience. I.e.: Upload a picture of whatever - scrambled text, a picture of a dog asking what animal is this?, a pic of a flower with text like 'what do plants need to live?', or a question (like: how many people are in this picture) - and provide the possible correct Captcha responses in another field (e.g. the text, 'dog', 'earth, water, sun, sunlight, sunshine', 3, etc).
The captcha would be static and would always have the same response, but 'human farms' of captcha solvers likely wouldn't bother with something this small or potentially requiring application of mind.
Of course, the problem is that if Kunena were to implement this as a default, the total user base might again become big enough to make it worthwhile for the farmers to specialise in training their staff to recognise custom captchas. Plus, once it's solved, they don't even need humans anymore but can just use the same answer every time on your forum.
I suggest this because for a couple of months I had a dirty hack which had a scrambled word XYZ image and normal HTML text below saying: "Type the text in the photo (hint, the word is XYZ)".
This was enough to fool 99% of spammers and enough for humans to be happy with.
Again, not necessarily suggesting that you code this into Kunena but I think allowing individual admins to customise their captcha will remove the economies of scale that 'captcha farmers' experience in selling ReCaptcha solving services.
I mean - why does Google not use Recaptcha for most of its own services, for example, despite owning it? (Google's own captchas incidentally are illegible to humans half the time).
Please Log in or Create an account to join the conversation.
- LittleJohn
- Topic Author
- Offline
- Kunena Contributor
These kinds of captchas have actually been gaining territory because of the reasons you mention here.naimless wrote: What about a Captcha system in Kunena where every admin could specify whatever Captcha challenge they could think of - their only limit being their imagination and their audience. I.e.: Upload a picture of whatever - scrambled text, a picture of a dog asking what animal is this?, a pic of a flower with text like 'what do plants need to live?', or a question (like: how many people are in this picture) - and provide the possible correct Captcha responses in another field (e.g. the text, 'dog', 'earth, water, sun, sunlight, sunshine', 3, etc).
I dont think this is the way to go.naimless wrote: Of course, the problem is that if Kunena were to implement this as a default, the total user base might again become big enough to make it worthwhile for the farmers to specialise in training their staff to recognise custom captchas. Plus, once it's solved, they don't even need humans anymore but can just use the same answer every time on your forum.
From a development point of view we'd rather support third party extensions, which will give the users a whole lot more opportunities. This is actually being talked about and slowly planned, but havent had big attention since its not possible with J1.5 and we need to move past that first
Google knows exactly what you're writing here, and I believe they use a lot more complex technologies for this purpose internally.naimless wrote: I mean - why does Google not use Recaptcha for most of its own services, for example, despite owning it? (Google's own captchas incidentally are illegible to humans half the time).
Of course they earn money on reCaptcha, but by not using it I'd say they by themselves support these arguments very well...
Edit:
More info on human solving of captchas: en.wikipedia.org/wiki/CAPTCHA#Human_solvers
Please Log in or Create an account to join the conversation.
New to all this, but have a spammer that has posted a thread on my forum and i cant delete it, keeps opening error 404 page when i click to open it. Can anyone help me in deleting this thread on my forum please?
Please Log in or Create an account to join the conversation.
Blue Eagle vs. Crypsis reference guide
Read my blog and
Please Log in or Create an account to join the conversation.
Sorry will do. Thought this was correct area. as it is different to my previous question couple of months back.
Please Log in or Create an account to join the conversation.