Merged How to protect my forum from spam

My site used to be a big target for forum spammers. Years ago, I'd have to monitor it every day when I used phpBB as the forum. When migrated to Kunena, it stopped a lot, but didn't stop altogether. I have JomSocial installed for the standard registration and there's a captcha there. I have the captcha enabled on Kunena as well and a limit of three posts where the captcha is required (after that, they don't need it). Even with both of these, I still get the occasional spam.

As LittleJohn mentioned, there are companies that "specialize" in trying to improve SEO by spamming forums. They have hundreds of people working for them and their job is to register on forums and post spam on as many places as they can (especially sites with a higher than average page rank). Since captcha wasn't made to stop "humans" (I put that word in quotes because they're the scourge of the Earth and far below humans), it won't stop them. There are telltale signs it's a human, like they've uploaded an avatar, filled out their profile and a few other activities that a bot wouldn't/couldn't do. They linger for a bit on your site—maybe a few days—then they blast you thinking that their posts will be overlooked. They copy/paste content from related sites mixed with their links to make it look like they are participating in a discussion with relevant information. These are just a few of the obvious things, but there are not-so-obvious ones too.

So if your Joomla registration is using a captcha (or your user system like CB or JomSocial) and you're using the Kunena captcha, you're doing the best anyone can to prevent forum spam (short of moderating every single post). Both Joomla and Kunena take security and spam very seriously so make sure both are up to date.

edit : ups sry, i post in wrong topic
sry again

whay again spamer can post? :S

CAPTCHA doesn't stop humans from posting spam. You can hire people to post spam (or resolve CAPTCHA challenges for bots), and it doesn't even cost much. But CAPCTHA will make spamming a lot slower than it used to be, so even people will go and try to find easier way to make their living.

See here how we are stopping spammers: lineboring.org/login/register

We require new users to demonstrate some knowledge of the topic.

A nice upgrade would be a hotlink in the "new user email notification" so that the admin could approve the new user without even logging in.

Currently the admin must login, find the new user, open the user, read the 'demonstration of knowledge' then approve the user.

Matias, agree that this seems what it has come down to - I thought about removing the ReCaptcha, but at the very least we can make the spammers spend some pointless money and time in solving Captchas (incidentally, I can only say this because of the SpamFighter extension, which now works even better than when I last posted and doesn't waste any of my time moderating and deleting spam).

Interesting approach beyondthenet...

Maybe something similar - involving customisation - is the future of spam fighting on Joomla sites?

Just thinking out loud here. The problem with re-captcha is that it is so widespread, so it makes sense for people to specialise solving recaptchas, and then spam across 1000s of smaller sites that all use Re-Captcha.

Obscurity and small size, here, would provide some security.

What about a Captcha system in Kunena where every admin could specify whatever Captcha challenge they could think of - their only limit being their imagination and their audience. I.e.: Upload a picture of whatever - scrambled text, a picture of a dog asking what animal is this?, a pic of a flower with text like 'what do plants need to live?', or a question (like: how many people are in this picture) - and provide the possible correct Captcha responses in another field (e.g. the text, 'dog', 'earth, water, sun, sunlight, sunshine', 3, etc).

The captcha would be static and would always have the same response, but 'human farms' of captcha solvers likely wouldn't bother with something this small or potentially requiring application of mind.

Of course, the problem is that if Kunena were to implement this as a default, the total user base might again become big enough to make it worthwhile for the farmers to specialise in training their staff to recognise custom captchas. Plus, once it's solved, they don't even need humans anymore but can just use the same answer every time on your forum.

I suggest this because for a couple of months I had a dirty hack which had a scrambled word XYZ image and normal HTML text below saying: "Type the text in the photo (hint, the word is XYZ)".

This was enough to fool 99% of spammers and enough for humans to be happy with.

Again, not necessarily suggesting that you code this into Kunena but I think allowing individual admins to customise their captcha will remove the economies of scale that 'captcha farmers' experience in selling ReCaptcha solving services.

I mean - why does Google not use Recaptcha for most of its own services, for example, despite owning it? (Google's own captchas incidentally are illegible to humans half the time).

naimless wrote: What about a Captcha system in Kunena where every admin could specify whatever Captcha challenge they could think of - their only limit being their imagination and their audience. I.e.: Upload a picture of whatever - scrambled text, a picture of a dog asking what animal is this?, a pic of a flower with text like 'what do plants need to live?', or a question (like: how many people are in this picture) - and provide the possible correct Captcha responses in another field (e.g. the text, 'dog', 'earth, water, sun, sunlight, sunshine', 3, etc).

These kinds of captchas have actually been gaining territory because of the reasons you mention here.

naimless wrote: Of course, the problem is that if Kunena were to implement this as a default, the total user base might again become big enough to make it worthwhile for the farmers to specialise in training their staff to recognise custom captchas. Plus, once it's solved, they don't even need humans anymore but can just use the same answer every time on your forum.

I dont think this is the way to go.
From a development point of view we'd rather support third party extensions, which will give the users a whole lot more opportunities. This is actually being talked about and slowly planned, but havent had big attention since its not possible with J1.5 and we need to move past that first

naimless wrote: I mean - why does Google not use Recaptcha for most of its own services, for example, despite owning it? (Google's own captchas incidentally are illegible to humans half the time).

Google knows exactly what you're writing here, and I believe they use a lot more complex technologies for this purpose internally.
Of course they earn money on reCaptcha, but by not using it I'd say they by themselves support these arguments very well...

Edit:
More info on human solving of captchas: en.wikipedia.org/wiki/CAPTCHA#Human_solvers

Hi All,

New to all this, but have a spammer that has posted a thread on my forum and i cant delete it, keeps opening error 404 page when i click to open it. Can anyone help me in deleting this thread on my forum please?

G'day, cass040. When you asked a related question about this a couple of months ago, did you find the information posted in that topic helped? It's a bit difficult to know what to do in your particular case and, maybe, it would be better to open a topic in the "common questions" category (include your configuration report - it will help a lot) rather than discuss the general question "what strategies can I use to avoid spam messages getting onto my forum." Does that sound reasonable to you?

Hi Sozzled,

Sorry will do. Thought this was correct area. as it is different to my previous question couple of months back.