Merged How to protect my forum from spam

gotanyglue wrote: how i handle spam users i have had 200 people reg and confirm the link, and then just spamming mosly from @123.com or @169.com should i delete or ban or is there a way to stop them

Ban - don´t delete. If you delete spammers they can use same email for regeristering your site again.

I have a good experience for this R Antispam . There is option for Kunena.

+ You should use captcha for registering

Im having the same issue and I'm using reCaptcha. This is an odd thing as there seems to be plenty of security to stop spam. I'm going to try running another antispam extension but am I missing something? Shouldn't Kunena be able to stop most spammer registration?


Thanks,
Mick

Guys, it's typically links on your forum that attracts them to your site in the first place. I have a no clickable link rule on mine.. They just have to omit the http:// and www. from the link (no url tags).

I am using IP Address Tracking to prevent spam on my forum by banning the network of the offender.
I recently upgraded to Joomla 2.5.9 and Kunena 2.0.4
Now, when I log in as administrator, the IP address of the posts no longer show up.
The item IP Address Tracking in the Security tab is set.
What can I do to revive the function?
Thanks.

Database collation check: The collation of your table fields are correct

Legacy mode: Disabled | Joomla! SEF: Enabled | Joomla! SEF rewrite: Disabled | FTP layer: Disabled |

This message contains confidential information

htaccess: Missing | PHP environment: Max execution time: 50 seconds | Max execution memory: 80M | Max file upload: 96M

Kunena menu details:

Warning: Spoiler!

ID	Name	Menutype	Link	Path
143	Forum	kunenamenu	view=home&defaultmenu=144	forum
144	Index	kunenamenu	view=category&layout=list	forum/index
145	Recente onderwerpen	kunenamenu	view=topics&layout=default&mode=replies	forum/recent
146	Nieuw onderwerp	kunenamenu	view=topic&layout=create	forum/nieuw-onderwerp
147	Geen reacties	kunenamenu	view=topics&layout=default&mode=noreplies	forum/geen-antwoorden
148	Mijn onderwerpen	kunenamenu	view=topics&layout=user&mode=default	forum/mijn-laatste
149	Profiel	kunenamenu	view=user	forum/profiel
150	Regels	kunenamenu	view=misc	forum/regels
151	Help	kunenamenu	view=misc	forum/help
152	Zoeken	kunenamenu	view=search	forum/zoeken
153	Forum	mainmenu	Itemid=143	2011-11-10-14-58-15

Joomla default template details : beez_20 | author: Angie Radtke | version: 2.5.0 | creationdate: 25 November 2009

Kunena default template details : Blue Eagle (default) | author: Kunena Team | version: 1.7.1 | creationdate: 2011-11-16

Kunena version detailed: Kunena 2.0.4 | 2013-01-18 [ Pharmacopoeia ]
| Kunena detailed configuration:

Warning: Spoiler!

Kunena config settings:
board_offline	0
enablerss	0
threads_per_page	20
messages_per_page	6
messages_per_page_search	15
showhistory	0
historylimit	6
shownew	0
disemoticons	0
template	default
showannouncement	0
avataroncat	0
catimagepath	category_images/
showchildcaticon	0
rtewidth	450
rteheight	300
enableforumjump	0
reportmsg	0
username	1
askemail	0
showemail	0
showuserstats	0
showkarma	0
useredit	1
useredittime	0
useredittimegrace	600
editmarkup	1
allowsubscriptions	1
subscriptionschecked	0
allowfavorites	1
maxsubject	50
maxsig	300
regonly	0
pubwrite	1
floodprotection	0
mailmod	0
mailadmin	1
captcha	1
mailfull	1
allowavatarupload	1
allowavatargallery	1
avatarquality	65
avatarsize	2048
imageheight	800
imagewidth	800
imagesize	150
filetypes	txt,rtf,pdf,zip,tar.gz,tgz,tar.bz2
filesize	120
showranking	0
rankimages	0
userlist_rows	30
userlist_online	0
userlist_avatar	0
userlist_name	1
userlist_posts	0
userlist_karma	0
userlist_email	0
userlist_usertype	0
userlist_joindate	0
userlist_lastvisitdate	0
userlist_userhits	0
latestcategory
showstats	0
showwhoisonline	0
showgenstats	0
showpopuserstats	0
popusercount	5
showpopsubjectstats	0
popsubjectcount	5
usernamechange	1
showspoilertag	1
showvideotag	1
showebaytag	0
trimlongurls	1
trimlongurlsfront	40
trimlongurlsback	20
autoembedyoutube	1
autoembedebay	1
ebaylanguagecode	en-us
sessiontimeout	1800
highlightcode	0
rss_type	topic
rss_timelimit	month
rss_limit	100
rss_included_categories
rss_excluded_categories
rss_specification	rss2.0
rss_allow_html	1
rss_author_format	name
rss_author_in_title	1
rss_word_count	0
rss_old_titles	1
rss_cache	900
defaultpage	recent
default_sort	asc
sef	1
sefutf8	0
showimgforguest	1
showfileforguest	1
pollnboptions	4
pollallowvoteone	1
pollenabled	0
poppollscount	5
showpoppollstats	0
polltimebtvotes	00:15:00
pollnbvotesbyuser	100
pollresultsuserslist	1
maxpersotext	50
ordering_system	replyid
post_dateformat	datetime
post_dateformat_hover	none
hide_ip	0
imagetypes	jpg,jpeg,gif,png
checkmimetypes	1
imagemimetypes	image/jpeg,image/jpg,image/gif,image/png
imagequality	50
thumbheight	32
thumbwidth	32
hideuserprofileinfo	put_empty
boxghostmessage	0
userdeletetmessage	0
latestcategory_in	0
topicicons	0
debug	0
catsautosubscribed	0
showbannedreason	0
version_check	1
showthankyou	0
showpopthankyoustats	0
popthankscount	5
mod_see_deleted	0
bbcode_img_secure	text
listcat_show_moderators	0
lightbox	1
show_list_time	720
show_session_type	0
show_session_starttime	0
userlist_allowed	1
userlist_count_users	1
enable_threaded_layouts	0
category_subscriptions	post
topic_subscriptions	every
pubprofile	0
thankyou_max	10
email_recipient_count	0
email_recipient_privacy	to
captcha_post_limit	1
keywords	0
userkeywords	0
image_upload	registered
file_upload	registered
topic_layout	flat
time_to_create_page	1
show_imgfiles_manage_profile	1
hold_newusers_posts	0
hold_guest_posts	0
attachment_limit	8
pickup_category	0
article_display	intro
send_emails	1
fallback_english	1
cache	1
cache_time	60
iptracking	1
rss_feedburner_url
enablepdf	0
jmambot	0
annmodid	62
changename	0
userlist_username	1
rules_infb	1
help_infb	1
onlineusers	0

| Kunena integration settings:

Warning: Spoiler!

Kunena - AlphaUserPoints Enabled: activity=1 avatar=1 profile=1 activity_points_limit=0
Kunena - Community Builder Enabled: access=1 login=1 activity=1 avatar=1 profile=1 private=1
Kunena - Gravatar Disabled
Kunena - JomSocial Enabled: access=1 login=1 activity=1 avatar=1 profile=1 private=1 activity_points_limit=0 activity_stream_limit=0
Kunena - Joomla Enabled: access=1 login=1
Kunena - Kunena Enabled: avatar=1 profile=1
Kunena - UddeIM Enabled: private=1

| Joomla! detailed language files installed:

Warning: Spoiler!

Joomla! languages installed:
en-GB	English (United Kingdom)
nl-NL	Dutch (NL)

Third-party components: None

Third-party SEF components: None

Plugins: None

Modules: None

Hey Sunny, I'm not quite sure what you mean by "no clickable link rule." Is this a personal rule or did you find this in Kunena? I haven't been able to find anything like that yet - any pointers???

Also, I have a VERY small forum right now at <15 topics. I thought the reCaptcha would be able to stop spam user registration but apparently not. It only started doing this about 2 weeks ago. Crazy!

Any help is appreciated, and I'll be sure to try to research this soon, but any pointers would be helpful in the mean time.

Thanks!
Mick

I've went to great pains to make sure my site has been properly updated, however due to other component limitations, I'm unable to update past Joomla! 1.5.26, however am at the current version of 2.0.4 for kunena. Despite this, I have random postings (3-7 daily) in Russian on my message board along with users who are not using my registration page to subscribe.

I need some help figuring out where these attacks are happening at.

:ohmy: Our web site, www.k5sar.com Kunena Forum is getting lots of SPAM posts. It is becoming a daily job deleting the bad posts and banning the user names that put them there.
As web master, I get e-mail notification of e-mails that cannot be delivered and that is how I get daily notification of SPAM posting. I then go in and delete then permanently delete and then find the user name a click on the “Ban the User Column”.
They just keep coming back with a new user name. Is there any way to stop this???
Carl

*** Topics merged ***

How people's websites become the target of spam is outside the purview of the Kunena product but there are many strategies that people can employ to reduce the incidence or, at the very least, make it more difficult for spam merchants to attack your website. The best strategy is to make it more difficult for people to register at your site. J! 2.5 includes built-in feature that can assist you. For instance, you can require that people need to enter a CAPTCHA code when they register or tick a box "I agree to the terms" before their registration becomes active (like we do here at K.org)

Another strategy is to use a plugin like Spambotcheck (look it up on the JED for more information, which is also something we do here.

You can also require that the first n posts must use CAPTCHA - this is something you can set in the Kunena configuration settings. You can also require that new users must use a category where all messages must be reviewed before they appear in the forum - but this means that you have to be prepared to look at those messages and approve them.

A lot of people expect that there should be lots of "automated", hands-off tools that will do these kinds of things for them but, as I have written many times in this topic, "the most effective defence against spam is vigilance." We're fairly vigilant here at K.org and that's why you will not see much spam on this website.

I hope that helps.

Hi Sozzled

I know it's a never-ending topic that you must be bored of, but I really think there's something big being missed here.

Sure, I understand and agree that forums require diligence to keep clean, etc, but I am almost convinced now that something is not working as it should with the Kunena Captcha implementation.

Please try this as an experiment on your forum (or here, on k.org). Open up a board to guests (with Captcha check enabled). It will look as though Captcha checks are working fine when using the front-end from a browser, but within a few days or so I'd predict you'll get swamped and swamped by hundreds spammy messages that somehow seem to completely ignore the captcha (or have found a really cheap way of cracking or bruteforcing re-captcha).

My Joomla/Jomsocial user-registrations use Re-captcha too, and there we maybe get one spammy registration every few days (that are very obviously done by someone manually creating an account, so they're easy to promptly deal with by diligence). But on the Captcha protected forum we'd get at least 10 or 20 a day who get past Re-Captcha. Surely Re-Captcha can't be so utterly ineffective?

The j_antispam plugin I was espousing earlier, sort of stopped doing its job properly, so, yesterday I found this plugin:
extensions.joomla.org/extensions/access-...urity/captcha/11964/

Have set it to a permanent answer to a simple idiot question that literally spells out the answer, and I haven't received a single spam post since (that plugin also has more complex maths, recaptcha, etc options). Suffice it to say, HIGHLY recommended.

However, this really does lead me to believe that some clever spammer has found a way to post to Kunena as a guest without having to validate the Re-captcha. I'm not trying to be a pain, but is there any remote way that this is technically possible or that there is a bug in Kunena's spam checking / Re-captcha integration code?

Hello,

someone is hacking kunena forums from the last 2 days : inserting topics about viagra,...
I am not the only one forum so i think it is a security issue of kunena 2.0.4


it seems he is not using frontend submission form he appear as a member without beeing registred...

Have a look :
www.google.fr/search?q=kunena+Tentozeron...675&biw=1255&bih=886
search for "kunena Tentozeron" on google

Can you help us on that ?
thanks in advance
loïc