×
Kunena 5.1.14 Released - Security release (13 Aug 2019)

The Kunena team is proud to announce the arrival of Kunena 5.1.14 [K5.1.14] which is now available for download as a native Joomla extension for Joomla 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1.14. This update fixed 1 security issue.

× This is for users to help other users, to discuss topics that are related to forum administration in general or problems in running Joomla. This is not the place to ask for Joomla support. If you want assistance with Joomla please ask at forum.joomla.org

Merged How to protect my forum from spam

More
6 years 7 months ago #331 by skybax
The following user(s) said Thank You: gotanyglue

Please Log in or Create an account to join the conversation.

More
6 years 7 months ago #332 by Admata

gotanyglue wrote: how i handle spam users i have had 200 people reg and confirm the link, and then just spamming mosly from @123.com or @169.com should i delete or ban or is there a way to stop them

Ban - don´t delete. If you delete spammers they can use same email for regeristering your site again.

I have a good experience for this R Antispam . There is option for Kunena.

+ You should use captcha for registering ;)
The following user(s) said Thank You: gotanyglue

Please Log in or Create an account to join the conversation.

More
6 years 7 months ago #333 by micklongley
Im having the same issue and I'm using reCaptcha. This is an odd thing as there seems to be plenty of security to stop spam. I'm going to try running another antispam extension but am I missing something? Shouldn't Kunena be able to stop most spammer registration?


Thanks,
Mick

Please Log in or Create an account to join the conversation.

More
6 years 7 months ago #334 by sunny33days
Guys, it's typically links on your forum that attracts them to your site in the first place. I have a no clickable link rule on mine.. They just have to omit the https:// and www. from the link (no url tags).

Please Log in or Create an account to join the conversation.

More
6 years 7 months ago - 6 years 7 months ago #335 by straetch
I am using IP Address Tracking to prevent spam on my forum by banning the network of the offender.
I recently upgraded to Joomla 2.5.9 and Kunena 2.0.4
Now, when I log in as administrator, the IP address of the posts no longer show up.
The item IP Address Tracking in the Security tab is set.
What can I do to revive the function?
Thanks.

This message contains confidential information

Database collation check: The collation of your table fields are correct

Legacy mode: Disabled | Joomla! SEF: Enabled | Joomla! SEF rewrite: Disabled | FTP layer: Disabled |

This message contains confidential information
htaccess: Missing | PHP environment: Max execution time: 50 seconds | Max execution memory: 80M | Max file upload: 96M

Kunena menu details:

Warning: Spoiler! [ Click to expand ]

Joomla default template details : beez_20 | author: Angie Radtke | version: 2.5.0 | creationdate: 25 November 2009

Kunena default template details : Blue Eagle (default) | author: Kunena Team | version: 1.7.1 | creationdate: 2011-11-16

Kunena version detailed: Kunena 2.0.4 | 2013-01-18 [ Pharmacopoeia ]
| Kunena detailed configuration:

Warning: Spoiler! [ Click to expand ]
| Kunena integration settings:
Warning: Spoiler! [ Click to expand ]
| Joomla! detailed language files installed:
Warning: Spoiler! [ Click to expand ]

Third-party components: None

Third-party SEF components: None

Plugins: None

Modules: None

Last edit: 6 years 7 months ago by straetch. Reason: adding configuration

Please Log in or Create an account to join the conversation.

More
6 years 7 months ago #336 by micklongley
Hey Sunny, I'm not quite sure what you mean by "no clickable link rule." Is this a personal rule or did you find this in Kunena? I haven't been able to find anything like that yet - any pointers???

Also, I have a VERY small forum right now at <15 topics. I thought the reCaptcha would be able to stop spam user registration but apparently not. It only started doing this about 2 weeks ago. Crazy!

Any help is appreciated, and I'll be sure to try to research this soon, but any pointers would be helpful in the mean time.

Thanks!
Mick

Please Log in or Create an account to join the conversation.

More
6 years 7 months ago #337 by gcollier02
I've went to great pains to make sure my site has been properly updated, however due to other component limitations, I'm unable to update past Joomla! 1.5.26, however am at the current version of 2.0.4 for kunena. Despite this, I have random postings (3-7 daily) in Russian on my message board along with users who are not using my registration page to subscribe.

I need some help figuring out where these attacks are happening at.

Please Log in or Create an account to join the conversation.

More
6 years 7 months ago #338 by carlbeck
:ohmy: Our web site, www.k5sar.com Kunena Forum is getting lots of SPAM posts. It is becoming a daily job deleting the bad posts and banning the user names that put them there.
As web master, I get e-mail notification of e-mails that cannot be delivered and that is how I get daily notification of SPAM posting. I then go in and delete then permanently delete and then find the user name a click on the “Ban the User Column”.
They just keep coming back with a new user name. Is there any way to stop this???
Carl

Please Log in or Create an account to join the conversation.

More
6 years 7 months ago - 6 years 6 months ago #339 by sozzled
*** Topics merged ***

How people's websites become the target of spam is outside the purview of the Kunena product but there are many strategies that people can employ to reduce the incidence or, at the very least, make it more difficult for spam merchants to attack your website. The best strategy is to make it more difficult for people to register at your site. J! 2.5 includes built-in feature that can assist you. For instance, you can require that people need to enter a CAPTCHA code when they register or tick a box "I agree to the terms" before their registration becomes active (like we do here at K.org)

Another strategy is to use a plugin like Spambotcheck (look it up on the JED for more information, which is also something we do here.

You can also require that the first n posts must use CAPTCHA - this is something you can set in the Kunena configuration settings. You can also require that new users must use a category where all messages must be reviewed before they appear in the forum - but this means that you have to be prepared to look at those messages and approve them.

A lot of people expect that there should be lots of "automated", hands-off tools that will do these kinds of things for them but, as I have written many times in this topic, "the most effective defence against spam is vigilance." We're fairly vigilant here at K.org and that's why you will not see much spam on this website.

I hope that helps.
Last edit: 6 years 6 months ago by sozzled.

Please Log in or Create an account to join the conversation.

More
6 years 6 months ago #340 by naimless
Hi Sozzled

I know it's a never-ending topic that you must be bored of, but I really think there's something big being missed here.

Sure, I understand and agree that forums require diligence to keep clean, etc, but I am almost convinced now that something is not working as it should with the Kunena Captcha implementation.

Please try this as an experiment on your forum (or here, on k.org). Open up a board to guests (with Captcha check enabled). It will look as though Captcha checks are working fine when using the front-end from a browser, but within a few days or so I'd predict you'll get swamped and swamped by hundreds spammy messages that somehow seem to completely ignore the captcha (or have found a really cheap way of cracking or bruteforcing re-captcha).

My Joomla/Jomsocial user-registrations use Re-captcha too, and there we maybe get one spammy registration every few days (that are very obviously done by someone manually creating an account, so they're easy to promptly deal with by diligence). But on the Captcha protected forum we'd get at least 10 or 20 a day who get past Re-Captcha. Surely Re-Captcha can't be so utterly ineffective?

The j_antispam plugin I was espousing earlier, sort of stopped doing its job properly, so, yesterday I found this plugin:
extensions.joomla.org/extensions/access-...urity/captcha/11964/

Have set it to a permanent answer to a simple idiot question that literally spells out the answer, and I haven't received a single spam post since (that plugin also has more complex maths, recaptcha, etc options). Suffice it to say, HIGHLY recommended.

However, this really does lead me to believe that some clever spammer has found a way to post to Kunena as a guest without having to validate the Re-captcha. I'm not trying to be a pain, but is there any remote way that this is technically possible or that there is a bug in Kunena's spam checking / Re-captcha integration code?

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Time to create page: 0.105 seconds