- Posts: 51
- Thank you received: 3
- Forum
- Community self help
- Kunena and other Joomla extensions
- Miscellaneous, off-topic and general Joomla
- How to protect my forum from spam
Blue Eagle 5 v1.6.2 has been Released for Kunena 5.2 (20 Jan 2021)
The Kunena team has announce the arrival of Kunena template Blue Eagle 5 v1.6.2 which is now available for download. This version addresses most of the issues that were discovered in development.
REQUIREMENTS
Blue Eagle 1.6.x requires Kunena 5.2.x to work with
Merged How to protect my forum from spam
someone is hacking kunena forums from the last 2 days : inserting topics about viagra,...
I am not the only one forum so i think it is a security issue of kunena 2.0.4
it seems he is not using frontend submission form he appear as a member without beeing registred...
Have a look :
www.google.fr/search?q=kunena+Tentozeron...675&biw=1255&bih=886
search for "kunena Tentozeron" on google
Can you help us on that ?
thanks in advance
loïc
Please Log in or Create an account to join the conversation.
When you see entire forums riddled with that garbage you have to know that the administrators have basically abandoned the website--or have no idea how to use Joomla! If that was a genuine security issue, you would see spam at this website, given the traffic it generates.
So where to begin? Well, you make sure Joomla! is up-to-date. Then you make sure you're running the latest Kunena. Your 2.0.4 is most recent. Next, you think about your access rules and Kunena configuration settings. Is your forum open for all the world to see? Are you using any form of captcha? Are you using lousy third-party software that have given spammers a way in? Perhaps the problem is your hosting company.
I encourage you to work inside-out (rather than outside-in) because I really think that if the 2.0.x series had a legitimate security break for spammers, this website would be replete with frantic reports of SPAM infiltration.
We are all getting hit with SPAM attacks every day and every hour. The difference is that some Joomla! websites don't defend the attacks--and then you get to see those charming Viagra ads.
Please Log in or Create an account to join the conversation.
Allowing non-registered users (I.e. guests) to post at K.org is something we would never do; on a more personal note, it's not something I would allow on any forum that I have built. Allowing the posting of material on a forum, without requiring the need to be logged-in first, is an almost open invitation to those who post spam on the millions of websites around the world to say "Post your spam here".naimless wrote: Please try this as an experiment on your forum (or here, on k.org). Open up a board to guests (with Captcha check enabled). It will look as though Captcha checks are working fine when using the front-end from a browser, but within a few days or so I'd predict you'll get swamped and swamped by hundreds spammy messages that somehow seem to completely ignore the captcha (or have found a really cheap way of cracking or bruteforcing re-captcha).
CAPTCHA is not spam-proof. Indeed, there is a whole industry built around evading and overcoming CAPTCHA defences. I'm not saying that CAPTCHA is ineffective. I am, however, saying that Kunena is not the only web-based discussion forum product using CAPTCHA that is less immune to spam attacks than any other web-based discussion forum product. The reason that this discussion seems to be making a lot of noise about Kunena, in particular, is because Kunena is the most popular forum discussion extension for Joomla. It's because there are hundreds of thousands if websites around the world that use Kunena that there are potentially thousands of opportunities for spammers to ply their trade. The spread of spam is made easier if people do to take appropriate measures to combat it.
Allowing people to post on your website, without first requiring them to register at your website, is the first step in allowing the posting of spam on your forum. I understand that there are many people who want "guests" to post on their forums but, in allowing this, they also should be aware of the associated risks.
I am not bored with this subject. I gain useful knowledge from reading what people have to say and suggest. But I would also ask people to remember that this topic is not "Dear Sozzled, what do you have to say about spam". As with everything else on this forum, this topic is for everyone to pitch in and discuss the issues.
Let me make two points very clear. Firstly, there are many automated methods to combat spam; I have yet to find any one method that is 100% spam-proof. Secondly, spam happens and that's just something we have to accept as a fact; spam does not completely evaporate despite the best anti-spam measures you've put in place.
There are ways to reduce how much spam your forum can receive.
CAPTCHA is good. Protecting your site by implementing more rigorous registration is better. Requiring that only logged-in accounts can post in your forum is better again. But the most effective defence against spam is vigilance.
Blue Eagle vs. Crypsis reference guide
Read my blog and

Please Log in or Create an account to join the conversation.
Another spammer found my forum after installing the easycalc captcha plugin (this spammer strangely only posts in Polish or some such - the old viagra, etc ones have disappeared). I've tried 4 different Captcha methods in the plugin, including Re-Captcha, and each of them has been rapidly cracked (with a break of an hour or two after changing the method).
So, again, apologies - Kunena is clearly working as well as any other solution out there.
Sozzled, I think you're right - when allowing guests to post it seems to be simply practically impossible to protect the forum using ReCaptcha (or any other Captcha), except for possibly a very obscure custom captcha or code that doesn't have the economies of scale to make it worthwhile for spammers.
Will consider disabling guest posts, though that would be a real shame.
Until then, I hope the spammy bastards all die a painful death one day.
Cheers!

Please Log in or Create an account to join the conversation.
The aim of this is pretty obviously a spammer trying to post - quite a few similar requests come in every day.
This doesn't seem to work when I try it in my browser, but out of interest - is the aim of this to try and automatically get past the Captcha and the like?
Anyway, not sure what it means, but thought would share, maybe someone cleverer than me could do something with it or maybe even block these kind of misshapen requests directly in future if they serve no legitimate purpose?
"GET /index.php?option=com_kunena&view=topic&layout=create&catid=8&Itemid=622+Result:+GET-timeouts+1;+chosen+nickname+%22wafPhoravar%22;+ReCaptcha+decoded;+%28JS%29;+logged+in;+success+-+posted+to+%22Events+calendar%22;+BB-code+not+working;+Result:+GET-timeouts+1;+chosen+nickname+%22Hiecredia%22;+captcha+recognized;+registered+%28registering+only+mode+is+ON%29;+Result:+chosen+nickname+%22Insurgefrerie%22;+ReCaptcha+decoded;+%28JS%29;+registered+%28registering+only+mode+is+ON%29; HTTP/1.1" 200 42635 "https://chanelonlinebay.webs.com" "Opera/9.80 (X11; Linux i686) Presto/2.12.388 Version/12.10"
Please Log in or Create an account to join the conversation.
Our site: www.12tharmoreddivisiomassociation.us
Please Log in or Create an account to join the conversation.
extensions.joomla.org/extensions/access-...pam-protection/14027
It have worked for me

Please Log in or Create an account to join the conversation.
Blue Eagle vs. Crypsis reference guide
Read my blog and

Please Log in or Create an account to join the conversation.
Also in FB, they have set an algorithm which will consider a user a spammer if the user posts more than 5 comments in less than 10 secs.
Please Log in or Create an account to join the conversation.
Configuration > Security > Flood Protection, defaults to being off (just like in FB).
Please Log in or Create an account to join the conversation.
Forum Access
- Not Allowed: to create new topic.
- Not Allowed: to reply.
- Not Allowed: to edit your message.
- Forum
- Community self help
- Kunena and other Joomla extensions
- Miscellaneous, off-topic and general Joomla
- How to protect my forum from spam