Sticky How to protect my forum from spam

I see this:
'Du hast keinen Zugang zu diesem Forum!'
Good. The restrictions apply.

Next question:
'How can a spam bot post into such a forum without even being logged into joomla?'

Well, imo, 1) the bots either found a hole in the application / your server or 2) the bots created themself as users, logs in and posts spam (which is not unrealistic).

Why are they targeting catid 9?
It could be random or on purpose (maybe from old urls?)
Anyhow, I fail to see why 9 is a better option than fx. 1.

More info please:
- Is the posts really not from logged in users? (Joomla/kunena/other components login)
- Is the posts from many ips - or just a few ips? (can you post some or look them up to see if they are in spamdatabase)
- Does cat 9 have anything in it, that has security of 'Everybody'?
- Is there anything in apache logs releaving the http referrer of the bots?
- Can you see (in apache logs) if bots only hit one page at a time or they hit multiple pages in one visit?

Every couple of months I trawl through the offerings at the Joomla Extensions Directory for better solutions to tightening security on my websites. I encourage all users to follow my example and make it a practice to visit the JED.

Obviously, site security starts with user registration. It doesn't end there, of course, but this is where I think it's necessary to put most of your effort. If "undesirables" can't get into your site then they can't cause mischief.

For this reason (and mainly for this reason) I have used Community Builder. It doesn't solve all my user registration problems but it does help. For a long time, however, I have not been too happy with Community Builder lacking a CAPTCHA facility - there are alternatives - but I also wanted to share one idea that I recently saw in the JED: CB Passphrase .

This plugin ads a Passphrase Field to the Community Builder Registration. After making this module published and defining the passphrase in the Plugin Management Section of Community Builder, only users entering the correct passphrase are able to register. It is intended for closed communities, just mail your targeted group the passphrase you have defined.

If you're developing a website for a closed group then this idea may help stop intruders from registering.

I realise that this isn't what was asked at the outset - how to stop spammers from infiltrating an open forum - but open forums are a lot more difficult to protect.

100 percent of my spam has links to other websites. I really think that the simplest solution would be:

Moderate posts with urls automatically?

jeff_j_dunlap wrote:

100 percent of my spam has links to other websites. I really think that the simplest solution would be:

Moderate posts with urls automatically?

That's a good suggestion. Why not submit it to UserVoice ?

Yes it is.

I also saw this thread, which could help admins on the same quest:
www.kunena.com/forum/119-feature-request...g-able-to-post-links

Sozzled, I registered then tried submitting to UserVoice but didn't see an option for posting a suggestion. Anyway, Mr. VMax, I mean fxstein said that he's adding this to his list.

I'm really glad about this because each morning, I have to go in to my forum to clean up a bunch of undesirable posts that discredit my website.