- Posts: 230
- Thank you received: 5
Kunena 5.1.14 Released - Security release (13 Aug 2019)
The Kunena team is proud to announce the arrival of Kunena 5.1.14 [K5.1.14] which is now available for download as a native Joomla extension for Joomla 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1.14. This update fixed 1 security issue.
If you are having problems then, for your own benefit, it would save us all a lot of time if you would kindly post your configuration report when you ask for help from this forum. If you do not post your configuration report we will not ask you for it but you will probably not get your problem solved, either.
Question Why Kunena is so weak to against spambots?
However, I got thousands of spam posts on my forum soon after I purged them. Some spambots can even login my website frontend and post messages AFTER I had already set the whole website "offline" in General Configuration of Joomla backend.
I had already enabled CAPTCHA and "anti spam flood" options in Kunena Configurations. But spam posts still come in.
Could you please make Kunena more strong to against spambots?
Chinese Joomla Users' Portal
I am sure they are "bots" because they can post more than 37 thousand posts with random topics in about 3 days, and spreaded in all subforums of my Kunena. Do you think a real human can do this, manually?
It is very clear that Kunena can not prevent those spam messages, even after I had already enabled "a user must wait 600 seconds to post again".
Could you please improve Kunena to stop spam messages? For example, limit the maximum number of messages a single user can post in a single day?
Chinese Joomla Users' Portal
600 sec are 10 minutes. So can a user send maximum 4320 posts in a time period of 3 days, not 37 thousand.
I am sure they are "bots" because they can post more than 37 thousand posts with random topics in about 3 days, and spreaded in all subforums of my Kunena.
I see it here on k.org. Some spam users post always the same quanity of 5 posts. Short time later comes the same spam from another user (also 5 posts) and so on. So I think, a post limit per day would not be helpfull.
Try this from the user Slacker recommended plugin, I hope for you, that it solves the problem.
First delete from Joomla users the bots.
Then you can just enable in your Joomla backend that an admin (you) must approve and activate the user when any user account is created.
So the bots with this way they can't post anything because when they automatically register to your site they must first be approved by you to be activated so to can proceed to login and post.
So if you see that strange name of users have been created (for example john5558886398fddf) then you don't enable this user at all and you delete him also from Joomla users and you will have no posts from bots. Also if you bored after some days to manually enable the users, you can deactivate it and again the registration will become again automatically, so if you see again bots , then you re-enable for some time again the admin approved registration.
Give it some days and I think you'll be fine if the bots see that they cannot login automatically and probably they will stop trying after some time.
And of course to be sure, check your website for any outdated extension / malware etc to be sure you are clean and up to date.
This is how I protect (for now successfully) against spammers:
1. protect joomla user registration with reCaptcha (invisible): this will 'force' the spammers to do a manual action when registering
2. I have (my own) plugin ochStopDMR enabled ( extensions.joomla.org/extension/ochstopdmr/ ): This will stop spammers from registering with Disposable Emails
3. activitate users by sending activation link they need to click
4. install R-AntiSpam ( extensions.joomla.org/extension/r-antispam/ ): heuristics based spam detection for Kunena > works miracles and has an occasional false positive that can be easily corrected / learned from
5. set reCaptcha (invisible) for anonymous users when posting in Kunena
6. set a limit to the amount of URL's a post can have
This setup keeps my sites clear from spam accounts, and in the categories where visitors can also post they are prompted with the recaptcha and R-Antispam will catch the smart ones.
I host my sites with SiteGround, they automatically block IP-addresses they are known to try to hack / spam a site. They also use the experience from all their hosted sites, not only from my site. When they introduced this feature, directly the ddos / bot-logins where minimized to 0. I think the blocked spam-bot networks that are trying to login are potentially also the bots that send spam. So although I have no prove my gut feeling is that this will also limit the amount of spam... but: Kunena is also hosting at SiteGround and here on the forum is the daily amount of spam messages also worrying.
sharing = caring
- Not Allowed: to create new topic.
- Not Allowed: to reply.
- Not Allowed: to edit your message.