Question Why Kunena is so weak to against spambots?

I am running Kunena 5.1.12.1 on Joomla 3.9.4, both are the latest version.

However, I got thousands of spam posts on my forum soon after I purged them. Some spambots can even login my website frontend and post messages AFTER I had already set the whole website "offline" in General Configuration of Joomla backend.

I had already enabled CAPTCHA and "anti spam flood" options in Kunena Configurations. But spam posts still come in.

Could you please make Kunena more strong to against spambots?

Thank you.

Kunena has no own registration and no own users. If you use in Kunena the register button, you get only a redirect to your Joomla registration. Users which are registered in Joomla, are then also Kunena users. If you want to prevent to register spam bots so you must do this with Joomla tools. Please read this topic, it is a similar question: www.kunena.org/forum/general-questions-a...-about-strange-users

I understand that those spambots registered via Joomla , not Kunena. But, they posted those spam messages via Kunena, not Joomla, right?
I am sure they are "bots" because they can post more than 37 thousand posts with random topics in about 3 days, and spreaded in all subforums of my Kunena. Do you think a real human can do this, manually?

It is very clear that Kunena can not prevent those spam messages, even after I had already enabled "a user must wait 600 seconds to post again".

Could you please improve Kunena to stop spam messages? For example, limit the maximum number of messages a single user can post in a single day?

Thank you.

Use this extension to protect Joomla and Kunena from spambots. It has a mathematical problem:
extensions.joomla.org/extension/easycalccheck-plus/

I am sure they are "bots" because they can post more than 37 thousand posts with random topics in about 3 days, and spreaded in all subforums of my Kunena.

600 sec are 10 minutes. So can a user send maximum 4320 posts in a time period of 3 days, not 37 thousand.
I see it here on k.org. Some spam users post always the same quanity of 5 posts. Short time later comes the same spam from another user (also 5 posts) and so on. So I think, a post limit per day would not be helpfull.

Try this from the user Slacker recommended plugin, I hope for you, that it solves the problem.

There is a very simple solution that no extension required, just nothing, only native Joomla.

First delete from Joomla users the bots.

Then you can just enable in your Joomla backend that an admin (you) must approve and activate the user when any user account is created.

So the bots with this way they can't post anything because when they automatically register to your site they must first be approved by you to be activated so to can proceed to login and post.

So if you see that strange name of users have been created (for example john5558886398fddf) then you don't enable this user at all and you delete him also from Joomla users and you will have no posts from bots. Also if you bored after some days to manually enable the users, you can deactivate it and again the registration will become again automatically, so if you see again bots , then you re-enable for some time again the admin approved registration.

Give it some days and I think you'll be fine if the bots see that they cannot login automatically and probably they will stop trying after some time.

And of course to be sure, check your website for any outdated extension / malware etc to be sure you are clean and up to date.