Question Why Kunena is so weak to against spambots?

I am running Kunena 5.1.12.1 on Joomla 3.9.4, both are the latest version.

However, I got thousands of spam posts on my forum soon after I purged them. Some spambots can even login my website frontend and post messages AFTER I had already set the whole website "offline" in General Configuration of Joomla backend.

I had already enabled CAPTCHA and "anti spam flood" options in Kunena Configurations. But spam posts still come in.

Could you please make Kunena more strong to against spambots?

Thank you.

Kunena has no own registration and no own users. If you use in Kunena the register button, you get only a redirect to your Joomla registration. Users which are registered in Joomla, are then also Kunena users. If you want to prevent to register spam bots so you must do this with Joomla tools. Please read this topic, it is a similar question: www.kunena.org/forum/general-questions-a...-about-strange-users

I understand that those spambots registered via Joomla , not Kunena. But, they posted those spam messages via Kunena, not Joomla, right?
I am sure they are "bots" because they can post more than 37 thousand posts with random topics in about 3 days, and spreaded in all subforums of my Kunena. Do you think a real human can do this, manually?

It is very clear that Kunena can not prevent those spam messages, even after I had already enabled "a user must wait 600 seconds to post again".

Could you please improve Kunena to stop spam messages? For example, limit the maximum number of messages a single user can post in a single day?

Thank you.

Use this extension to protect Joomla and Kunena from spambots. It has a mathematical problem:
extensions.joomla.org/extension/easycalccheck-plus/

I am sure they are "bots" because they can post more than 37 thousand posts with random topics in about 3 days, and spreaded in all subforums of my Kunena.

600 sec are 10 minutes. So can a user send maximum 4320 posts in a time period of 3 days, not 37 thousand.
I see it here on k.org. Some spam users post always the same quanity of 5 posts. Short time later comes the same spam from another user (also 5 posts) and so on. So I think, a post limit per day would not be helpfull.

Try this from the user Slacker recommended plugin, I hope for you, that it solves the problem.

There is a very simple solution that no extension required, just nothing, only native Joomla.

First delete from Joomla users the bots.

Then you can just enable in your Joomla backend that an admin (you) must approve and activate the user when any user account is created.

So the bots with this way they can't post anything because when they automatically register to your site they must first be approved by you to be activated so to can proceed to login and post.

So if you see that strange name of users have been created (for example john5558886398fddf) then you don't enable this user at all and you delete him also from Joomla users and you will have no posts from bots. Also if you bored after some days to manually enable the users, you can deactivate it and again the registration will become again automatically, so if you see again bots , then you re-enable for some time again the admin approved registration.

Give it some days and I think you'll be fine if the bots see that they cannot login automatically and probably they will stop trying after some time.

And of course to be sure, check your website for any outdated extension / malware etc to be sure you are clean and up to date.

Hi,
This is how I protect (for now successfully) against spammers:
1. protect joomla user registration with reCaptcha (invisible): this will 'force' the spammers to do a manual action when registering
2. I have (my own) plugin ochStopDMR enabled ( extensions.joomla.org/extension/ochstopdmr/ ): This will stop spammers from registering with Disposable Emails
3. activitate users by sending activation link they need to click
4. install R-AntiSpam ( extensions.joomla.org/extension/r-antispam/ ): heuristics based spam detection for Kunena > works miracles and has an occasional false positive that can be easily corrected / learned from
5. set reCaptcha (invisible) for anonymous users when posting in Kunena
6. set a limit to the amount of URL's a post can have

This setup keeps my sites clear from spam accounts, and in the categories where visitors can also post they are prompted with the recaptcha and R-Antispam will catch the smart ones.

I host my sites with SiteGround, they automatically block IP-addresses they are known to try to hack / spam a site. They also use the experience from all their hosted sites, not only from my site. When they introduced this feature, directly the ddos / bot-logins where minimized to 0. I think the blocked spam-bot networks that are trying to login are potentially also the bots that send spam. So although I have no prove my gut feeling is that this will also limit the amount of spam... but: Kunena is also hosting at SiteGround and here on the forum is the daily amount of spam messages also worrying.

I use Cleantalk plugin for Joomla which has been a godsend and really effective on keeping out spam and such. It costs about $8 per year for 3 websites, which makes it a no brainer budget wise. In the past year I think we have had maybe 3 spammers get through and no bots. I have a fairly busy site with about 7,900 registered users, mainly on the forum. I don't get a kickback and am not affiliated with them, but do use the product on several sites with great results.

www.Yamaha-Enduros.com