I see this:
'Du hast keinen Zugang zu diesem Forum!'
Good. The restrictions apply.

Next question:
'How can a spam bot post into such a forum without even being logged into joomla?'

Well, imo, 1) the bots either found a hole in the application / your server or 2) the bots created themself as users, logs in and posts spam (which is not unrealistic).

Why are they targeting catid 9?
It could be random or on purpose (maybe from old urls?)
Anyhow, I fail to see why 9 is a better option than fx. 1.

More info please:
- Is the posts really not from logged in users? (Joomla/kunena/other components login)
- Is the posts from many ips - or just a few ips? (can you post some or look them up to see if they are in spamdatabase)
- Does cat 9 have anything in it, that has security of 'Everybody'?
- Is there anything in apache logs releaving the http referrer of the bots?
- Can you see (in apache logs) if bots only hit one page at a time or they hit multiple pages in one visit?

Hi!

Thanks for your reply.

I am aware of the fact, that an open-to-everybody forum attracts spam bots. But in this case, the forum into which the spam posts are posted is a restricted one (only visible and accessable to admin-rank or higher). And that is even only possible, as i have created the forum with catid = 9 after the spam posts were made. Before that, the forum didn't even exist.

How can a spam bot post into such a forum without even being logged into joomla?

The URL of the forum is
aufdenklippen.de/index.php?option=com_ku...func=showcat&catid=9

Thank you for providing us with the information. It must have taken you a long time to do and I appreciate your efforts. At first glance, these are my comments (shown in red) - where I have not commented this means that the setting is unimportant or not likely to have any bearing on the problem.

Board title = Forum na Zelniku
Board e-mail = [email protected]
forum offline = no
Time delay = 0
Session lifetime = 1800
forum offline message - didn't change
enable RSS = no Unrelated to email issue but you might consider changing this back to Yes. Why not?
default RSS type = by thread
RSS History = 1 Month
Enable PDF creation = yes

SEF URLs = yes
Do not use Category IDs = no
Enable utf8 support = no

topics per page = 20
messages per page = 6
Search results = 15
Show history = yes
history length = 6
Show new posts = yes
New indicator = NOVO!
Joomla Mambot Support = no
Disable emoticons = no
Template = 200907_the_pearl_green_153 This could be a contributing factor: suggest default_ex instead
Images = 200907_the_pastel_green_153 This could be a contributing factor: suggest default_ex instead
Default Kunena page = Recent discussions
Use Joomla Style? = no
Show Announcement = no Suggest you change to Yes
Show avatar in category list = yes
Category Image Path = category_images/
Number of subcategories = 2
Show subcategory images = yes
Announcement Moderator IDs = 62
Textarea width = 450
Textarea height = 300
enable rules page = no
Show rules on board = no
Rules Content ID = 1
external rules link = www.bestofjoomla.com/
Enable Jump to Forum = no Unrelated to email issue but you might consider changing it back to Yes
Report posts = yes

Use username = yes
Demand e-mail = no
Show e-mail = no
Show user stats = yes
use chart = yes
number of color = 9
Show Karma = yes
Edit time = 0
User edit time = 600
Show 'edited' = yes
enable subscriptions = no ? relevance to the email problem; the inital/default value is Yes
subscribe by default = no Good idea!
enable favourites = no Probably unrelated to email problem but, is there some reason why this was changed?

Break wrds longer than = 250
Max title length = 50
Max. signature length = 300

Only registred users = no
Enable name change = no
public read/write = no
flood protection = 0
email moderators = no This is the original/default setting
Email Administrators = no This is also original/default setting;. This is the setting we are discussing if this is what is causing the problems
spam protection = no
include complete post content in the e-mail = yes

allow avaters = yes
enable avatar upload = yes
enable avatar gallery = yes
image processor = none
h=50
w=50
h=100
w=100
h=250
w=250
Max avatar size=2048
Avatar quality = 65

Enaple public image upload = no
Enable registered image upload = yes
max height = 800
max width = 800
max size in kb = 150

enable public file upload = no
enable registered file upload = yes
allowed file types = zip,txt,doc,gz,tgz
max file size in kb = 120

Ranking = yes
Use rank images = yes

I think we need a few more pairs of eyes to look into this situation before we can conclusively determine that we have a problem or not with K 1.5.8.

Why is then than so many dangerous options left to the stupid user like me so that I can brake everything.

But you convinced me anyway. I'm using another translation, all the expressions may not be exactly the same. Here you are:

Board title = Forum na Zelniku
Board e-mail = [email protected]
forum offline = no
Time delay = 0
Session lifetime = 1800
forum offline message - didn't change
enable RSS = no
default RSS type = by thread
RSS History = 1 Month
Enable PDF creation = yes

SEF URLs = yes
Do not use Category IDs = no
Enable utf8 support = no

topics per page = 20
messages per page = 6
Search results = 15
Show history = yes
history length = 6
Show new posts = yes
New indicator = NOVO!
Joomla Mambot Support = no
Disable emoticons = no
Template = 200907_the_pearl_green_153
Images = 200907_the_pastel_green_153
Default Kunena page = Recent discussions
Use Joomla Style? = no
Show Announcement = no
Show avatar in category list = yes
Category Image Path = category_images/
Number of subcategories = 2
Show subcategory images = yes
Announcement Moderator IDs = 62
Textarea width = 450
Textarea height = 300
enable rules page = no
Show rules on board = no
Rules Content ID = 1
external rules link = www.bestofjoomla.com/
Enable Jump to Forum = no
Report posts = yes

Use username = yes
Demand e-mail = no
Show e-mail = no
Show user stats = yes
use chart = yes
number of color = 9
Show Karma = yes
Edit time = 0
User edit time = 600
Show 'edited' = yes
enable subscriptions = no
subscribe by default = no
enable favourites = no

Break wrds longer than = 250
Max title length = 50
Max. signature length = 300

Only registred users = no
Enable name change = no
public read/write = no
flood protection = 0
email moderators = no
Email Administrators = no
spam protection = no
include complete post content in the e-mail = yes

allow avaters = yes
enable avatar upload = yes
enable avatar gallery = yes
image processor = none
h=50
w=50
h=100
w=100
h=250
w=250
Max avatar size=2048
Avatar quality = 65

Enaple public image upload = no
Enable registered image upload = yes
max height = 800
max width = 800
max size in kb = 150

enable public file upload = no
enable registered file upload = yes
allowed file types = zip,txt,doc,gz,tgz
max file size in kb = 120

Ranking = yes
Use rank images = yes

I didn't change the rest.

Now if I change 'Email Administrators' to 'yes' the problem occures. You can exclude the template, because I tried with the default one as well and sent another spam e-mail to everyone.

I'd just like to change code a bit, so that all e-mails would be send to my email address, so I can test in peace. It seems that I'll have to find that part myself...

Regards,
Tomaž

This setting is located here: Kunena Configuration » Security » Security Settings » Email Administrators = No.

That's what I thought. Actually I turned off all mail features as I spamed a half of the country testing the forum. Now I'm afraid to test further if maybe at least Email Moderators or Subscriptions work as they should.

Regards,
Tomaž

Thank you for your question and for giving us the basic information we need to help. Unfortunately, though, I cannot login to your forum. When I attempt to login, I received the following message:

Your registration process is not yet complete! Please check again your email for further instructions that have just been resent. If you don't find the email, check your spam-box. Make sure that your email account options are not set to immediately delete spam. If that was the case, just try logging in again to receive a new instructions email.

You need to enable the account.

From the little that I saw, you are using a user-modified Kunena template. You are also using a RocketTheme template with a number of Rokbox features. As we have discovered on numerous occasions, many of the RocketTheme plugins simply do not work with Kunena. Try disabling those plugins to see if this improves your situation. It may not fix the problem, but it's worth a try.

Spambots can most certainly target nonexistent categories.
Url's to them, has no requirement of a link (as we humans almost do )

I assume you have looked in the logfiles to see identify the target of the spambots?
Have you looked at the IP's to see if the spam originates from the same place(s)?
Can you identify some referrer from the logfiles?
What is the url of you forum (and the targetted categorie(s))?

There is some simple spamprotection within Kunena such as captcha, valid email requirement and a few others.

If that isn't enough, you can get some simple tips from a recent thread here:
www.kunena.com/forum/119-feature-request...imple-spamprotection
That might be manual work in the templates, but in the long run it's better than the spam.

Just beware, the bots will probably target your forum anyway, so you wont get rid of the bandwidth (or serverload) they consume.
That way you'll have to use some more advanced ipblocking on the server.

Hi!

I have a Kunena 1.5.5 installation running on a Joomla 1.5.14 Website.

In the last few days, i am dealing with lots of spam posts to one of the forums. With that, i could live - but what makes me curious is that the posts are in a forum, that is not existing.

In 'jos_fb_messages' i find messages with 'catid = 9', but in 'jos_fb_categories' there is no 'id = 9'.

Now i have createt a special "Spam" Forum and changed the category id manually to 9 so i can view the posted messages. This special forum can only be accessed by Admins (front- and backend), but spam-posts are still coming in.

Can anyone help me with this issue?

Thanks in advance!
Jens

vitaly wrote:

You have so many posts I think you are devel,

:laugh: No, I'm just a user with a lot of time on his hands!

vitaly wrote:

sozzled wrote:

It would be a good idea to display a "site policy" to inform users that they should not post messages that contain links to external websites and to advise them what you will do if they are in breach of this policy.

Do you think it can stop spammers? :dry:

It won't stop spam, no. It may not even make people think twice about posting spam. Spammers are immune to what other people think about them.

If you have a site policy then you are letting your users - including those who post spam - know what to expect from you!

You have so many posts I think you are devel,
<<<<<t would be a good idea to display a "site policy" to inform users that they should not post messages that contain links to external websites and to advise them what you will do if they are in breach of this policy.>>>>>
Do you think it can stop spammers? :dry:

vitaly wrote:

Thank you for your reply.
Have devel. plan to protect forum from bots and spam? How i can ban external link from post?
sorry for mistakes I use translate.google.com. :lol:

Thank you for your questions. I understand you very well.

I can't speak for the developers. I don't know what plans exist to re-introduce a "Ban Words" filter or, at the very least, prevent users from posting URLs to spam sites. At this time Kunena does not have the means to prevent users posting links to internal or external sites. This feature may be useful for some people.

The only way you can ban such information on your website is to review what's posted and to remove anything that you consider is offensive. It would be a good idea to display a "site policy" to inform users that they should not post messages that contain links to external websites and to advise them what you will do if they are in breach of this policy.

Thank you for your reply.
Have devel. plan to protect forum from bots and spam? How i can ban external link from post?
sorry for mistakes I use translate.google.com. :lol:

Hi everyone, I have three questions.
1-how to change default smilies in amination?
2 How to install recaptcha in Kunene to register users?
3-How do I ban some words, if the user, say have less than 20 posts on the forum. For example, if I ban words such as org. com. net spammer will be able to leave the post with their links.

i working on a "system" ANTI SPAM it will be like spamhaus stopforumspam
may be later will be add at Kunena

Just forgot...

The existing captcha and floodprotection is good (two very different things!), but they both needs a config option to turn each of them off for eg. registrered users vs public users.

Or even better ... They should be configurable pr. forum (a lot of the configs really should be that way )