G'day!

I'm building a Joomla 1.6 site with a Kunena forum.

It appears that bots are registering on Joomla.

I have the Joomla Register module unpublished.

The Kunena Register is available but the new members were only in the Joomla Userlist till I did the Kunena Sinc Users function.

I received no e-mail notification.

The new members were not enabled or activated.

I've deleted them in the Joomla User Manager and they have also gone from the Kunena Userlist. So all is well!

However, I do feel rather vulnerable as these registrations seem to be occurring via some back door method, given that the Registration module is not published. Am I right to be worried by this?

I haven't yet added a Captcha since the Registration module is unpublished. Would this beat the bots? Any other thoughts?

Note: I think it's unlikely these are genuine members. The site is unfinished with only a dozen forum posts by myself. Only yesterday I got it up from #50 to #16 in Google for my targeted term. So the bots would be finding the site by a search on some Joomla series of words rather than my keywords.

Thanks.

G'day

I would like to address this question about how people can protect their sites from nuisances in the same general way as I have dealt with the topic in other forums.

"How do I protect my website (and my forum, obviously) from attack?" Rather than tackle the specifics of your question individually, I will try to give your questions more detailed treatment than by responding with a facile how-you-protect-your-forum-is-something-for-you-to-decide kind of answer.

Even though your question may be specifically targeted at Kunena, and the question may imply that Kunena is peculiarly vulnerable, the problem of spam is more pervasive than any one Joomla extension can resolve. The problem with spam is much older than the internet. So, while some of my advice may seem a little vague or too generalised, the advice is as relevant to Kunena as it is to anything else people use on their websites.

The reason that there is no single, simple answer is because the issue quite complex. If we start with the understanding that everyone has a different way of implementing a website (and a web-based discussion forum like Kunena) you might begin to understand that many factors may contribute to this problem.

Some people like the idea of allowing anyone to post whatever they like without requiring them to login. The problem with that, of course, is that they have little control over the content of what people post on their forum apart from challenging people every time they post with some simple "identity" check (e.g. CAPTCHA) and all that CAPTCHA does is to ensure that it's a human being posting objectionable material instead of a 'bot.

Some people restrict their sites so that everyone can view what's posted on the forum (and only registered users can login in order to post) but then allow anyone to register with their site; they then wonder how their sites become littered with material that they consider "objectionable". Other people still further restrict their sites so that only registered members of the community must login - in order to see the forum - but they still have the "open door" policy to allowing material to appear on the site automatically, without review. Again, the root cause of this problem is a registration issue. How do you know, when someone registers at your site, that they're not going to abuse the privileges of posting on your site?

Other people even further restrict their sites by requiring that all messages are subjected to moderator review before they are published on the board. This is about the ultimate preventive measure but it impacts on the smooth flow of the discussions and comes at a cost to management. This is a question for forum managers/site administrators to weigh up as to how much management overhead is the "right amount" and how much is not justifiable.

Some website genres seem more "attractive" to spam than others. I don't know why that seems to be the case but anime and game sites are more likely to be targeted by spammers than old ladies' quilting or bird-watching society websites.

What happens when spam users/'bot register on a Joomla! site and defeat captcha and email confirmation counter-measures? Of course as we all know, this has nothing to do with Kunena. Kunena is not responsible for user registration on a Joomla website. User registration is a Joomla function that may be optionally assisted by other Joomla extensions better equipped to deal with registration scrutiny. Basic Joomla has two variations: allow everyone to register (and new registrations must confirm by using a valid email address) or allow no-one to register. If you allow no-one to register you, the system administrator, must perform all user registration yourself.

What happens when users/'bots start posting spam on a Kunena forum that only allows posting by registered users? As mentioned earlier in my reply, if you allow people to register and give them the unfettered right use the forum after they have joined, then you allow people the ability to post whatever they like ... unless you review everything that they write beforehand. The question that everyone needs to individually answer is, how much scrutiny is the "right amount" of scrutiny. On the one hand you can scrutinise to the point of terrorising people and they may be reluctant to post anything at all if they're continually subjected to this kind of treatment.

For instance, consider the many community-driven, self-help forum (like this one). Messages are not screened before they appear on the forum. They appear instantly. So, you may ask, how do these sites prevent spam?

The answer to this question, as I have often written [elsewhere], is simple:
With an active moderation team, one that operates close to 24 hours a day, spam rarely lasts for very long before it's detected, removed and the account(s) responsible for the rubbish are blocked from accessing the site in future. Your site should have zero tolerance of spam and you need to equip your moderators with the necessary tools to deal with the problem. Kunena has those tools.

However, if you are asking what preventive measures can be taken in the first place to stop spam from showing up on your forum, the answer really lies in how you screen new user registrations. There must be hundreds of guides on the internet to help people with this "management problem"; the forum here at this site is one place where people can meet to discuss various ideas, hints, tips and tricks-of-the-trade. I've given you a few ideas and I hope they help. I'm sure that others may have their own suggestions that will help you, too.

Well, thanks Sozzled, for that comprehensive reply, and welcome to this forum, Mate. I live just down the big hill from you, on the coast.

I was over at your place (forum) the other day looking for help with my Kunena issues and J1.6. I finished up wiping the whole lot and starting from scratch with J1.5. Got it working fairly well now.

Beat the bots with a simple captcha and I now understand the sign up process better.

Got the SEF fairly well worked out except I have no item ID in the post URLs and I'm worried about the confusion from duplicate titles. But I'll get there.

Thanks again.