Like us!

Joomla!™ Disclaimer

Joomla!™ is a registered trademark of Open Source Matters.
Tekdi Web Solutions, and are not affiliated to Joomla!, Open Source Matters or any of its subsidiaries.

Home Blogs Joomla Fighting Spam in a Joomla Powered Website

Fighting Spam in a Joomla Powered Website

Written by Parth Lawate Wednesday, 10 March 2010 13:22
Rate this item
(4 votes)

SPAM ! This is one problem that any webmaster today has to contend with in his daily tasks. If not dealt with on a fundamental level it can really become a pain in the neck & also end up in consuming time.  Not removing Spam comments /registrations/ forums posts on websites can really be harmful for its reputation & credibility.

As some of you might know we had the same problem come home with this very site becoming a target for Spam registrations & forum posts. This triggered us to conduct some thorough research in Spam protection practices.

In the past few months this knowledge has been very useful in helping some new clients in extensive cleaning & prevention for SPAM for their websites that were being targeted by Russian & Chinese spammers.  I have been meaning to blog about this for quite some time.. & today on reading "Your site best practical SPAM protection" blog by Ajmal Afif on All Together as a whole jolted me to getting down to it.

So let us look at how Spammers can target your site & a few simple methods on how you can prevent this from happening. We shall take a look at the 2 most common types of spam your site can get affected by.

A. Registration Spam

This is one of the most common types of Spam that you might see on a typical Joomla site. This can also go largely undetected. I have seen instances of this happening  both by automated scripts as well as the manual route.

B. Comment & Forum Spam

If you have a discussion forum on your site & or have a comments system to allow users to post comments on articles, you are likely to get this kind of Spam. This typically contains Spammy text & links to undesirable sites.

Now that you know that you can get affected, how do you go about stopping it ?

A . Active Protection by verifying that the person accessing the site Is Human

The various methods available for active protection are typically called as Captcha. This is available in various flavors such as ReCaptcha, Plain Image Captcha ( Words), Picture identification Captcha, Mathematical captcha, Question Captcha to name a few.

Such methods basically rely on the fact that automated scripts cannot read Captcha & get through the process.These methods can be effectively used for Comment as well as registration Spam.

Where these methods fail is for a new breed of spammers that actually manually add the comments or registrations.. Thats where the passive methods kick in.

B . Passive Protection by using IP Blocks, White-lists & Black-Lists & Content Scanners

Typically Spam aims to insert links into your site. Passive protection focuses on using content scanners which validate the content, the source & method of delivery against extensive databases of bad links, emails, content, blacklisted IPs & domains to stop the spammer from getting his content in.

These databases are fed from a huge number of sites & users that subscribe to using the databases & in turn reporting malicious content in turn.

The important aspect of these databases are that they are updated continuously & true to the spirit of opensource being contributed to on a everyday basis making them a comprehensive source of information.

Some Examples of Projects that serve such databases are Akismet, Mollom, Honey Pot, Bad Behavior to name a few.

This 'Captchaless' Spam protection is seen to be very effective today & more & more people are flocking towards it.. & thats great because in most of the cases it helps the system become even more stronger..

I have a Joomla site.. How can i benefit from these solutions ?

The Joomla development community has made it a breeze to integrate both active & passive spam protection into your websites. I shall review a few extensions that we have tested & found to be very effective.

Captcha & Recaptcha

One of the biggest woes of Joomla is that it does not include an easy way to introduce Spam protection with Captcha or recaptcha. Even with 1.5 you still have to use registration overrides to get  into place.. There is no simple install & publish & be done with it.

Security Images from Walter Cedric  is handy & can be a comparatively painless install if you can afford to do direct overwrites of your Joomla files.  A lot of other extensions also support this extension so extending captcha to various site wide forms can be easy though might need some development skills in some cases.

** If you are using K2 note that K2 adds a system plugin that rewrites the default Joomla registration form. This can be a pain if you are not aware of this. Make sure you unpublish or comment out the code from the K2 system plugin. @Joomlaworks.. a param to switch this off in the plugin would really help !

@Joomla  adding a Captcha & recaptcha library into the core could really help to bring uniformity site wide.  I think most Captcha & recaptcha extensions are good.. But making them work out of the box can be a pain as i said above.

Passive Protection

This is the part that really got me excited about when i first stumbled on to it.. & i found that it was very very effective.. There are quote a few providers that provide extensions to integrate passive prevention into Joomla

Moovum provides a extension that uses the Mollom service. SH404 integrates Project Honey Pot.  Akismet4Joomla from Cedric walter adds Akismet. Bad Behavior for Joomla is also available.

I have tried these solutions at some point in time , but the cedIT Registration Validator extension really gave us good results in the latest implementation. There is a commercial version that also provides protection from Kunena Spam.

A lot of these extensions can work alongside i.e. you can haver more than one working at the same time.

Well thats it for now.. I hope it helps you fight spam !