Just to say hello to the Admin

THANK YOU for your plug-in. I install v 1.1.9 in Joomla 2.5.7 and it just caught a rouge appearing in my MySQL. Great.

I have actually unpublished Kunena because of the jump in number of unrelated users. But they still came in until you came to my rescue. Aicha. Should i now publish kunena with your spambotCheck.

It will be great if you can give us an idea what happen when the rouge register; questions 1) do they physical register in the website ie type in their email address & do the recaptcha checking.
2) since my joomla require them to activate the account, do they actually do that from the email they enter, if so the email must be genuine
3) do they then log in to do what they want to do.

OR x) do they do this without physically at the site. I ask question x because can they just spam without being going through steps 1 to 3

By the way should i also use the R-Antispam with yours. Cheers!

Hi Mike,

the word "rouge" is a bit strange to me, never heard it before. I assume this is a registered user who acts as a spammer to your site, right?

Well I think it is possible to go through the whole registration process using really good spambots (not physically by a real person) and genuine e-mail adresses (which may change often enough). I'm not an expert about those technologie but I know there are many tools and tricks, so I think it is possible but only with a great effort and good resources. The better defined the target (a specific programm you know well, etc.), the easier it would be to develop and maintain such bots.

Nevertheless I think sooner or later those e-mail adresses and even more important the IP's of those bot are listed in the databases plugin spambotcheck relies on. Your spammer should therefore be prevented from login after a short while even if it was able to register in the first place.

Certainly there might also be the x) way, if somebody finds a breech in your website, but I think that is not very problable. In that case plugin Spambotcheck can do nothing.

Plugin SpambotCheck is all about login and registration. If you allow only registered and logged in users to post in your forum and enable the plugin for IP and e-mail (use ProjectHoneyPot.org and the other IP-related spambot databases as well) and it's not the x) way the plugin should reduce spamusers significantly. I would publish the forum again and give it a close look.

R-Antispam works in a totally different way for it examines the content of posts etc. I think those both plugins complement each other and if your are really in trouble with spam on your forum I would try to use both together.

Regards,
Aicha

Friend you are too king about the word rouge, what i meant was rogue or rascal. I always think something and type something else. :blush: to the level of red rouge.

For your info the latest i found was in the user registration in my inherited first cut website, it did not use ReCapta. In fact once i use in the last 24 hours, the spam registration did not even appear in your spam_attempt table; probably because they are from bots. For those who are already registered, they were blocked by StopForumSpam via yr plugin. Actually the huge number of rogue came is at the point of registration and not because of the forum; for which i believe R_Antispam have a role to play.

For my education on security issues, how do you communicate with StopForumSpam to do the job. In Kunena there is are Key involved in the configuration and because of my lack of knowledge, i cannot proceed and end up meeting you.

Currently i am looking at my htaccess and reading related articles on it to improve the security before i republished the forum. For this i am thinking of using RewriteCond. 2 questions here; of the two ways htaccess & your SpamBotCheck
1) which will act first (if pass the recapta)?
2) which will be more effective?

Look forward to your enlightenment. Aicha means what, i have heard it from my Indian friends before. I have place your ViSolutions in my website credit.
Kind Regards.

Hi,

StopForumSpam provides developers with an API. The plugin uses that API sending a request and analysing the response.

If you have enabled "check login and registration" and "log spammer to db" every spammer, that is listed in one of the databases you enabled to check against (like stopforumspam), is prevented from the respective activity regardsless of if it is a bot or not.

If rogue is not found it is either not (yet) listed in the spamdatabase or it slips through because of the plugin settings you choose (for example not using IP checking databases).

About your questions. htaccess acts allways first. I'm not that familiar with htaccess to know every trick but I think it is difficult to stop rogues with rewriteCond in htaccess. But I may be wrong about that. I hope you find a way to further improve the security of your site.

Good Luck,
Aicha

It feel so good to read your response with all the sincere in-depth sharing in this complex and exponentially entropic explosive world. Bye till we meet again. Fond Regards.