K2 spam issue on items

vertti · Post by **vertti** » Fri Jan 16, 2015 8:17 pm

Could somebody tell me how to prevent published spam items with Joomla 2.5.28 and K2?

Meaning we have a sports site with active news topic, but past few days it has been full of spam items/articles. Meaning news, that are created and published by spam bots.

jakjakjak · Post by **jakjakjak** » Fri Jan 16, 2015 8:25 pm

Do you have captcha or something similar enabled on the article comments, if not you could consider that route.

vertti · Post by **vertti** » Fri Jan 16, 2015 8:29 pm

jakjakjak wrote:Do you have captcha or something similar enabled on the article comments, if not you could consider that route.

Captcha is not enabled and I am considering that. My problem is not the comment spam though, but does that help with creating and publishing news also?

jakjakjak · Post by **jakjakjak** » Fri Jan 16, 2015 8:41 pm

Maybe captcha on user registration?

vertti · Post by **vertti** » Fri Jan 16, 2015 8:45 pm

I have now ReCaptcha enabled, but user registration has not been enabled ever on the site.

So nobody can registrate to the site, only administrators can add users, but still there still there are new users in the users list. (bots) A bit worried...

Post by **toivo** » Fri Jan 16, 2015 9:24 pm

Terve Vertti,

It is quite right to be worried. Please post the output of the FPA and someone may be able to tell the settings are not secure or if your site has extensions with known vulnerabilities:
http://forum.joomla.org/viewtopic.php?f=621&t=582860

vertti · Post by **vertti** » Fri Jan 16, 2015 9:38 pm

Kiitos Toivo! Maybe this will help someone..

Forum Post Assistant (v1.2.4) : 16th January 2015 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.28-Stable (Ember) 10-December-2014
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Writable (664) | Owner: 43645 (uid: /gid: ) | Group: 102 (gid: ) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 1 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.39-bpo.2-686-pae | Technology: i686 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /xxxxx | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.28 | PHP API: apache2handler | Session Path Writable: Yes | Display Errors: | Error Reporting: 22519 | Log Errors To: /var/log/apache2.2/php_log | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /xxxxxt/:/sessions/phpsessions/:/tmp | Uploads: 1 | Max. Upload Size: 80M | Max. POST Size: 80M | Max. Input Time: 60 | Max. Execution Time: 70 | Memory Limit: 80M

MySQL Configuration :: Version: 5.1.73-1+deb6u1-log (Client:5.1.73) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 10.76 MiB | #of Tables: 134
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.28) | date (5.3.28) | ereg () | libxml () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | calendar () | ctype () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gettext () | SPL (0.2) | iconv () | json (1.2.1) | mbstring () | session () | PDO (1.0.4dev) | openssl () | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | standard (5.3.28) | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id$) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlwriter (0.1) | apache2handler () | imap () | gd () | mcrypt () | mysql (1.0) | mysqli (0.1) | pdo_mysql (1.0.2) | curl () | SQLite (2.0-dev) | suhosin (0.9.32.1) | Phar (2.0.1) | mhash () | Zend Engine (2.3.0) |
Potential Missing Extensions :: zip |

Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe

Apache Modules :: core | prefork | http_core | mod_so | mod_authn_file | mod_authn_dbm | mod_authn_anon | mod_authn_dbd | mod_authn_default | mod_authz_host | mod_authz_groupfile | mod_authz_user | mod_authz_dbm | mod_authz_owner | mod_authz_default | mod_auth_basic | mod_auth_digest | mod_dbd | mod_dumpio | mod_ext_filter | mod_include | mod_filter | mod_substitute | mod_deflate | mod_log_config | mod_logio | mod_env | mod_expires | mod_headers | mod_setenvif | mod_ssl | mod_mime | mod_status | mod_autoindex | mod_info | mod_cgi | mod_vhost_alias | mod_negotiation | mod_dir | mod_actions | mod_userdir | mod_alias | mod_rewrite | mod_proxy | mod_proxy_http | mod_php5 | Apache |
Potential Missing Modules :: mod_security | mod_evasive | mod_dosevasive | mod_qos | mod_userdir |

Folder Permissions :: wrote:Core Folders :: images/ (771) | components/ (771) | modules/ (771) | plugins/ (771) | language/ (771) | templates/ (771) | cache/ (771) | logs/ (771) | tmp/ (771) | administrator/components/ (777) | administrator/modules/ (777) | administrator/language/ (777) | administrator/templates/ (777) |

Elevated Permissions (First 10) :: docs/ (771) | docs/installation/ (771) | media/ (771) | media/lib_koowa/ (771) | media/lib_koowa/css/ (771) | media/lib_koowa/images/ (771) | media/lib_koowa/images/32/ (771) | media/lib_koowa/images/modal/ (771) | media/lib_koowa/js/ (771) | media/plg_system_highlight/ (771) |
Extensions Discovered :: wrote:Components :: SITE :: com_wrapper (2.5.0) | com_mailto (2.5.0) | WF_AUTOSAVE_TITLE (2.3.4.4) | WF_IMGMANAGER_TITLE (2.3.4.4) | WF_XHTMLXTRAS_TITLE (2.3.4.4) | WF_LAYER_TITLE (2.3.4.4) | WF_PRINT_TITLE (2.3.4.4) | WF_MEDIA_TITLE (2.3.4.4) | WF_FULLSCREEN_TITLE (2.3.4.4) | WF_PREVIEW_TITLE (2.3.4.4) | WF_STYLE_TITLE (2.3.4.4) | WF_MEDIAMANAGER_TITLE (2.0.13) | WF_CONTEXTMENU_TITLE (2.3.4.4) | WF_CLIPBOARD_TITLE (2.3.4.4) | WF_BROWSER_TITLE (2.3.4.4) | WF_CLEANUP_TITLE (2.3.4.4) | WF_SPELLCHECKER_TITLE (2.3.4.4) | WF_LINK_TITLE (2.3.4.4) | WF_VISUALBLOCKS_TITLE (2.3.4.4) | WF_ARTICLE_TITLE (2.3.4.4) | WF_TABLE_TITLE (2.3.4.4) | WF_LISTS_TITLE (2.3.4.4) | WF_CHARMAP_TITLE (2.3.4.4) | WF_SEARCHREPLACE_TITLE (2.3.4.4) | WF_ANCHOR_TITLE (2.3.4.4) | WF_VISUALCHARS_TITLE (2.3.4.4) | WF_SOURCE_TITLE (2.3.4.4) | WF_FILEMANAGER_TITLE (2.1.7) | WF_DIRECTIONALITY_TITLE (2.3.4.4) | WF_IFRAME_TITLE (2.1.1) | WF_KITCHENSINK_TITLE (2.3.4.4) | WF_INLINEPOPUPS_TITLE (2.3.4.4) | WF_NONBREAKING_TITLE (2.3.4.4) | WF_IMGMANAGER_EXT_TITLE (2.0.24) | WF_TEXTCASE_TITLE (2.3.4.4) | K2 Links for JCE Link (2.2) | WF_LINKS_JOOMLALINKS_TITLE (2.3.4.4) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.4.4) | WF_LINK_SEARCH_TITLE (2.3.4.4) | WF_POPUPS_WINDOW_TITLE (2.3.4.4) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.4.4) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.4.4) | WF_AGGREGATOR_VIMEO_TITLE (2.3.4.4) | WF_AGGREGATOR_[youtube]_TITLE (2.3.4.4) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.4.4) | WF_AGGREGATOR_VINE_TITLE (2.3.4.4) |
Components :: ADMIN :: com_content (2.5.0) | com_media (2.5.0) | com_modules (2.5.0) | com_finder (2.5.0) | com_checkin (2.5.0) | com_banners (2.5.0) | com_redirect (2.5.0) | Files (1.0.5) | com_languages (2.5.0) | J!Extranet (4.2 "Eo Ire I) | mod_k2_comments (-) | mod_k2_comments (-) | COM_K2 (2.6.8) | com_installer (2.5.0) | plg_system_kunena (-) | mod_kunenamenu (3.0.3) | plg_kunena_joomla (3.0.3) | plg_kunena_comprofiler (3.0.3) | plg_kunena_alphauserpoints (3.0.3) | plg_finder_kunena (3.0.3) | plg_kunena_gravatar (3.0.3) | plg_kunena_kunena (3.0.3) | plg_kunena_community (3.0.3) | plg_kunena_finder (3.0.3) | plg_kunena_uddeim (3.0.3) | com_kunena (3.0.3) | JEvents (3.0.7) | com_users (2.5.0) | Gantry (4.1.20) | Widgetkit (1.4.7) | com_weblinks (2.5.0) | nextend_installer (1.0) | com_login (2.5.0) | com_templates (2.5.0) | com_config (2.5.0) | com_plugins (2.5.0) | com_cache (2.5.0) | com_search (2.5.0) | com_admin (2.5.0) | com_newsfeeds (2.5.0) | eXtplorer (2.1.5) | com_messages (2.5.0) | com_joomlaupdate (2.5.0) | Unknown (-) | JCE (2.3.4.4) | DOCman (2.0.0RC3) | com_categories (2.5.0) | com_cpanel (2.5.0) | com_menus (2.5.0) | com_extman (1.0.0RC7) | Smart Slider 2 (2.3.7) |

Modules :: SITE :: mod_articles_news (2.5.0) | mod_articles_archive (2.5.0) | mod_footer (2.5.0) | mod_custom (2.5.0) | JEvents View Switcher (3.0.7) | mod_articles_categories (2.5.0) | mod_articles_popular (2.5.0) | Nextend Smart Slider (4.1.1) | System - Nextend Advanced Para (1.0.0) | ARI Ext Menu (2.2.5) | K2 Tools (2.6.8) | mod_menu (2.5.0) | AddThis Smart Layers (1.0.0) | mod_syndicate (2.5.0) | K2 Content (2.6.8) | K2 Comments (2.6.8) | mod_docman_documents (2.0.0RC3) | JEvents Filter (3.0.7) | Widgetkit Twitter (1.0.0) | mod_articles_latest (2.5.0) | mod_login (2.5.0) | JEvents Calendar (3.0.7) | mod_random_image (2.5.0) | mod_feed (2.5.0) | Latest JEvents (3.0.7) | Smart Slider 2 (2.3.0) | mod_breadcrumbs (2.5.0) | mod_stats (2.5.0) | mod_whosonline (2.5.0) | RokNavMenu (2.0.0) | mod_wrapper (2.5.0) | K2 User (2.6.8) | K2 Users (2.6.8) | Facebook Wall (6.4) | mod_search (2.5.0) | mod_users_latest (2.5.0) | Unknown (-) | JEvents Legend (3.0.7) | mod_finder (2.5.0) | mod_weblinks (2.5.0) | mod_banners (2.5.0) | Widgetkit (1.0.0) | mod_languages (2.5.0) | B2J News Loader for K2 (2.4) | mod_related_items (2.5.0) | mod_articles_category (2.5.0) |
Modules :: ADMIN :: mod_status (2.5.0) | K2 Stats (admin) (2.6.8) | mod_version (2.5.0) | mod_custom (2.5.0) | mod_submenu (2.5.0) | K2 Quick Icons (admin) (2.6.8) | mod_menu (2.5.0) | mod_toolbar (2.5.0) | mod_logged (2.5.0) | mod_title (2.5.0) | mod_popular (2.5.0) | mod_login (2.5.0) | mod_feed (2.5.0) | mod_quickicon (2.5.0) | mod_latest (2.5.0) | mod_multilangstatus (2.5.0) | Unknown (-) |

Plugins :: SITE :: plg_authentication_gmail (2.5.0) | plg_authentication_ldap (2.5.0) | plg_authentication_joomla (2.5.0) | Nextend Smart Slider Widget: B (1.0.0) | Nextend Smart Slider Widget: B (1.0.0) | Nextend Smart Slider Widget: B (1.0.0) | plg_system_sef (2.5.0) | System - Nextend Advanced Para (1.0.0) | System - Joomlatools Framework (1.0.6) | System - Gantry (4.1.20) | System - JCE MediaBox (1.1.10) | plg_system_highlight (2.5.0) | plg_system_redirect (2.5.0) | Nextend Resize Images (1.0.0) | Nextend Library (1.0.0) | Nextend Library (1.0.0) | plg_system_log (2.5.0) | plg_system_p3p (2.5.0) | System - Widgetkit ZOO (3.1.0) | plg_system_remember (2.5.0) | plg_system_cache (2.5.0) | plg_system_logout (2.5.0) | Nextend Smart Slider - Respons (1.0.0) | Nextend Joomla 3.0 compatibili (1.0.1) | plg_system_languagecode (2.5.0) | plg_system_languagefilter (2.5.0) | System - RokExtender (2.0.0) | plg_system_debug (2.5.0) | System - K2 (2.6.8) | System - Widgetkit (1.0.0) | Nextend Dojo Loader (1.1) | plg_system_lazydbbackup (2.5.0a) | plg_system_kunena (3.0.3) | System - Smart Slider Tabber (1.1.0) | System - Widgetkit Joomla (1.0.0) | Nextend Smart Slider Widget: T (1.0.0) | Nextend Smart Slider Widget: A (1.0.0) | Nextend Smart Slider Widget: S (1.0.0) | Nextend Smart Slider Widget: A (1.0.0) | Nextend Smart Slider Widget: B (1.0.0) | Nextend Smart Slider Widget: H (1.0.0) | Nextend Smart Slider Widget: I (1.0.0) | Nextend Smart Slider Widget: B (1.0.0) | Smartslider - SmartSliderInser (1.2.1) | Nextend Smart Slider Button It (1.0.0) | Nextend Smart Slider Shape Ite (1.0.0) | Nextend Smart Slider Heading I (1.0.0) | Nextend Smart Slider Caption I (1.0.0) | Nextend Smart Slider Paragraph (1.0.0) | Nextend Smart Slider Image Fad (1.0.0) | Nextend Smart Slider Vimeo Ite (1.0.0) | Nextend Smart Slider Tag Item (1.0.0) | Nextend Smart Slider Image Ite (1.0.0) | Nextend Smart Slider [youtube] I (1.0.0) | Nextend Smart Slider Html Item (1.0.0) | Nextend Smart Slider iframe It (1.0.0) | Nextend Smart Slider Special I (1.0.0) | Nextend Smart Slider Joomla mo (1.0.0) | Nextend Smart Slider Image Fli (1.0.0) | plg_extension_joomla (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_extensionupdate (2.5.0) | PLG_EOSNOTIFY (2.5.0) | plg_quickicon_kunena (3.0.3) | plg_quickicon_jcefilebrowser (2.3.4.4) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider generator (1.0.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_doclink (2.0.0RC3) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | Content - Widgetkit (1.0.0) | plg_content_loadmodule (2.5.0) | plg_content_geshi (2.5.0) | plg_content_emailcloak (2.5.0) | plg_content_pagenavigation (2.5.0) | Content - HD Gfont (3.00) | plg_content_finder (2.5.0) | plg_content_pagebreak (2.5.0) | plg_content_vote (2.5.0) | plg_content_joomla (2.5.0) | Nextend Smart Slider Widget: A (1.0.0) | Nextend Smart Slider generator (1.0.0) | Nextend Smart Slider Widget: B (1.0.0) | Nextend Smart Slider Widget: B (1.0.0) | Nextend Smart Slider Widget: B (1.0.0) | Nextend Smart Slider Widget: T (1.0.0) | Nextend Smart Slider Widget: T (1.0.0) | Nextend Smart Slider Widget: T (1.0.0) | plg_search_weblinks (2.5.0) | Search - DOCman (2.0.0RC3) | plg_search_contacts (2.5.0) | plg_search_content (2.5.0) | plg_search_newsfeeds (2.5.0) | Search - K2 (2.6.8) | plg_search_categories (2.5.0) | Search - JEvents (3.0.7) | plg_editors_tinymce (3.5.11) | plg_editors_codemirror (1.0) | plg_editors_jce (2.3.4.4) | Nextend Smart Slider Widget: H (1.0.0) | plg_jextranet (1.0 'Mux') | User - K2 (2.6.8) | plg_user_contactcreator (2.5.0) | plg_user_joomla (2.5.0) | plg_user_profile (2.5.0) | Josetta - K2 Items (2.6.8) | Josetta - K2 Categories (2.6.8) | plg_finder_weblinks (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_content (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_k2 (2.6.8) | plg_finder_jevents (3.0.7) | plg_finder_categories (2.5.0) | plg_captcha_recaptcha (2.5.0) | Nextend Smart Slider Widget: A (1.0.0) | Nextend Smart Slider Widget: A (1.0.0) | Nextend Smart Slider Widget: A (1.0.0) | Nextend Smart Slider Simple Ty (1.0.0) | Nextend Smart Slider Full Page (1.0.0) | Nextend Smart Slider Vertical (1.0.0) | Nextend Smart Slider Showcase (1.0.0) | Nextend Smart Slider Horizonta (1.0.0) | plg_kunena_comprofiler (3.0.3) | plg_kunena_gravatar (3.0.3) | plg_kunena_uddeim (3.0.3) | plg_kunena_alphauserpoints (3.0.3) | plg_kunena_kunena (3.0.3) | plg_kunena_community (3.0.3) | plg_kunena_joomla (3.0.3) | Nextend Smart Slider Widget: I (1.0.0) | Nextend Smart Slider Widget: I (1.0.0) | Nextend Smart Slider Widget: S (1.0.0) |
Templates Discovered :: wrote:Templates :: SITE :: atomic (2.5.0) | beez_20 (2.5.0) | rt_voxel (1.3) | beez5 (2.5.0) |
Templates :: ADMIN :: hathor (2.5.0) | bluestork (2.5.0) |

Post by **toivo** » Fri Jan 16, 2015 9:56 pm

The folder settings are insecure, for starters:
https://docs.joomla.org/Security_and_Pe ... issions.3F

vertti · Post by **vertti** » Fri Jan 16, 2015 10:03 pm

Ok, will check those. I think most of the wrong folder permissions are a heritage from an other server and Installatron.

Post by **toivo** » Fri Jan 16, 2015 10:29 pm

If the version of K2 is old, it may be vulnerable:
http://vel.joomla.org/vel-blog/623-k2-2-6-6.html

vertti · Post by **vertti** » Fri Jan 16, 2015 10:35 pm

It´s 2.6.8 in the site, but just noticed, that 2.6.9 is up-to-date version.

Post by **toivo** » Sat Jan 17, 2015 1:49 am

It is best to keep the extensions uptodate. If a vulnerability in an extension and/or insecure directory settings have allowed a script to be uploaded at some stage to your site, this would have provided a back door for other things to be uploaded and installed, not just user registrations to be posted by bots.

It is best to follow the instructions in the sticky notes at the top of the Security forum, re-install and secure the site.

vertti · Post by **vertti** » Sat Jan 17, 2015 1:33 pm

Yep, that's true. Sometimes the updating process (Joomla & Extensions) is kind of a grey area. Meaning customers don't want to pay for that and still someone has to do it.

Well, I updated almost everything now. Let's see what happens, or hopefully doesn't! Thanks Toivo for the help. I'll buy you a virtual beer someday

The Joomla! Forum™

K2 spam issue on items

K2 spam issue on items

Re: K2 spam issue on items

Re: K2 spam issue on items

Re: K2 spam issue on items

Re: K2 spam issue on items

Re: K2 spam issue on items

Re: K2 spam issue on items

Re: K2 spam issue on items

Re: K2 spam issue on items

Re: K2 spam issue on items

Re: K2 spam issue on items

Re: K2 spam issue on items

Re: K2 spam issue on items