Page 1 of 1

Spam emails

Posted: Tue Nov 12, 2019 2:56 pm
by floppy900
Hi people can anyone tell me how to stop someone sending spam emails from the website.
The only people that have access are committee members of the fishing club and most are old farts like me who can just about use a computer for emails and stuff.
Many thanks.
Floppy900 (Terry)

Re: Spam emails

Posted: Tue Nov 12, 2019 3:28 pm
by waarnemer
you do have a contact form on your site? You probably do.
make sure to set a captcha of any kind.
the core captchas need a google api key
but there also is a very good non intrusive one by michael richey: hashcash.
https://extensions.joomla.org/extension/hashcash/

Re: Spam emails

Posted: Tue Nov 12, 2019 3:47 pm
by floppy900
Thanks for the reply, I will try it out.
Thanks.
floppy900 (Terry)

Re: Spam emails

Posted: Tue Nov 12, 2019 4:51 pm
by floppy900
Hi, it looks like the forum is sending out spam, I have set up the hashcash to see if that will stop it, I also went through all the members and deleted any that logged in today, to see if they will re register.
Thanks.
floppy900 (Terry)

Re: Spam emails

Posted: Wed Nov 13, 2019 12:29 am
by toivo
floppy900 wrote:it looks like the forum is sending out spam
It would help the experts here to assist you if we knew more about your website, for example its URL, but at least the version of Joomla and the forum extension.

You should also post the results from the Forum Post Assistant (FPA) by following the instructions at https://forumpostassistant.github.io/docs/.

Re: Spam emails

Posted: Wed Nov 13, 2019 1:50 pm
by floppy900
Sorry, here is the info.
It looks like the forum is sending out spam and I have no idea on how to stop it.
https://www.exeteranglingassociation.co.uk/
Kunena v:5.0.7
and the Joomla is up to date with the latest installed.
Thanks.
Floppy900 (Terry)

Re: Spam emails

Posted: Wed Nov 13, 2019 2:30 pm
by toivo
Your version of Kunena is out of date and misses several security fixes. The latest version is 5.1.15. At this stage, in the absence of the requested FPA results, your best bet is to update Kunena.

Re: Spam emails

Posted: Wed Nov 13, 2019 7:51 pm
by sozzled
Thank you for your question, @floppy990.

floppy900 wrote:
Tue Nov 12, 2019 2:56 pm
Can anyone tell me how to stop someone sending spam emails from the website?
Anyone who has a publicly-accessible contact form on a website is sending an open invitation to anyone to use it for whatever purpose they desire—honestly or dishonestly, for good or bad, for making a genuine request or for making a disingenuous request. That's what happens.

CAPTCHA (or some other "anti-spam" mechanism) is usually ineffective.

So the first point to make is simple: why have a contact form if it's likely to be abused? If you can answer that question, if there's the likelihood that a contact form will be abused is low, then go ahead and make such a mechanism available.

I'm not a believer in contact forms myself—certainly not ones that are publicly-accessible—and the risks of their misuse outweighs any advantages. To minimise this risk, don't make these things publicly-accessible; confine their use to only registered users. In other words, require that people need to register an account and login before they can use the contact form. And what if you think that people may need to contact you before they create an account? Well, if they're genuine (and if you've publicised the advantages to people of the benefits of joining your organisation even if only to ask a few questions) then have some faith that people will create an account.

The second opportunity for spammers is your forum. No, it is of little importance that your forum software is not the most-current version (even if it makes good sense to keep the software up-to-date) or that the forum is not [initially] "open" to the public but the fact that you have a forum, and the only obstacle in the path of would-be spammers is that they need to create an account and login to use it, is not a reason to be complacent.

It doesn't matter what forum software you're using. For example, this forum (at forum.joomla.org) is bombarded with junk many times a day. So if it can happen here, it can happen anywhere.

If you want to stop spam then you need to stop it at the source. You need to put in place mechanisms, other requirements, that require people to comply with additional conditions before they can register themselves. You might also do some research into how to prevent forum spam by looking here: https://google.com/search?q=%22How+to+stop+fo ... ena%22&s=g

floppy900 wrote:
Tue Nov 12, 2019 4:51 pm
I ... went through all the members and deleted any that logged in today, to see if they will re register.
This is the third area you should look at. Your website allows anyone to self-register and the only "obstacle" in their way (it would appear) is to deal with the CAPTCHA challenge. So, basically, anyone can enter any name, email address (real or not) and meet the CAPTCHA challenge and, hey-presto, they're in! Once they're in, they can use your forum or any other facilities offered by your website to post spam or send junk mail.

floppy900 wrote:
Tue Nov 12, 2019 2:56 pm
The only people that have access are committee members of the fishing club ...
OK, if that's what you want then enforce it. If you only want committee members of your organisation to access your site, then don't offer a means of self-registration. Require that all new members of your site need to be vetted before they're allowed to login. I can't decide what's best for you; you have to figure out what you want your website to be for yourself.'

Just for the record:
  1. I am not affiliated with the Kunena project.
  2. I manage several websites, my own and with other people, using different (including outdated) versions of Kunena
  3. Spam is not confined to Joomla or Kunena
  4. I see dozens of attempted assaults on my websites every day but none of these are successful (touch wood that will continue)
In summary, there's no one-size-fits-all solution. CAPTCHA challenges are, in my opinion, a waste of time; they're a minor "inconvenience", perhaps, to would-be spammers w.r.t. preventing some spam but they're not a cure; CAPTCHA challenges are easily overcome. There is no evidence that K 5.0.7 is any less secure than K 5.1.15 (but it doesn't hurt to update it).

I hope this helps. 8)

Re: Spam emails

Posted: Wed Nov 13, 2019 9:21 pm
by waarnemer
sozzled wrote:
Wed Nov 13, 2019 7:51 pm
CAPTCHA (or some other "anti-spam" mechanism) is usually ineffective.
This needs some explanation....

Re: Spam emails

Posted: Wed Nov 13, 2019 9:37 pm
by sozzled
@waarnemer: I'm not going to get into a "panel discussion" about what other people may think about CAPTCHA, honeypots, or other so-called spam prevention mechanisms. Everyone has different opinions (and I respect those opinions) just as I hope people will also respect that I'm entitled to my own opinion, too.

I have not once found a CAPTCHA or spam preventative mechanism that is reliable, that's a one-size-fits-all solution, that's totally effective or that is abuse-proof. If that were the case then why isn't the Joomla! forum (forum.joomla.org) using it? ??? ??? Perhaps you might be able to give some explanation about why there's so much spam here at forum.joomla.org (because this forum also uses CAPTCHA together with other mechanisms)?

Re: Spam emails

Posted: Wed Nov 13, 2019 9:46 pm
by waarnemer
@sozzled
well for this forum it counts as follows...once in, no captcha... off you go...
think; it is the google captcha that doesn't ask always for you to solve the riddle, it sometimes just accepts you are human by just check the box.....so you can have two types of spammers here... the real human selling his services to get your page ranked as high as possible... (no way he can!) and the ones that use a bot to sell me the ideal medicine for my lovelife.... the ones that break through the google captchas....

for the usual bot it is hard work to solve a javascript riddle... that is why I advise the hashcash method... bit indeed, the hascash cannot beat the manual spammer... it can beat the bots though...

Re: Spam emails

Posted: Wed Nov 13, 2019 9:59 pm
by sozzled
Again, while this side-bar "panel discussion" may be entertaining, in my opinion, this is not the best place to be having it and it's hijacking the OP's topic.

The original question was simple:
floppy900 wrote:
Tue Nov 12, 2019 2:56 pm
Can anyone tell me how to stop someone sending spam emails from the website?
There are solutions. CAPTCHA helps a little ... but it's ineffective at stopping the spread of spam. If people want to stop spam then one has to look beyond CAPTCHA, beyond guessable problem-solving challenges, beyond automated technological means and look closer to home.

@floppy990: I'm sorry about the unfortunate foregoing panel discussion at your expense. Please look at my earlier response (a few messages ago) and decide for yourself.

Re: Spam emails

Posted: Wed Nov 13, 2019 10:14 pm
by waarnemer
@sozzled is right... to avoid hijacking... but I'm curious..

viewtopic.php?f=48&t=975730#p3586145