[52]Antispam Protection

[LocaLizeR]

1. Summary
When you have a high ranked site by the search engines, later or sooner the spam robots will find it. They register on your site, try to claim lost passwords and they use the contact form for spamming or make any other spamming attempts.

2. Goals
There are several technologies or services on the web, like captcha to protect your site againts the spammers. Integrating a solution for entering a security code would harden the spammers their attempts, and your site would be more secure.

3. Affects
3.1 Backward compatibility
The backward compatibility should be affected, but some solutions by 3pd developers are already available.
3.2 3PD extensions
A very good default antispam protection would be used by the 3rd party extensions (comments, guest books, forums etc.) as well what they could integrate instead of developing their own solutions.

[Hackwar]

It would be interesting to introduce more events here, which render possible captcha images and before save, check the content and then throw an error in case of a false input. This would be introduced in the model somewhere... I wouldn't want to implement this as a fixed solution in Joomla, but encourage the community to produce different solutions to this. The community could very nicely produce different methods, like captcha or calculations. Still, nice idea.

[Geoff]

Not sure if this is a reasonable idea but it would be interesting to see some sort of capatcha implemented in the administrator backend login. I know gallery2 has an option for this when users login.

[LocaLizeR]

Telling you the truth, I suggested this feature because the use of the current extensions (e.g. Security Images or Bigo Captcha) is possible by altering the core files. It would be more convenient for the end users to see this as a core feature.

[roundtrip]

In light of the rise in levels of spam and bots in general, it would be great to see a more integrated approach via something like a Captcha option. Having the option for people to hook into this security to harden things further would be an added benefit.

Too many of the 3rd party solutions require hacking about with core files, which for new Joomla users or folks new to PHP is a recipe for disaster.

Please can we have some kind of core level security that can deal with the spammers! ;-)

[trouble]

I'm getting spammed to death right now from a contact form on one of my web sites

It's going to come a bit too late for me, but it's great that this has been accepted!

[roundtrip]

Sorry to hear of your spam problem.

I'm just a little disappointed that it wasn't part of the core from day one of the 1.5 release. Comment spam has been a big issue for years and years now, so it shouldn't be a big surprise that the spammers are banging on our websites!!!

Good that we're going to see something done about it... eventually!

[trouble]

Sorry to hear of your spam problem.

I'm just a little disappointed that it wasn't part of the core from day one of the 1.5 release. Comment spam has been a big issue for years and years now, so it shouldn't be a big surprise that the spammers are banging on our websites!!!

Good that we're going to see something done about it... eventually!

I'm with you all the way on your post!

[bobbravo2]

There are a few J! 1.5 3p extensions avaliable on the directory:
http://extensions.joomla.org/component/ ... Itemid,35/
http://extensions.joomla.org/component/ ... Itemid,35/

These extensions use reCAPTCHA which I highly recommend as it helps to digitize books, and is accessible to users that are visually impaired.

Joomla! needs to have CAPTCHA as a part of the CORE because user interaction is a primary reason that we use Joomla! in the first place, one shouldn't have to add a 3p extension to stop spam - especially since they require modifying the core, which may create security vulnerabilities

[mariusvr]

Our jfusion.org also had around 5-10 bots registering every day. Captcha should really be part of the core. It is really essential to add this feature as soon as possible. All major softwares have this implemented and it would be great if Joomla would too.

There is already a great extention that does this with a core modifications that then allow for a system plugin to control the captcha options. You can select where you want captcha and prevents people from using direct links to bypass the images:

http://code.google.com/p/joomla15captcha/

It works really well on our site.

Cheers, Marius

[razor7]

Hello...i suggest to have a builtin option like allikonweb antispam bot and also the recaptcha option, so users can choose wich one to use.

This idea is accepted...¿any news on how this will be implemented and when?

Thanks a lot!

[Archangel Michael]

My $.02 worth ...

This should be modulized (via plugin or whatever) so that as they (captchas, security features) get "cracked", they can be updated, upgraded or degraded and replaced. I'm not a programmer, just an interested party. Since fighting bots is nothing short of a race, whatever the approach it should be designed in such a way that keeps the race in mind.

[mariusvr]

My $.02 worth ...

This should be modulized (via plugin or whatever) so that as they (captchas, security features) get "cracked", they can be updated, upgraded or degraded and replaced. I'm not a programmer, just an interested party. Since fighting bots is nothing short of a race, whatever the approach it should be designed in such a way that keeps the race in mind.

That is what I like about:
http://code.google.com/p/joomla15captcha/

It is a Joomla plugin that can be configured as to where captcha should be shown and can be published/unpublished. Note that i do not have any involvement in coding this project, just like what they have done.

Thanks, Marius

[alikon]

my 0.2 €
i've developed an open source plugin for an accessible captcha that can use several captcha type:

a) classic image captcha with sound
b) ascii art capctha
c) math captcha



extensions integration is quite simple, two event need to be triggered

the onView for showing the captcha
the tipical place for trigger is component/view/tmpl

Code: Select all

JPluginHelper::importPlugin('alikonweb');
if (JPluginHelper::isEnabled('alikonweb', 'alikonweb.captchabot')) {
	$mainframe->triggerEvent('onView', array ('component'));
}

the onVerify for checking the digited code
the tipical place for trigger this event is the component controller

Code: Select all

 if(JPluginHelper::isEnabled('alikonweb', 'alikonweb.captchabot')){	    			
       $psw3	= JRequest::getVar( 'password3', 	'',			'post' );  
       $psw3	= strtolower($psw3);      
       JPluginHelper::importPlugin( 'alikonweb' );
       $dispatcher	=& JDispatcher::getInstance();    
       $results	= $dispatcher->trigger( 'onVerify', array($psw3));		      
       if (!$results[0] ) {		
	  		$msg	= JText::_('SECURECODE_DO_NOT_MATCH');
			JError::raiseWarning('A1', $msg);
			$return	= JRoute::_( 'index.php?option=com_auser&view=login' );
			$mainframe->redirect( $return );
			return false;
       
	}
 }

here yuo'll find it
http://extensions.joomla.org/extensions ... 91/details