Fighting Spam in a Joomla! Powered Website
SPAM! This is one problem that any webmaster today has to contend with in his daily tasks. If not dealt with on a fundamental level, it can really become a pain in the neck and also end up in consuming time. Not removing Spam comments/registrations/forums posts on websites can really be harmful for its reputation and credibility.
As some of you might know, we had the same problem come home with our own site becoming a target for Spam registrations and forum posts. This triggered us to conduct some thorough research in Spam protection practices.
In the past few months this knowledge has been very useful in helping some new clients in extensive cleaning and prevention for SPAM for their websites that were being targeted by Russian and Chinese spammers. I have been meaning to blog about this for quite some time... and after reading "Your site best practical SPAM protection" blog by Ajmal Afif on All Together as a Whole, it jolted me to getting down to it.
So, let's look at how Spammers can target your site, and a few simple methods on how you can prevent this from happening. We shall take a look at the two most common types of spam your site can get affected by.
This is one of the most common types of Spam that you might see on a typical Joomla site. This can also go largely undetected. I have seen instances of this happening both by automated scripts as well as the manual route.
Comment and Forum Spam
If you have a discussion forum on your site and/or have a comments system to allow users to post comments on articles, you are likely to get this kind of Spam. This typically contains Spammy text and links to undesirable sites.
Now that you know that you can be affected, how do you go about stopping it?
Active Protection by verifying that the person accessing the site is Human
The various methods available for active protection are typically called as Captcha. This is available in various flavors such as ReCaptcha, Plain Image Captcha (Words), Picture identification Captcha, Mathematical captcha, Question Captcha to name a few.
Such methods basically rely on the fact that automated scripts cannot read Captcha and get through the process.These methods can be effectively used for Comment as well as registration Spam.
Where these methods fail is for a new breed of spammers that actually manually add the comments or registrations... Thats where the passive methods kick in.
Passive Protection by using IP Blocks, White-lists and Black-lists and Content Scanners
Typically Spam aims to insert links into your site. Passive protection focuses on using content scanners which validate the content, the source and method of delivery against extensive databases of bad links, emails, content, blacklisted IPs and domains to stop the spammer from getting his content in.
These databases are fed from a huge number of sites and users that subscribe to using the databases, and in turn reporting malicious content in turn.
The important aspect of these databases are that they are updated continuously, and true to the spirit of opensource being contributed to on a everyday basis making them a comprehensive source of information.
This 'Captchaless' Spam protection is seen to be very effective today, and more and more people are flocking towards it... and that's great, because in most of the cases, it helps the system become even more stronger.
I have a Joomla! site. How can I benefit from these solutions ?
The Joomla! development community has made it a breeze to integrate both active and passive spam protection into your websites. I shall review a few extensions that we have tested and found to be very effective.
Captcha and Recaptcha
One of the biggest woes of Joomla! is that it does not include an easy way to introduce Spam protection with Captcha or recaptcha. Even with 1.5 you still have to use registration overrides to get into place. There is no simple install and publish and be done with it.
Security Images from Walter Cedric is handy and can be a comparatively painless install if you can afford to do direct overwrites of your Joomla! files. A lot of other extensions also support this extension, so extending captcha to various site wide forms can be easy, though they might need some development skills in some cases.
*If you are using K2: note that K2 adds a system plugin that rewrites the default Joomla! registration form. This can be a pain if you are not aware of this. Make sure you unpublish or comment out the code from the K2 system plugin. (@Joomlaworks... a param to switch this off in the plugin would really help!)
(@Joomla! adding a Captcha and recaptcha library into the core could really help to bring uniformity site wide.) I think most Captcha and recaptcha extensions are good, but making them work out of the box can be a pain as I said above.
This is the part that really got me excited about when I first stumbled on to it and I found that it was very, very effective. There are quite a few providers who provide extensions to integrate passive prevention into Joomla!.
I have tried these solutions at some point in time, but the cedIT Registration Validator extension really gave us good results in the latest implementation. There is a commercial version that also provides protection from Kunena Spam.
A lot of these extensions can work alongside each other, i.e. you can have more than one working at the same time.
Well, that's it for now... I hope it helps you fight Spam!