Protecting your Joomla Website from Spammers

No Spam

CAPTCHA is No Longer Sufficient

Forums, registration forms and other forms can usually be protected from spammers using CAPTCHA codes or other security extensions such as the excellent EasyCalcCheck PLUS.

Sophisticated spammers are now circumventing CAPTCHA codes on websites using techniques such as:

  • low paid human workers manually entering the codes
  • clever spam bots that use OCR to decipher the codes
  • high traffic websites owned by the spammers that redisplay the a target website CAPTCHA code on their own website, have it solved by a visitor and then use the solution on the website they wish to spam

At least one of my clients is affected and a better solution is required.

Keeping One Step Ahead of the Spammers

There are several services on the web such as projecthoneypot.org and stopforumspam.com that maintain lists of the IP addresses of known spammers and hackers. We can team these services up with a suitable Joomla extension to stop the spammers from accessing the website at all.

I have chosen Akeeba Admin Tools Professional as my preferred solution. An Admin Tools Professional subscription at €20 is excellent value for money and has many other useful features apart from the IP Address blocking.

Enable protection in Akeeba Admin Tools as follows:

  • Register an account and apply for a key at http://www.projecthoneypot.org/httpbl_configure.php (it's free)
  • At Components -> Admin Tools -> Web Application Firewall -> Configure WAF -> Project Honeypot integration, set:
    • Enable HTTP:BL filtering: Yes
    • Project Honeypot HTTP:BL Key: [enter your own key here]

Known hackers and spammers will now be blocked from accessing your Joomla website.

Free Spam Protection

You can find more free and commercial IP address blocking extensions in the Site Protection and Spam Protection categories in the Joomla Extensions Directory.

Some promising free extensions (so far untested by me) are:

What are you using to foil spammers?