Trying to prevent from spam

Home

Documentation

Phoca Guestbook

Phoca Guestbook Component

The word "trying" in the header of this article is very important. In fact you cannot win over spammers, because:

their spam bots are learning newest spam protection methods very quickly
people are used as spam bots, see the following article about human spammers

Warning! (Joomla! 1.5 only):

Security parameters should be set in Parameters of the component (see Parameters button in Control Panel of Phoca Guestbook administration). Extensions can be accessed with different Itemids in frontend of Joomla! site, so allways use Parameters of the component (Global Configuration for the component) to set security settings, not Parameters in menu link to guestbook. If you are using Joom!fish - check parameters of translated menu link to guestbook in Joom!fish.

Which possible protection methods Phoca Guestbook offers:

Specific Itemid - normally, extensions can be accessed with different Itemids in frontend of Joomla! site. If specific Itemid will be set, posts can be stored by only selected menu link(s) (Itemid = Id of menu link). This is very important - it prevents from loading all guestbook items or loading guestbook form without protection methods for spam robots. Spam robots use different Itemids to access Joomla! extensions.
Registered Users Only - probably the best method to prevent from spam, only registered users can leave a message
Review Item - only those posts which were reviewed by administrator, will be displayed for public
Send Email - get email about every new post which will be added to the guestbook
Forbidden Word Filter - set forbidden words which will be not displayed for public
Forbidden Whole Word Filter - set whole forbidden words which will be not displayed for public
Forbidden Word Behaviour - set if post which includes forbidden words will be saved to guestbook (forbidden words will be hidden if saved) or not
IP Ban - you can ban different IPs
Maximum characters - set maximum characters which will be saved to database
Maximum URL - set maximum of URLs which will be displayed in the post, zero (0) means, no url will be displayed in the post
Not Allowed URL Identification Words - set words, which will identify not allowed URLs within the post, example: ://,.htm,.asp,.jsp,.php,www.,.com,.org,.net
Enable Captcha - there are 4 different Captcha methods:
- Standard Captcha
- Math Captcha
- TTF Captcha
- reCAPTCHA Captcha
- The best way is using combination of all 4 captcha methods, everytime other captcha method will be displayed on the site - don't forget, there are human spammers, so captcha itself cannot prevent from spam.

Phoca Guestbook Captcha Methods

Enable Akismet protection - see Akismet website to get more information (PHP 5 is required)
Enable HTML Purifier - HTML Purifier is a standards-compliant HTML filter library which will remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist
Session Suffix - set suffix for session name to be unique for your server
Enable Hidden Field - Some spam bots try to fill all the fields on the site, if they fill this hidden field, which human does not see, the entry will be not added into the guestbook (since Phoca Guestbook 2).

The best method is to allow adding posts only for registered users, if this is not possible, then using combination of all 4 captcha methods. You should check your guestbook regularly - get information by email about every new added post. Enable HTML Purifier and hidden field feature. It is good to not display URLs in the posts.