Phoca Forum

I have a couple websites with Phoca Guestbook and my client's are extremely unhappy with it due to all the spam. It seems to be more trouble than it's worth. I've set all the security features and yet it still happens. I have put a note on the top of the page that "all comments are reviewed before publishing" yet they still do it. Why? What is the purpose for putting names of products on guestbooks? I don't see how that would help them other than to frustrate administrators who have to manually block their IP addresses each time.

Also, how do spammers find our websites? Can they somehow search for the guestbooks? Human spammers must have the most boring job in the world.

A couple suggestions towards making Phoca Guestbook more secure against spammers:
* make it easier to block IP addresses - beside each item, have a "block IP" button
* capatcha sound only - they would have to be able to hear the word, plus know english to spell it
* deny or allow posts from certain countries only - namely the country the website does business in - most spammers seem to be from other countries

Hi, there is a problem with some implementations:

- countries block - the problem is, fake IP can be done by allowed countries
- captcha - the problem by captcha is, most of people are not able to read it but human spammers do not have any problems as they have experiences with it.

Anyway still working on security features, but it is very complicated:
https://www.phoca.cz/documents/3-phoca-g ... -from-spam

Jan

I'm having the same problem and it's a huge problem at the moment. Minimum 5 messages a day on a guestbook on each website isn't manageble.

It can't be human spammers because review for publishing is on and still there are posts. That rules out everything and makes it obvious that inserts are done directly to the database tables. Can we say the Guestbook component is hacked?

I hope this gets a high priority because the Phoca Guestbook is not usable for me this way. And I think that counts for many others.

I always wonder if the "review before publish" feature ever worked for anybody? Personally, it never worked, all the posts get published (wether they are spam or not). So don't feel too sure, that these are hacked, maybe they are human spamers after all.

I do have a solution for this problem, you can find it if you search the forum for the phrase akismet. But if you wait a couple of days, hopefully Jan will include it in the official release. I am already working on it. (Assuming you are using Phoca Guestbook with joomla 1.5, and not 1.6 or 1.7) I reduced the spam from about 5 to 10 messages a day to about 1 every four weeks.

I'm using Joomla 1.7

The review for publishing feature works like a charm over here.

I'll do a search for akimet but I get the intention its only for 1.5 but I'll take a look. Thanks.

Yeah like I said, the akismet solution is currently only implemented for joomla 1.5
The akismet solution could also be applied to PGB 2.0, but since the codebase is different, one would first need to implement this. Since I have no running Joomla 1.6+, it is highly unlikely that I will do that anytime soon.
But anybody with a little php knowledge could easily do it!

Hi, yes, first we will do the support for 1.5 - then the 1.7 version will be followed.

Thank you, Jan

And now the answer on the initial question?

The purpose question? I have absolutely no idea why they do it... Posting links seems to do something for them, maybe they try to manipulate google + co? Really no idea...
How they find guestbooks? Propably through google Maybe they have spiders of their own, looking for typical guestbook html code... Should not be too hard to identify a guestbook/comment in a website...

And captcha sound only is a no go... human spammers have no trouble with it, but people that have no sound available on their computer have a real problem....

can be programed another filter -such as bad word filter, but when you try to input word from this filter, system not save your post and say you that you input inapropriate word...?
I think this will help more effectivelly, because none of my host will input words such as vi agra, c i alis...