Spam prevention on Joomla websites

This is a part of our series of articles on spam-prevention and this time we focus on how to stop spam on Joomla based sites. For those of you that manage WordPress or Drupal websites, please check the corresponding articles on the same topic.

Becoming a spam target can be a serious issue for every administrator. Luckily we have some practical weapons on our disposal to fight this dreaded nuisance.

First of all, let’s identify the two types of spam your Joomla website could be receiving.



  • Comment spam

If you have some sort of a comment system incorporated in your website, you are likely to get some comment spam, usually in the form of unwanted links ad messages or other irrelevant information under your articles.


  • Registration spam

Common for the Joomla websites, the registration spam often remains unnoticed until a moment when it can trigger a flood of comment spam to your website.

Now on to the solutions part:



recaptcha-drupal-moduleThis is the most common way of protecting your website from spam is inserting a CAPTCHA. Whether for posting a comment or registering the captcha presents an image that is (supposedly) unrecognizable by bots and thus lets only actual humans pass. Whether it is an image with characters, a mathematical question, picture identification or other the essence of captcha rely on the assumption that the automated scripts (bots) will not be able the read it. The most common form of captcha is the ReCaptcha [LINK HERE] available to download as an extension and easy to install.

It is important to mention that in some of the cases, the bots will be smart enough to read it and still post spam on your website. With this in mind, the captcha only reduces the spam, but in many cases will not eliminate it completely. If the problem persist, you need stronger firepower.


Use Blacklists

There are a number of non-profit organizations that monitor spam activity and will blacklist an IP address upon identifying it as spammy. Extensions that use the data of such organizations are HTTPBL and EasySpamKiller [LINKS HERE]. They will monitor all spam-solutionsubmissions on your website, including email addresses, usernames, common spam words and the IP addresses and will check for any matches with the blacklists of Project Honeypot[LINK HERE] – a web network that collects such information. All this is done stealthily without the visitors even knowing it. No captcha, no hassle.

In general, the blacklists tend to work better than the captchas. Truth is, some people are actually getting paid, to log in message boards and submit ad comments.


If you are still having issues with spam consider the following:

–         Use email validation to prevent unwanted registrations

–         Implement manual comments approval and approve them on a daily basis.

–         Minimize open forms without any protection


If you take into consideration the above-mentioned methods, chances are you won’t have to bother with pesky spam comments ever again.

Do you know an alternative method that is not mentioned above? Feel free to leave your non-spam comment in the section below.


Alek Chase


Leave a Reply

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.