Are you looking for a decent solution to keep all those bastard spammers off your site, and restrict them from even registering to your site at all ? How about also stopping them from sending you garbled mumbo jumbo alien messages through your contact page ?

After using Joomla for awhile you may have noticed that the standard Joomla contact and registration forms are open targets for spammers and their spambots. If you don't restrict access to these things on your site you may be in a for a rude shock one day..

Many spammers are using automated bot methods to register on your site and then proceeed to make a huge mess with their unwanted spam messages and junk spam site links. I learned the hard way after finding over 100 pages of spam comments on one of my sites awhile ago that spammers are way out of control.

The very first thing you should do, to try and slow down these jackass spamming criminals is to implement some kind of Captcha security. This can help protect all your websites forms [ login/registration/contact form ], and it is an added restriction which is very effective at stopping the spambots from even getting through the front door of your site.

You can also make good use of a .htaccess file if you are on an Apache server, to block known bad user agents, redirect their hacking attempts and ban IP address of known spammers and their entire IP ranges altogether, but I'll cover all that in a later article.

Some captcha implementations are better than others, unfortunately some can be easily thwarted by even the bots. One very comprehensive free anti-spam solution that I have had success with though, is Security Images Captcha Engine by Walter Cedric. This a totally free Jooomla component, which is relatively easy to install if you follow the instructions closely.

I am always pleased to look through the log file for security images and see all the attempted abuse of the registration, contact and lost password forms by spammers/spambots all blocked. A simple copy and paste of a blocked IP address from the log, straight into google can help verify immediately from other reports that you have successfuly blocked yet another spammer/spambot from menacing your site. The log will also show you who has been successful at getting past the captcha, and you can double check their IP address too.

Another good Joomla component called Juser registration component allows you to add your own fields to your registration form and also has it's own captcha integrated to help protect against automated spamming bots.

With this combination, I have the Juser captcha to protect the extended registration form, while Security Images protects the lost password and contact form. You could also use security images to protect the user login with a captcha image if you wanted to, but thankfully I haven't needed to go that far, just yet.

Another plugin which is much simpler is the secure registration component.

You can even go through your whole site and replace all the default links to point to your new secure forms, but it still leaves the default unprotected forms functional and accessible to anyone who knows what the original urls pointing to those form pages are / were.

Security Images is an extremely effective solution because it modifies core Joomla files and once it's installed and activated, no one can abuse the original forms any longer because they are now protected with a captcha image.

If you are uneasy with the thought of allowing a component to modify your core Joomala files, there is another method I have tested out for solving the problem of people bypassing your captcha forms.

This method invloves using sh404SEF and it's handy URL alias feature. Using the Alias allows you to point all the original default registration and lost password links directly to your protected forms of Juser or whatever other replacement you have installed. If someone tries to access the original links, sh404sef will simply redirect them to the new protected forms.

All you need is the original non SEF index.php? link of your lost password and registration form. Add it to the SEF url alias of your component such as Juser and go test it out.

If anyone needs more information or help implementing any of these techniques or installing the components on your own site, please use the support forum to seek further assistance.