K2 is probably the most popular Joomla component today. It enables Joomla with two very important features that per our opinion should be incorporated in the core Joomla. Beside the many other features, those two most important features are content tagging and commants of articles. The comment form in your article pages is one of the most often used for spamming. There's no better way for a spammer to get a link from your site than to leave a pointless comment on your article.
Fighting against the spam in the comments is one of the dullest thing that you do while maintaining your website. You must check all the comments daily and separate the valuable ones from the spam. But, what could happen if somebody try to write 250.000 spam comments on your site in one single day which happened to us recently? Your site would probably go down! Your web hosting provider would block your site asking you to inspect and resolve the issue.
After installation of the K2 component, the comments in it will be "unlocked" for the spammers. Everybody could write the comment without registering an account. Also, the comments will be automatically published without reviewing. After installation of the K2 component, go to K2 parameters (click Parameters icon in the top-right corner). Then go to Comments tab, and you'll see what we illustrated in the picture 1. So, your comments are completely open for bombarding of your site with the unwanted content.
Therefore, the first thing that you should change in parameters immediatelly after setup of K2 component, is the way how it handles new comments and who is allowed to comment. I suggest allowing comments for the registered users only. Also, you should set in your global Joomla configuration that verification of email for new accounts is mandatory. This will require more work from the potential spammers in order to write comments on your site. Also, you should disable the comments auto-publishing. This means that every comment must be manually confirmed before it's published. When spammer or spam bots see their comments are not published, they will probably leave your site alone. In addition, you should consider enabling reCaptcha, but in this case you must register on reCaptcha's site and enter your account details in the Advanced tab of the K2 parameters. Please take a look at the image 2.
Let's conclude. If spammers and spam bots found your site is open and doesn't have any protection for writing comments, they will flood your site with unwanted content. This amount of this content can be so large that it could violate your server's stability and in most cases it will lead to the stopping of MySQL service. After this, your website will be unavailable.
So, if you are using K2 take these advises seriously and protect your site. We will take this opportunity to remind you that we designed several Joomla templates that have full support for K2. These are Hot Cinema, Hot Wedding, Hot Responsive and Hot Model Agency. More are coming soon!