Maintaining and marketing the LevelTen website comes with it's positives and negatives. Big positive: we get tons of traffic. Big negative: we get tons of spam. As a marketer, it's in my best interest to build LevelTen's community as best I can. On the LevelTen domain, this means encouraging and responding to blog comments. But it's difficult to keep this up when 7 out of every 10 comments are spam. With all the signals I have to pay attention to as an Internet marketer, it becomes easy to tune out blog comments if I know 70% are spam. We've tried systems such as Captcha & Mollom for blocking spam, but each time, spammers seem to find ways around it. While each were great at blocking robot generated spam, we found that actual humans were going through and individually leaving spam comments. These users even went through the trouble of creating user accounts on our website, and then posting lengthy passages from unrelated books, filled with anchor text link spam. What an ordeal for the spammer! In an effort to prevent spam on your Drupal website, I've identified 10 modules built specifically for spam protection. Descriptions taken from each module's Project Page
A CAPTCHA is a challenge-response test most often placed within web forms to determine whether the user is human. The purpose of CAPTCHA is to block form submissions by spambots, which are automated scripts that post spam content everywhere they can. The CAPTCHA module provides this feature to virtually any user facing web form on a Drupal site.
The Spam module provides numerous tools to auto-detect and deal with spam content that is posted to your site, without having to rely on third-party services. The Spam module provides a trainable Bayesian filter, automatic learning of spammer URLs, flagging of content with an excessive number of links, the ability to create custom filters, and more.
Mollom provides a one stop solution for all spam problems and can protect the following Drupal forms. It offers and intelligently combines: * CAPTCHAs -- both image and audio CAPTCHAs * text analysis * user reputations and can: * block comment form spam * block contact form spam * protect the user registration form against fake user accounts * protect the password request form * block spam on any node form, such as forum topics, articles, stories, pages, and more
AntiSpam module is the successor of the Akismet module, and it provides spam protection to your drupal site using external antispam service like Akismet. AntiSpam module is fully compatible with Drupal 6.x (Akismet module for Drupal 6.x release had many compatibility issues and was not usable as it was), and it expanded the support of the external antispam service with TypePad AntiSpam and Defensio service as well as Akismet service. Now you can choose one of the antispam service you wish to use.
BlogSpam provides a central location where comments can be checked for various spam indicators. Checks available: The BlogSpam service makes use of a plugin architecture to provide checking. If you are running your own blogspam server then the plugin list may vary. At present the following plugins are available (and running on the public BlogSpam server at blogspam.net).
- 00blacklist Is the given IP blacklisted?
- 00whitelist Is the given IP whitelisted?
- badip Block a comment if the IP address it has been submitted from has been locally blacklisted. The local blacklist is read from /etc/blogspam/badips and each line is assumed to be a Class C address.
- bogusip Is this an internal IP? That might be fine for local use, but in the real world such IPs are not going to be seen and can be safely marked as spam.
- dnsrbl Test whether the IP address submitting the comment is listed in the DNS RBL
- dropme This plugin is a simple test one - if a comment mentions the IP address it is coming from in the subject along with the key then we'll always report it as spam.
- emailtests Perform some simple tests on the submitted email address.
- lotsaurls Block if we find more than a given number of links in message. The default is 10 links, but this may be changed by the caller.
- requiremx If we've got an email address make sure that the domain : a. Has an MX record.
- sfs Test whether the IP address submitting the comment is listed in the StopForumSpam.com database.
- size Is the given post too large, or too small?
- stopwords Block if we find some particular stop-words in the body of the message.
- surbl Lookup each URL in the body of the comment and test against surbl.org
- wordcount Block posts that are only a few words long.
The purpose of Spamicide is to prevent spam submission to any form on your Drupal web site. Spamicide adds an input field to each form then hides it with css, when spam bots fill in the field the form is discarded. The field, and matching .css file, are named in such a way as to not let on that it is a spam defeating device, and can be set by admins to almost anything they like(machine readable please). If logging is set, the log will show if and when a particular form has been compromised, and the admin can change the form's field name (and corresponding .css file) to something else. The install routine sets some default forms as a minimum defense, and admins can turn it off for these, but it's not suggested, it's really the reason it was installed.
Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however. The problem: Spammers run automated scripts which read everything on your web site, harvest email addresses, and if you have a blog, forum or wiki, will post spam directly to your site. They also put false referrers in your server log trying to get their links posted through your stats page. As the operator of a Web site, this can cause you several problems. First, the spammers are wasting your bandwidth, which you may well be paying for. Second, they are posting comments to any form they can find, filling your web site with unwanted (and unpaid!) ads for their products. Last but not least, they harvest any email addresses they can find and sell those to other spammers, who fill your inbox with more unwanted ads. Bad Behavior intends to target any malicious software directed at a Web site, whether it be a spambot, ill-designed search engine bot, or system crackers. It blocks such access and then logs their attempts.Having tried Mollom and both Captcha services at one point or another, the two modules that are most interesting, and that represent the best candidates for solving our spam problems are Comment Lockdown and Blog Spam. While other modules are mostly built for blocking robot spam and contact form spam, both of these modules seem focused around blocking comment form spam. What I like about Blog Spam is its ability to check back with multiple spam filters. I can see this tactic coming in handy as spammers continue trying to find ways around our spam protection. Comment Lockdown provides a set of strict rules for finding comment spam, which I also like, but could find limiting down the road. What have you found to be the best Drupal modules for preventing spam?
Related Drupal Articles
- Drupal Modules to Utilize for SEO
- Best Drupal Social Community Modules
- Useful under-the-radar Drupal modules