Maintaining and marketing the LevelTen website comes with it's positives and negatives.
Big positive: we get tons of traffic.
Big negative: we get tons of spam.
As a marketer, it's in my best interest to build LevelTen's community as best I can. On the LevelTen domain, this means encouraging and responding to blog comments. But it's difficult to keep this up when 7 out of every 10 comments are spam. With all the signals I have to pay attention to as an Internet marketer, it becomes easy to tune out blog comments if I know 70% are spam.
We've tried systems such as Captcha & Mollom for blocking spam, but each time, spammers seem to find ways around it. While each were great at blocking robot generated spam, we found that actual humans were going through and individually leaving spam comments. These users even went through the trouble of creating user accounts on our website, and then posting lengthy passages from unrelated books, filled with anchor text link spam. What an ordeal for the spammer!
In an effort to prevent spam on your Drupal website, I've identified 10 modules built specifically for spam protection.
Descriptions taken from each module's Project Page
A CAPTCHA is a challenge-response test most often placed within web forms to determine whether the user is human. The purpose of CAPTCHA is to block form submissions by spambots, which are automated scripts that post spam content everywhere they can.
The CAPTCHA module provides this feature to virtually any user facing web form on a Drupal site.
ReCaptcha ties into the ReCaptcha service, which is a slight extension of the basic Captcha module.
The Spam module provides numerous tools to auto-detect and deal with spam content that is posted to your site, without having to rely on third-party services.
The Spam module provides a trainable Bayesian filter, automatic learning of spammer URLs, flagging of content with an excessive number of links, the ability to create custom filters, and more.
Mollom provides a one stop solution for all spam problems and can protect the following Drupal forms. It offers and intelligently combines:
* CAPTCHAs -- both image and audio CAPTCHAs
* text analysis
* user reputations
* block comment form spam
* block contact form spam
* protect the user registration form against fake user accounts
* protect the password request form
* block spam on any node form, such as forum topics, articles, stories, pages, and more
AntiSpam module is the successor of the Akismet module, and it provides spam protection to your drupal site using external antispam service like Akismet.
AntiSpam module is fully compatible with Drupal 6.x (Akismet module for Drupal 6.x release had many compatibility issues and was not usable as it was), and it expanded the support of the external antispam service with TypePad AntiSpam and Defensio service as well as Akismet service. Now you can choose one of the antispam service you wish to use.
BlogSpam provides a central location where comments can be checked for various spam indicators.
The BlogSpam service makes use of a plugin architecture to provide checking. If you are running your own blogspam server then the plugin list may vary. At present the following plugins are available (and running on the public BlogSpam server at blogspam.net).
Is the given IP blacklisted?
Is the given IP whitelisted?
Block a comment if the IP address it has been submitted from has
been locally blacklisted.
The local blacklist is read from /etc/blogspam/badips and each
line is assumed to be a Class C address.
Is this an internal IP? That might be fine for local use,
but in the real world such IPs are not going to be seen and
can be safely marked as spam.
Test whether the IP address submitting the comment is listed
in the DNS RBL
This plugin is a simple test one - if a comment mentions the
IP address it is coming from in the subject along with the key
then we'll always report it as spam.
Perform some simple tests on the submitted email address.
Block if we find more than a given number of links in message.
The default is 10 links, but this may be changed by the caller.
If we've got an email address make sure that the domain :
a. Has an MX record.
Test whether the IP address submitting the comment is listed
in the StopForumSpam.com database.
Is the given post too large, or too small?
Block if we find some particular stop-words in the body of the message.
Lookup each URL in the body of the comment and test against surbl.org
Block posts that are only a few words long.
The purpose of Spamicide is to prevent spam submission to any form on your Drupal web site. Spamicide adds an input field to each form then hides it with css, when spam bots fill in the field the form is discarded. The field, and matching .css file, are named in such a way as to not let on that it is a spam defeating device, and can be set by admins to almost anything they like(machine readable please). If logging is set, the log will show if and when a particular form has been compromised, and the admin can change the form's field name (and corresponding .css file) to something else.
The install routine sets some default forms as a minimum defense, and admins can turn it off for these, but it's not suggested, it's really the reason it was installed.
Comment Lockdown is a drug of last resort in battling comment spam. You should not use this if you haven't tried something less likely to cause side effects like Mollom. You should continue use of Mollom with Comment Lockdown. This module has some very specific rules for comments, and unlike Mollom, is incapable of learning, has no settings, does not care what kind of user you are, and rejects anything written in a language other than English.
These rules aren't arbitrary; they're based on experience with The New York Observer's massive database of spam comments. This module won't help sites that accept comments in languages other than English.
* Link (A) tags cannot account for more than 20% of all characters.
* No more than 20% of all characters can be non-ASCII--this accounts for words like "fiancé" while preventing comments in other languages.
* At least 10% of all words must be in the list of top 100 English words.
These rules are currently not flexible. If interest develops in this module, I might consider allowing admins to tweak thresholds, disable the JS checker and add role-level permissions for it.
Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however.
The problem: Spammers run automated scripts which read everything on your web site, harvest email addresses, and if you have a blog, forum or wiki, will post spam directly to your site. They also put false referrers in your server log trying to get their links posted through
your stats page.
As the operator of a Web site, this can cause you several problems. First, the spammers are wasting your bandwidth, which you may well be paying for. Second, they are posting comments to any form they can find, filling your web site with unwanted (and unpaid!) ads for their products. Last but not least, they harvest any email addresses they can find and sell those to other spammers, who fill your inbox with more unwanted ads.
Bad Behavior intends to target any malicious software directed at a Web site, whether it be a spambot, ill-designed search engine bot, or system crackers. It blocks such access and then logs their attempts.
Having tried Mollom and both Captcha services at one point or another, the two modules that are most interesting, and that represent the best candidates for solving our spam problems are Comment Lockdown and Blog Spam. While other modules are mostly built for blocking robot spam and contact form spam, both of these modules seem focused around blocking comment form spam.
What I like about Blog Spam is its ability to check back with multiple spam filters. I can see this tactic coming in handy as spammers continue trying to find ways around our spam protection.
Comment Lockdown provides a set of strict rules for finding comment spam, which I also like, but could find limiting down the road.
What have you found to be the best Drupal modules for preventing spam?
Related Drupal Articles
- Drupal Modules to Utilize for SEO
- Best Drupal Social Community Modules
- Useful under-the-radar Drupal modules