Fighting spam comments with Drupal

Last updated on Sun, 2009-08-09 04:11. Originally submitted by fabio on 2007-04-21 10:05.

UPDATE August 2009: this article is pretty old now. During the past years there have been new stuff coming out, most notably Mollom. I'm currently using it as a spam filtering tool and it's working great. Please take the following consideration as pretty outdated.

During the past weeks this site has been targeted by some bots which posted spam comments.

As soon as the spam comments appeared I started deleting them using Drupal comments administration however, as a spam comment was received every 2-3 hours, this was not an affordable way to keep my website spam free.

Available antispam modules

I then started looking for some anti spam modules for Drupal in order to use on this website. I found two main candidates: captcha and akismet.

The captcha module adds a field to the comment submission form which ask you to solve a simply math problem in order to accept your comment submission.

Captcha: Preview of the Captcha moduleCaptcha: Preview of the Captcha module

Instead the akismet module works quite differently: by using an online spam detection service is able to remove comments marked as spam.

Considerations

Even if the akismet module seems to be quite more powerful than the captcha module I decided to use the captcha because:

  • even if it's possible to write a bot which is able to bypass the captcha math test (simply by solving the math problem), I'm quite sure that available bots are still not able to bypass it
  • I'm concerned about false positives which the akismet module could generate. Checking the blocked comments queue is a time consuming task I prefer to skip
  • even if the captcha adds some complexity to the comment submission process for the end user, I'm sure that this will not be a problem for the user who really want to post comments: solving the math problem is simple and a common task on different blogs.
  • math captcha are much easier and accessible than graphical captchas widely used on different big websites (Yahoo, Hotmail, etc..)
  • the captcha approach erase the problem with a lower impact on the server in terms of bandwith and computing power

Conclusions

After some time I can confirm that the captcha module really helped blocking spam comments on this website and I'm really happy with it.

Posted in:

yes, surely there could be

Submitted by Anonymous (not verified) on Sat, 2010-01-16 04:09.

yes, surely there could be bots able to bypass the default captcha test. However I never had one on this website.

Captcha is better

Submitted by Bill (not verified) on Tue, 2009-12-01 15:07.

I prefer the captcha as well. Akismet discourages active discussion in blogs. It is very disheartening to see the Spam message even though you have taken the time to contribute to the blog.

Image Capcha works fine for small sites

Submitted by Budokan Judo Club (not verified) on Thu, 2009-07-02 09:09.

I use the CAPCHA module which has considerably cut down the spam. When I say "considerably" I installed it immediately when I noticed some bot spam and it's not a high-traffic site.

Now the only spam I get I suspect are with people with not a lot of time on their hands. Very often SEO people who think that a rel=nofollow link in a comment is still worth their effort. Hey guys, maybe if you spent more time writing worthwhile comment you'd get decent traffic?

I notice even this page is not immune to SEO spam either?... LMAO!

ham or spamThe URL of your homepage is not valid. Remember that

Submitted by Anonymous (not verified) on Sat, 2009-05-23 14:43.

I'm just wondering: When will they employ people solving captchas all day... Imagine a few million chinese people solving captchas and riddles the whole day :-)

How about mollom module?

Submitted by just another webmaster (not verified) on Mon, 2009-04-13 13:44.

Did you try mollom module? It seems promising, I'm going to try it now at my blog.

Well.. surely it looks

Submitted by fabio on Mon, 2009-04-13 16:09.

Well.. surely it looks promising! And I'm sure it is!

This article has been written 2 years ago and Mollom still wasn't available!

Hello On my blog i use

Submitted by Johnny The lawyer (not verified) on Wed, 2009-02-18 10:51.

Hello
On my blog i use akismet. perfect. no more no less

You can use SPAM module,

Submitted by Mavimo (not verified) on Sun, 2007-05-20 15:51.

You can use SPAM module, it's work fine!

Bye

Captcha Riddler

Submitted by Andri (not verified) on Thu, 2007-05-17 20:25.

I suggest that you try my addon module to Captcha that allows you to create your own question/answer for spammers.

Hasn't been cracked yet to my knowledge. And besides, if it's ever cracked. You can just change your question :-)

www.drupal.org/project/riddler

Thanks for the hint!

Submitted by fabio on Thu, 2007-05-17 20:43.

Thank you Andri for your suggestion, I will surely have a look at it!

textual Captcha is easy

Submitted by Psicomante (not verified) on Fri, 2007-04-27 11:10.

textual Captcha is easy crackable. The only wall against spam is akismet. Few false spam, few false ham.

On my blogs, i had three false positives on 2 thousand of spam messages. It's pretty cool i think :)

Akismet

Submitted by seo (not verified) on Wed, 2007-04-25 18:07.

On my blog i use akismet..IMHO: it's perfect :)

bad news

Submitted by Luigi (not verified) on Sat, 2007-04-21 13:25.

I'm sorry but the texual captcha module, already has been cracked by some bots.
I'm using it, for a website that probably you know, and I have to say that textual captcha for Drupal just slow down the spam comments :(
I didn't have found a clean solution yet(probably image+audio captcha), so I have to delete 2/3 spam comment a day.

mmm

Submitted by fabio on Sat, 2007-04-21 14:15.

yes, surely there could be bots able to bypass the default captcha test. However I never had one on this website.

Moreover, as I imagine how those bots works, I think that, doing some little modifications on the captcha module, it is possible to stop the bypassing.

Actually those bots scans web pages looking for comment submissions forms similar to the patterns they are able to bypass. If you modify the way captcha module produce it's form field (by altering the form field label, writing the numbers using javascript or encode numbers or + using html) you are able to break the bots pattern used to solve the math question, making the test not by passable.

Post new comment

The content of this field is kept private and will not be shown publicly.
If you have a personal or company website insert its address in the form http://www.example.com/ .
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <pre> <del> <img> <h2> <h3> <h4> <b> <video>
  • Lines and paragraphs break automatically.
  • Images can be added to this post.
  • You may use [inline:xx] tags to display uploaded files or images inline.
  • You may insert videos with [video:URL]

More information about formatting options