Fighting spam comments with Drupal
During the past weeks this site has been targeted by some bots which posted spam comments.
As soon as the spam comments appeared I started deleting them using Drupal comments administration however, as a spam comment was received every 2-3 hours, this was not an affordable way to keep my website spam free.
Available antispam modules
I then started looking for some anti spam modules for Drupal in order to use on this website. I found two main candidates: captcha and akismet.
The captcha module adds a field to the comment submission form which ask you to solve a simply math problem in order to accept your comment submission.
Captcha: Preview of the Captcha module
Instead the akismet module works quite differently: by using an online spam detection service is able to remove comments marked as spam.
Considerations
Even if the akismet module seems to be quite more powerful than the captcha module I decided to use the captcha because:
- even if it's possible to write a bot which is able to bypass the captcha math test (simply by solving the math problem), I'm quite sure that available bots are still not able to bypass it
- I'm concerned about false positives which the akismet module could generate. Checking the blocked comments queue is a time consuming task I prefer to skip
- even if the captcha adds some complexity to the comment submission process for the end user, I'm sure that this will not be a problem for the user who really want to post comments: solving the math problem is simple and a common task on different blogs.
- math captcha are much easier and accessible than graphical captchas widely used on different big websites (Yahoo, Hotmail, etc..)
- the captcha approach erase the problem with a lower impact on the server in terms of bandwith and computing power
Conclusions
After some time I can confirm that the captcha module really helped blocking spam comments on this website and I'm really happy with it.
- fabio's blog
- 3534 reads
You can use SPAM module,
You can use SPAM module, it's work fine!
Bye
Captcha Riddler
I suggest that you try my addon module to Captcha that allows you to create your own question/answer for spammers.
Hasn't been cracked yet to my knowledge. And besides, if it's ever cracked. You can just change your question :-)
www.drupal.org/project/riddler
Thanks for the hint!
Thank you Andri for your suggestion, I will surely have a look at it!
textual Captcha is easy
textual Captcha is easy crackable. The only wall against spam is akismet. Few false spam, few false ham.
On my blogs, i had three false positives on 2 thousand of spam messages. It's pretty cool i think :)
Akismet
On my blog i use akismet..IMHO: it's perfect :)
bad news
I'm sorry but the texual captcha module, already has been cracked by some bots.
I'm using it, for a website that probably you know, and I have to say that textual captcha for Drupal just slow down the spam comments :(
I didn't have found a clean solution yet(probably image+audio captcha), so I have to delete 2/3 spam comment a day.
mmm
yes, surely there could be bots able to bypass the default captcha test. However I never had one on this website.
Moreover, as I imagine how those bots works, I think that, doing some little modifications on the captcha module, it is possible to stop the bypassing.
Actually those bots scans web pages looking for comment submissions forms similar to the patterns they are able to bypass. If you modify the way captcha module produce it's form field (by altering the form field label, writing the numbers using javascript or encode numbers or + using html) you are able to break the bots pattern used to solve the math question, making the test not by passable.
Post new comment