spam

Some days ago I updated the mollom Drupal module version 1.10 installed on this site with the new version 1.11.

For those unfamiliar with Drupal, Mollom is a service which analize comments, posts, etc to check for spam and blocks suspicious content. Mollom has been founded by Dries Buytaert and Benjamin Schrauwen. Dries is the project lead of Drupal and CTO at Acquia. So, yes: Mollom is high quality stuff created and maintained by top people on the Drupal ecosystem.

Unfortunately, as soon as I updated the mollom module I noticed that something was wrong: the configurations of the protected forms where missing after the update. All my forms where unprotected.

As soon as I noticed this I opened a bug report, but today I had the time to have a deep look on this and I found that it's due to a bad bug in the update path from 1.10 to 1.11. I reported it to Dries and Dave and they agreed on the gravity of this bug.

This is pretty bad as it looses the protected forms configuration of 1.10: this results in leaving all the forms unprotected against spam. As Mollom is installed in high profile Drupal websites (Sony, Adobe, LinuxJournal, Warner Bros Records, Netlog, NBC, etc) the consequences of this bug can be pretty bad.

So, if you are a Drupal and Mollom user stay away from 1.11 and wait till 1.12 which will fix this issue. Patches are already available and a new release should came soon.

UPDATE August 2009: this article is pretty old now. During the past years there have been new stuff coming out, most notably Mollom. I'm currently using it as a spam filtering tool and it's working great. Please take the following consideration as pretty outdated.

During the past weeks this site has been targeted by some bots which posted spam comments.

As soon as the spam comments appeared I started deleting them using Drupal comments administration however, as a spam comment was received every 2-3 hours, this was not an affordable way to keep my website spam free.