Protecting Your Drupal Site

Submitted by learnbythedrop on Tue, 04/22/2008 - 12:51
Printer-friendly versionPDF version

 

Anyone building a Drupal site that allows any kind of user submitted content should think about how to protect the site from spam. The three most popular areas for spammers to enter your site are the registration form, comments and your site-wide contact form. And while those points of entry may be the most popular it is important to consider that any form where non-registered users can submit content is vulnerable.

There are a few different methods that you can employ to protect your Drupal site from unwanted spam content. These methods include requiring registration, use of CAPTCHAs and third-party spam prevention services. I explain these options in a bit more detail in my Beginner's Guide To Drupal but in this drop I wanted to highlight the new option provided by Mollom.

Mollom is a third-party service that connects to your Drupal site via the Mollom module. The service offers you the ability to protect all key points of entry for content on your site including registration, comments and the contact form. What makes Mollom unique is the fact that it makes selective use of a CAPTCHA, only presenting one if the server believes that the submission might be spam. Mollom also provides daily stats (pictured above) on how many spam submissions were blocked and how many ham (aka good) submissions were accepted.

This differs from other services because things like CAPTCHAs tend to be displayed for all users. Other third-party services tend to relegate possible spam to the moderation queue. Mollom attempts to eliminate the moderation queue while only presenting the CAPTCHA some of the time.

Mollom has the potential to be of great benefit to Drupal site admins because their approach is one that is designed to minimize the amount of time spent managing harmful content on your site. I'm using Mollom on two Drupal sites, including this one. The service has given me the confidence to allow un-moderated comments that do not require registration.

One more reason to have confidence on the Mollom-Drupal combination is that Mollom is a project lead by Drupal founder Dries Buytaert along with Benjamin Schrauwen. Let's face it. If anyone knows about the dynamics of content on a Drupal site Dries does.

Bookmark and Share Bookmark or Share Post

Comments

Anonymous's picture
Submitted by Al (not verified) on Tue, 06/10/2008 - 05:43.

Captchas are good for cutting

Captchas are good for cutting off automated spam. As far as manual entries are concerned (like this one) you would want to moderate them either by yourself or with the help of the user (burry).
Frankly, based on the features of Mollom mentioned above I do not think it is valuable (probably there are some more features exist?)

learnbythedrop's picture
Submitted by learnbythedrop on Tue, 06/10/2008 - 09:05.

Mollom Works Well So Far

"Captchas are good for cutting off automated spam." Agreed. That's why Mollom selectively presents captchas.

"...you would want to moderate them either by yourself or with the help of the user..." The problem with manual moderation is that it takes extra time. If someone leaves a legit comment I want it to be displayed immediately. This is good for users and it helps me save time so I can tend to other issues, like creating good content.

I've got Mollom running on a couple of Drupal sites and so far it has worked very well. Thankfully there are many other protection options including manual moderation, Akismet and Bad Behavior. So each site admin is free to make their own choices.

It's also important to reiterate that Mollom is about more that just comment moderation. Mollom protects "all key points of entry for content on your site including registration, comments and the contact form."

Anonymous's picture
Submitted by Anonymous (not verified) on Sat, 10/11/2008 - 06:14.

Is it possible to get Captcha

Is it possible to get Captcha shown every time before user submit the comment?

learnbythedrop's picture
Submitted by learnbythedrop on Sat, 10/11/2008 - 15:08.

Try Captcha Module

The whole point of Mollom is that it only presents a CAPTCHA when it thinks the message is spam. This approach is geared towards creating a more convenient user experience since legitimate users tend to be annoyed by CAPTCHAs. If you must present a CAPTCHA every time then the CAPTCHA module (http://drupal.org/project/captcha) is probably a better fit for you.

Anonymous's picture
Submitted by Tally (not verified) on Thu, 10/29/2009 - 17:16.

What happened to Mollom?

What happened to Mollom on your site? CAPTCHA is always on and there is comment moderation. It looks like you are not using the default configuration of Mollom or you are using something else instead.

Did Mollom not work for you? How about an update regarding your decision on Mollom.

PS: I cannot stand CAPTCHA - I really have trouble discriminating the letters

learnbythedrop's picture
Submitted by learnbythedrop on Sat, 10/31/2009 - 15:33.

Mollom

I'm still using Mollom but I'm using it differently. On a couple of occasions spammers got through. I think that some time after Mollom acknowledged the issues and pushed out an update. I haven't had any problems of that scale since, but some spam does get through. I went to moderation because I also give people the option to subscribe to comments via email. So if a spam comment gets through, a large number of people could be exposed to that spam. So to protect them from that inconvenience I moderate. I actually forgot that I set the captcha on by default. I meant to switch it off and will do that today. So now I use Mollom to cut down on the amount of spam as much as possible so I spend less time dealing with moderation. Unfortunately Mollom is not a 100% solution for my site at this time.

Anonymous's picture
Submitted by Tally (not verified) on Sat, 10/31/2009 - 18:50.

Thanks

Thanks for the answer. I recently installed Mollom and appreciate sites like yours to get information and learn different perspectives.

mahmoud's picture
Submitted by mahmoud on Mon, 12/28/2009 - 15:14.

hi

I am new to drupal and i was thinking to solve the spam issue by putting captcha and FLAG module to report abuse contents, but after reading your post i began to think of mollom, i want to know if there is such feature in mollom, i mean can authenticated user report offensive contents? or is there any other mean that mollom achieve the same result.
I have forums in my site, if some authenticated user posted something that is not related to the forum topic then other authenticated users should report this as ABUSE.
so can you tell me how to achieve that?

regards

learnbythedrop's picture
Submitted by learnbythedrop on Mon, 12/28/2009 - 21:38.

Flagging Comments

Mollom doesn't have the flag option. The best way to approach it would be to go with a combination of Mollom and the Flag module because Mollom doesn't catch everything.

Post new comment

Important
All comments on this site are moderated to prevent spam. Although we also use the Mollom module we have found that some gets through and that also affects people who have subscribed to email notifications. If you would like your comment to appear immediately please login with Google Friend Connect which supports your Google, Twitter or Yahoo account.
Google Friend Connect (leave a quick comment)
Loading
The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
Mollom CAPTCHA (play audio CAPTCHA)
Type the characters you see in the picture above; if you can't read them, submit the form and a new image will be generated. Not case sensitive.