Community Spam Fighting

Posted on by

Comment Spam -  If you run a forum or a blog you know what a scourge it can be.  I’ve made posts in the past about how we keep GrownUpGeek.com 99% spammer-free, but since our upgrade to Drupal 5.1, we’ve changed a few things making us now virtually 100% comment-spammer free.

We’re still using the Bad Behavior module to help prevent not only spammers, but also scrapers and (many) automated hack-attempts.  We even use Bad Behavior here in the blog – as a matter of fact, the Bad Behavior WordPress plugin combined with the Akismet plugin work so well together to prevent comment-spam that I now allow comments to be posted immediately without being reviewed or moderated – and so far not a single spam-comment has made it past this combination.

The second weapon in our arsenal to fend-off comment spammers at GrownUpGeek.com is requiring email validation for all new accounts.  This is an option in the Drupal core that allows you to give additional permissions to members only after their account has been validated by clicking a validation link that gets sent via email.   If you have email-bounce notifications activated so you know each time an invalid email is sent, you can use those bounced emails with our next weapon:

The Troll module:  This is like the swiss-army-knife of modules, and we use it many different ways.  But for fighting spammers we take those email bounces that come from failed account activations, use the Troll Module to look up that member’s IP, then use the Troll module again to block that IP and the fake account.

A new tool we’ve recently started to use is enabling posting-quotas with the Quota by Role module.  By inflicting a quota of only a few posts per hour for new or untrusted accounts, if a spammer does slip through the cracks, they can only make a few posts.  Using this module forces you to create quotas for all roles, but by setting it to 999 posts per hour for trusted members, you virtually eliminate any real posting limit..

Community Spam Fighting: Now for the best part.  If you saw my Tweet from earlier this morning you know that even with all these tools in place, a non-automated (human) spammer made it past our defenses and spammed the site.. But, thanks to our newest tool, “Community Spam Fighting”, the dirty-bird* spammer wasn’t really very effective.

How we make community comment-spam fighting work:  Since the upgrade to Drupal 5 we’ve begun to use the Abuse module.   The Drupal Abuse module allows members with the right permissions to report a post for review, but it also allows you to make that post be automatically un-published if a pre-determined number of reports is exceeded.  So for example, if three members report a post, that post is automatically un-published and placed into the moderator’s queue to be reviewed.  This effectively allows you to deputize entire groups of regular members and make them Jr. Moderators.  But what’s even better about the Abuse module is that you can also allow an additional group of members to unpublish a post simply by reporting it once.   So at GrownUpGeek.com we have a group of very trusted, longtime members that have this permission, effectively making them special Jr. Moderators.   By combining these two groups of members with these “Jr. Moderator” permissions (approximately 4,000 members) we can ensure that “the community” is watching the site 24 hours a day, 7-days a week.

So even though that dirty-bird* spammer made it thru all of our primary defenses this morning, thanks to our community spam-fighting, the spam-posts were un-published within minutes, leaving Grownupgeek.com 100% comment-spam free..

*Dirty-bird spammer is a nice way of saying “lousy, worthless, piece of shit, douchebag, spamming-whore”

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>