Spam Prevention For Drupal
If your website gets traffic then it probably also gets spam – and since we get a lot of traffic we have had to deal with a lot of spam. Over the years we have tried virtually every spam solution available for Drupal with the exception of pure-captcha spam solutions because they are so damned annoying to visitors. Now that we have finally upgraded from Drupal 5 to Drupal 6 a whole new world of additional anti-spam modules is now available for us to use and I think we’ve finally found the perfect anti-spam solution for Drupal.
Here is a quick roundup of the spam solutions currently available for Drupal – if you want to just see what the best anti-spam for Drupal is, scroll to the bottom:
- Akismet – The Akismet module for Drupal lets you use the (very effective) Akismet service on your Drupal site. Akismet is works great at blocking spam and is very popular with WordPress users. Unfortunately the Drupal Akismet module has been abandoned and is no longer supported, and doesn’t really work.
- AnitiSpam – The AntiSpam module is the successor to the now-dead Akismet module for Drupal. However with AntiSpam you can choose between using the Akismet service, TypePad’s AntiSpam service and the Defensio anti-spam service.
- Badbehavior – The BadBehavior module allows you to use the BadBehavior script available from ioError.us on your Drupal site. It works by stopping spambots from accessing your site before they get a chance to post any spam. They can’t spam what they can’t see. (there is also a Wordpress plugin for Badbehavior)
- Captcha – The Drupal Captcha module is a standard challenge-response that presents a “captcha” image for the visitor to figure out and answer. The idea is that spam bots are not smart enough to “see” what the captcha image is.
- Captcha Riddler – Presents a captcha in the form of a riddle that must be answered before the post is published.
- Egglue Captcha – Another riddle-type captcha that requires human intelligence to make make a post.
- Mollom – Uses a combination of CAPTCHA’s, user/IP reputation as reported back by other Mollom users, and text analysis. Posts are first checked against IP’s reported as spammers and then the text is analyzed. If Mollom decides the post is spam, it is blocked. If Mollom is not sure about the validity of a post it presents the user with a CAPTCHA to figure out. If the user submits the CAPTCHA correctly the post is published, if not, the post is blocked. Mollom was created and is maintained by the guy that developed Drupal so you might think it is the best choice to use on your Drupal website – but my experience and a quick look at the Mollom support queue says otherwise. Mollom is often ‘hit ‘n miss’ on stopping spam, suffers from system slowness or downtime, and does not have the best track record for support.
- RECaptcha – More annoying captcha’s for your visitors to figure out.
- Spam – Uses filtering and “learning” to block spam.
- Spambot - Checks member details against the Stop Forum Spam system. Probably not very effective for anonymous posts.
- Spamcide – Adds a hidden field to forms that only spam-bots will see and fill in. Not effective for human spammers.
So what is the best anti-spam module for Drupal? In my opinion there is no ONE best spam system – however the combination of these two antispam modules seems to work perfectly:
BadBehavior – If you read my blog regularly you know that i love this module. BadBehavior works a bit like the Mod_Security Apache application firewall by blocking visitors (spammers, bots & bad guys) based on pre-defined rules which analyze the URL requested, browser agent ID, and IP checks against http:BL. Not only is BadBehavior very effective at blocking spambots, it also does a decent job at blocking certain types of hacking such as SQL injections and it also blocks many proxies which spammers (and gutless assholes) love to hide behind. Bad behavior works on Drupal with the BadBehavior module and on Wordpress blogs with the BadBehavior Wordpress Plugin.
Akismet – As I posted in my list above, the Akismet module for Drupal has been abandoned, however, you can make use of the Akismet system on your Drupal site with the AntiSpam Module for Drupal. Just install AntiSpam like any other Drupal module, jump over to Akismet.com to get your free API key and you are set. Once you setup Akismet in the AntiSpam module you can virtually forget about it. Akismet will unpublish the spam that it detects and will automatically delete it after a preset amount of time that you choose. You may want to review all the spam it blocks until you trust it, but in my experience Akismet has been right virtually 100% of the time.
Badbehavior + Akismet = NO MORE SPAM ! On Drupal or Wordpress.
