Home

Phillip Smith

phillipadsmith / Phillip Smith

Phillip is the "Simplifier of Technology" at Community Bandwidth, a Canadian consulting practice that works with non-profits and social-mission organizations to explore the thoughtful use of technology toward creating a more just and sustainable society. You're currently reading entries from Phillip's blog on non-profit technology, social innovation, and independent media.

Fighting comment spam with Drupal

Submitted by phillipadsmith on November 21, 2006 - 10:32pm.
| |

Recently, I asked a colleague why I couldn’t comment on their fancy, new, corporate blog and this was their response:

Yeah, it’s pretty unfortunate at the moment, I’ve had to turn off commenting for unregistered users on the site, because we were getting spammed so heavily and even though I had the Spam filter on at full strength many were still getting through. I’d like to find a better solution, though, because right now you have to create an account to be able to post comments (which nobody will do, I’m sure). If you have any wisdom or suggestions from your Drupal experience on how to deal with such massive spamming issues, I’d love to glean some knowledge

At the risk of attracting a line-up of comment spammers determined to make me look bad, I offer the following recipe for fighting comment spam with Drupal (as I do on my Drupal-powered blog):

  • First, I use the Captcha module without the image captcha (instead, it uses a simple math question to confirm that the comment is from a human)
  • Then I add the Comment Mail module (to get notifications of new comments)
  • Next, I stir in the Comment Info (which allows people to check a “remember me” button)
  • Finally, add a quick dash of Spam Module v2 (just in case the occasional brute force attack on the math question slips through*)

This way, I don’t require that people log-in, or create an account, to leave comments.

The results:

  • People actually comment (on occasion) because there are fewer hurdles to jump over
  • Increased security, because there are no “privileged” accounts on my system
  • No spam: ever. (Though, I’m hanging my ass out a bit with this posting!)
  • No need to pre-screen comments, as the only ones that get through are legit

There you go: a Drupal comment-spam fighting recipe fresh from your friends at Community Bandwidth. Go Drupal!

* Update: Laura Scott of Ping Vision reported on the last Drupal shops call that she was getting the occasional spam still using a similar recipe — so, if you have an experience to share — or, better yet, another recipe — please post it here!

Works a treat
Submitted by Adam Ma'anit (not verified) on November 27, 2006 - 2:52am.

Thanks to Phillip's prodding, we just implemented this on the New Internationalist [ http://www.newint.org ] website where we have Drupal serving up our blog [ http://interact.newint.org ]. So far so good!

Thanks.

reply
Disappointed with Wordpress
Submitted by Eric (not verified) on February 14, 2007 - 3:39pm.

I've going to switch to Drupal because I've had it up to here with Wordpress. No matter what I did I couldnt stop the damn barrage of spam. Trackbacks, Akismet, Captcha code. Nothing. It completely runined my pr4 website. Im going to try Drupal now with the implementations that you mentioned. Hope it works out better this time. Thanks

reply
I am getting spam comments
Submitted by Robert (not verified) on April 16, 2007 - 4:59pm.

I am getting spam comments on my blog even with enabled captcha.

reply
Do you have any other modules enabled?
phillipadsmith's picture
Submitted by phillipadsmith on April 16, 2007 - 5:11pm.

In addition to the Captcha module, I’m also running the Akismet module (was running the Spam module until recently). Never see “spam,” unless it very well disguised, e.g., your comment got through and I’m not entirely sure it’s not spam. ;-)


reply
Manual "Spam"
Submitted by Robert Hartl (not verified) on March 28, 2008 - 7:31pm.

What about manual spam?
Do You delete this comments in the backend, delete their URLs or aren't there any manual spam comments any more (because it's simply to much expense)?

reply
Hey Robert, I don't see much
phillipadsmith's picture
Submitted by phillipadsmith on March 29, 2008 - 11:17pm.

Hey Robert,

I don't see much manual spam, and -- in fact -- any manual spam attempts I do see are often caught by Akismet too. Oddly enough, your comment was marked as spam -- so I guess the filter is quite aggressive.

Perhaps it wouldn't work on a busy site? However, for this site, it seems to do that trick and requires very little oversight.

And, yes, if I need to, I can manually publish or delete any of the comments that come in.

Cheers,

Phillip.


reply
I just got spammed!
Submitted by Stefan Holt (not verified) on June 9, 2008 - 11:42am.

but it was my fault...I didn't install captcha and still need to get Akismet figured out. But my question is how do you get rid of the hundreds on unwanted comments given the spam module only looks at new comments? any thoughts. thanks for the helpful advice

reply
How to get rid of old spam
phillipadsmith's picture
Submitted by phillipadsmith on June 10, 2008 - 6:39pm.

But my question is how do you get rid of the hundreds on unwanted comments given the spam module only looks at new comments? any thoughts. thanks for the helpful advice

That's a great question. And I wish I could tell you that I had an answer!

My suggestion: roll up your sleeves and start deleting old spam. Then get Akismet and captcha in place and take a vacation. :-)

Good luck Stefan.

Phillip.


reply

Post new comment

Please solve the math problem above and type in the result. e.g. for 1+1, type 2
The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Web and e-mail addresses are automatically converted into links.
More information about formatting options

Blog categories

Phillip Smith on ...
del.icio.us
Flickr
Facebook
LinkedIn
ClaimID