Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough

Spam protection with Drupal 8 modules

Parent Feed: 

Spam causes huge inconvenience to Internet users and headaches for site owners. Spam is one of reasons why you don’t need a comment section on your web resource. However, allowing your site visitors to post comments and any other content means communication and feedback. Allowing them to express their opinions and share their ideas on your site has its good sides as well. So it would be not right to get rid of this option all together. Luckily, Drupal can offer you a solution — and not just one. Drupal modules can help remedy spammers. We’ll explain them in order from the earliest solution to the latest in this article.

Spam blocking Drupal 8 modules:

CAPTCHA

For sure, the most known method to fight bots and distinguish them from human users is CAPTCHA. This is an abbreviation that stands for a completely automated public Turing test to tell computers and humans apart. The CAPTCHA module is most often used when building web forms. This challenge-response test, unsolvable by bots, prevent them from spreading spam. Every Internet user has been asked to type random letters or figures like this:

However, CAPTCHA has its disadvantages. Sometimes it’s quite tough for humans to guess on the first try what’s depicted on the image. It’s especially challenging for users with visual impairments. Thus, if you want to meet web accessibility standards, precede to the next solutions described below. CAPTCHA remains an effective way to fight spambots, but is a bit annoying for human users.

reCAPTCHA

As a test offered by CAPTCHA module is usually puzzling to humans, Drupal sites are more often using reCAPTCHA module that executes reCAPTCHA service from Google. Users just have to click and tick and are no longer irritated by having to spend time guessing. This improves user experience. Despite becoming more easy for people to solve, this test still remains hard for robots.

By the way, reCAPTCHA is one of Drupal modules maintained by us, Internetdevels.

Honeypot

This anti-spam solution requires taking no action from human users at all. No typing, no ticking. The Honeypot module creates a hidden field which is invisible to humans but noticeable to bots. When spambots fill this hidden forms in, they are immediately detected and blocked by Honeypot.

Furthermore, this Drupal 8 module uses one more method called a timestamp. It look at how long it takes for the web form to be submitted from the moment the page was loaded. Bots need much less time to cope with forms than humans.

Antibot

No end user interaction at all is also possible with one more Drupal 8 module called Antibot. Its creators claim that it’s more reliable than Honeypot and is as lightweight as possible. This module allows caching on pages with protected forms.

Its principle is based on the assumption that bots don’t process javascript. The web form is hidden due to CSS and users see a message on their screens telling that Javascript is required for the form to be used. If the users have Javascript enabled, then the message is moved out and the web form is revealed when the page is loaded.

In addition, for better safety, before allowing form submission, the Antibot module checks for mouse movement and keyboard pressing to identificate human user. This feature provides better effectiveness.

Anti spam

The Antispam module was developed by CleanTalk. Its effect is not noticable to human users, as they see no tasks needed to be solved. If you have your own blacklist that contains emails or computers’ IP-addresses of spammers you have already detected, then Anti Spam can use this your blacklist to block registering or posting any comments. Service CleanTalk can store all records of filtered spam attacks up to 45 days. There is even an app, if you want to monitor your statistics more conveniently.

Important information for Mollom users!

Mollom was maintained by Acquia and have been successfully detecting and blocking not only spambots, but also human spammers for 8 years. The Mollom service could evaluate the quality of content, identify profanity and offensive language and compare data with its constantly emerging archive of profiles of user who have predisposition to submit spam.

However, there are bad news for those who have loved this module. On April 2017 Mollom announced its end-of-life is scheduled for April 2, 2018. After that time, the Mollom service will no longer be supported or available. If you are using the Mollom Drupal 8 module now, then it’s recommended to disable it in advance until that date and switch to some alternative option mentioned in this article above.

We hope you have no spam-related issues. If you have any questions about spam or security, contact our specialists.

Author: 
Original Post: 

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web