Sep 20 2012
Sep 20

I've acquired other companies, but the sale of Mollom to Acquia, was the first time I sold a company of my own. Being the seller felt quite different. It's a interesting mixture of satisfaction tinged with loss. During the negotiation phase you feel joy and excitement. Then you feel frustration as you go through the due diligence process. It's a lot of work. Eventually, the day you hand over the keys you feel like you sold your baby. At the same time, you feel a sense of achievement.

Selling Mollom was a life-changing moment. Not because it was a big financial transaction (it wasn't), but because it proves that I was able to bootstrap and grow a company, steer it to profitability, and successfully exit. It was a great experience, because I know that at some point, I'll have the desire to do that again.

Aug 14 2012
Aug 14

We're excited to announce that Mollom has been acquired by Acquia.

For the foreseeable future, Mollom will continue to be offered as it is today. I will continue my role as general manager of Mollom, Ben will continue to lead the development of our products and the Mollom team will remain unchanged. If you are a user or customer of either Mollom or Acquia, everything will remain exactly the same.

When Ben and I started Mollom almost 5 years ago, we wanted to do something important. While most people were trying to figure out the social web, we were paddling out ahead of the wave, knowing that many websites would soon have to deal with increasing amounts of spam and content moderation. In the past five years, we have helped tens of thousands of people fight spammers on their websites, including some of the world's leading organizations.

We have blocked almost a billion spam messages since we started. It has been very rewarding for us to see that we have helped make the web a slightly better place. At the same time, we also built a healthy business. We successfully bootstrapped Mollom, and organically grew a team of 6 people.

The social wave keeps on growing; we're helping more and more people and organizations every day. But now that social wave has grown so big, we can't rest on our laurels. There are more business opportunities to explore, some of which we have been working on for a while.

At the business level, it made a lot of sense to merge Mollom into Acquia. Ben and I were looking to raise capital for Mollom to help fund future product development and expand our operations. It was clear that it would require a long-term commitment of my time โ€“ just at the point when I wanted to focus more on promoting Drupal globally and driving Acquia's growth and expansion. By having Acquia acquire Mollom, I can still be a part of Mollom, and Mollom could receive the resources to accelerate our efforts and create an even more exciting future for Mollom. It also allows me to double down on Drupal and Acquia. In short, I'm really excited to have Mollom as part of the Acquia family.

Keep an eye on us!

Jan 30 2012
Jan 30

We're proud to present a new design for the website.

We first launched the site in 2007. For more than four years, was using the same design. As we grew Mollom, we wanted to address some of the issues that we've been stewing over since our original design. We have been planning to redesign the site for over a year now but work on the Mollom web service and developing new Mollom products have always had a higher priority so we haven't found the time to complete the new design until now. January 2012

The old design that we used from 2007 to early 2012.

The new design is the first step in our plans to reorganize the website. We still have updates to make to the content of some pages, for example. Already, we think the new design is a fresh new change that improves usability.

Take a look at the new, we hope you like it! February 2012

The new website design.

Jan 17 2011
Jan 17

Earlier this week, we released the first stable version of the Mollom module for Drupal 7. The release denotes a major milestone for the engineering team at Mollom, because we started to track the development of Drupal 7 very early and kept the module always compatible to latest code in Drupal core.

Simpler, smaller, better

The most significant difference to the Drupal 6 module is that we were able to entirely remove plenty of code that was previously required to work around limitations and bugs in Drupal's Form API. While actively tracking changes in Drupal core, we could not stand our own ugly workarounds anymore.
It was time to fix Drupal core, so we could finally clean up the module's integration with forms:

  • We made it possible for form validation handlers to alter the form structure during form validation. Not being able to change a form during validation was the most annoying problem for the Mollom module, because it only conditionally shows a CAPTCHA โ€” only when a post is suspicious and looks like spam to Mollom, the user is asked to solve a CAPTCHA. But initially, there is no CAPTCHA contained in the form, so the CAPTCHA needs to be dynamically added when required. Starting from Drupal 7, the form validation basically can be understood as an additional step to alter or process the form structure, if required. This allows us to conditionally generate a CAPTCHA and only show a CAPTCHA if a post might be spam, while still having access to the full form structure and form state.
  • We corrected and improved the caching of $form_state in the case of form validation errors, previews, multi-step ("wizard") forms, and other scenarios in which a form is rebuilt or re-rendered, and might have new or updated state information that should be cached. This allowed us to leverage Form API's native form caching as a true "state machine" and storage for the spam check results returned by the Mollom web service. Since the cached form state holds all information from previous form submission attempts now, the Mollom module is able to re-use that information and conditionally perform actions in subsequent form submission attempts (such as showing a CAPTCHA). Among other issues, we also helped to remove the auto-rebuilding magic of the 'storage' property, to cache most of $form_state when form caching is enabled, and ensured that form constructors can already decide on caching and rebuilding.

Along the way, we wrote more than 2,200 test assertions for the Mollom module's automated unit tests, to ensure that its functionality works correctly in almost every possible scenario. Effectively, Mollom's module tests are quite possibly the most aggressive Form API tests for Drupal, as it uses almost all of its advanced features.

Open, flexible, consistent

One of the goals for the Mollom module is to allow an easy and yet flexible integration with third-party Drupal modules. However, most contributed modules are following the example of Drupal core: Drupal 6 itself contained highly inconsistent forms. In order to protect more forms against spam in Drupal 7, we figured that we had to clean up and improve various forms in Drupal core to set the right example for contributed modules:

  • We introduced the pattern of consistently providing the ID of a new entity in form submission handlers, in the same location the ID would appear for an existing entity. Subsequently invoked form submission handlers are able to access the entity ID, regardless of whether the entity was just created or updated. This allows modules to read the ID of a post in an always consistent way and store the spam check results for the post in an own table. Likewise, every confirmation form that allows to delete an entity should also provide value of the entity ID in the same location as in the edit form.
  • We cleaned up and revamped the comment form to generate and return an always consistent and predictable form structure. Like many other Drupal 6 modules, the Mollom module also had to struggle with the old form structure, since it was always different, depending on various configuration and environment settings. In fact, the Drupal 7 version of comment_form() is a nice example for how to use the #access property correctly โ€” which in turn allows third-party modules to re-use a form more efficiently or perhaps even make one of the hidden fields visible.

Mollom additionally integrates with the new account cancellation process in Drupal 7. This allows you to report a user account as spam to Mollom, and the account as well as all of the posts associated to it get reported as spam and deleted in one fell swoop.

Usable, in production, and translatable!

We invested a lot of time to improve the user experience of the Mollom module's user interface, so you can perform your daily spam moderation tasks faster and more easily. This is underlined by the fact that the module is actively used in production by thousands of Drupal Gardens users already, of which most have no technical expertise with Drupal.

Lastly, we now have centralized user interface translations on Much easier! Start right away and translate the Mollom module into your language!

Cross-posted in the Mollom blog.

Aug 03 2010
Aug 03

You might have noticed that this blog stopped accepting comments about a month ago.. well. stopped accepting is a big word.. I was still accepting comments, only they were never submitted to the database and after entering a comment to my blog people ended up on a white page.

So upon returning from holliday I set out to debug the issue together with one of our Inuits Drupal geeks and quickly ran into the following error.

  1. PHP Fatal error: Call to a member function has_more_records() on a non-object in /somepath/modules/views/plugins/ on line 1992, referer:

So apparently my veasion of views 6.x-3.0-alpha3 didn't really like to play with Mollom,
I downgraded views again to 6.x-2.11 and Mollom started showing its Captcha's etc again .

So apart from wondering how I ended up installing that alpha3 version (I`m sure Drush didn't do that), all is back to normal. and you should be able to comment on this blog again

May 22 2010
May 22

This is the blog where Kris Buytaert points you to extremely interresting and totally irrelevant stuff that happens in Life , The Universe and Everything

You can hire me! I work as a consultant for

May 21 2010
May 21

Following Davy's initiative, here are two years of Mollom stats for Spread the word!

Mollom stats for

My name is Wim Mostrey, and I approve of this software.

Wim Mostrey wearing a Mollom t-shirt

May 21 2010
May 21

A request was just sent out on Mollom's Twitter account to help them spread the word on Mollom. Since I've been an extremely satisfied user of this (free) anti-spam service for about 2 years now, I immediately added a link back to them in the footer of this blog. But I decided that's not enough. So I'd like to start a little meme here.

If you're happy about Mollom, just shout it out on Twitter, Facebook, your blog, ... by putting up a screenshot of your stats and saying how many spam has been caught by Mollom. You can find the stats of your site on your Mollom account. If you're using Drupal, you can find them under Administer > Reports > Mollom Statistics.

If you're using Twitter, use the hashtag #mollomstats. I'm looking forward see how much crap content Mollom has spared us from.

I'll give the example by being the first...

My Mollom usage statistics


As you can see, Mollom has blocked over 35000 spam attempts in 2 years on this blog. One day it even caught more than 600 spam attempts. These days it blocks and average of 100 attempts per day. I think I have an average of 2 legitimate posts (comments, contact form) per day.

Thank you Mollom!

Your Mollom usage statistics

Jul 22 2009
Jul 22
Share this

I hate spam. Of course, I imagine the overworked, underpaid dupes in Pakistan dishing it out at 5ยข per hundred comments don't particularly like it much either. It's just their job.

So anyway, about a year ago, the spam on this site was getting a bit out of control. Fortunately, Mollom had just whipped out their new, free spam-blocking service about the same time, so I gladly installed it. As you can see in the graph below (the orange being 'Spam attempts blocked'), this has been a fantastic boon for the site, with over 700,000 spam attempts blocked in the past year.

Mollom blocks spam (2008-2009)

Looking at that graph, you can see the spam attempts really dropped off sometime in April or May. I really don't know why; if anything, the traffic to this site has steadily increased over the year. I suspect that whatever methods spammers were using were not paying off as well, perhaps in part due to the diligence of the great folks over at Mollom?

How it's been fairing lately...

The purpose of this post is not to speculate about such things. The purpose is to zoom in a bit to the past two weeks. Let's do that now:

Mollom blocks spam (July 2009)

Here you can see in more detail recent activity. Notice the little green lumps at the bottom, which represents "Ham (not spam) operations accepted".

Well, not quite. Each of those little green lumps actually represents about 20 minutes a night filtering through all my comments and deleting a bunch of new spam that's managed to bypass their filters. Not really how I want to spend my free time.

I don't know what Mollom thinks about it all, or what new things they have planned (which I suspect they do). But I did decide to review my options and add a new line of defense to things.

First, how does Mollom work? For the end user, what seems to happen, at first, is nothing unusual. They simply submit a comment as normal. But before publication, the comment is sent to Mollom's servers, who compare it against a bunch of arcane things, such as what kind of text is there, are there suspicious links, does it come from a known spamming IP? If it fails any of these tests, back it comes to the user, with a Captcha challenge, similar to the following:

Mollom blocks spam (2008-2009)

Then the user (or intelligent program) tries to figure out what those letters and numbers say, and enter them, a little Turing test to weed out the humans from the robots.

Since (for now) Mollom's letting a few more slip through (it used to be about 4-5 a week, and now it's about 25-50 a night, then up to about 100 over the past two nights), I decided to add a new line of defense.

Hashcash to the Rescue (I hope)!

I remembered a demo of WebHashcash written by David Schneider-Joseph, a former student of mine at a Sudbury School (though I can take no credit for his mad computer skills, and he can also play a mean game of Go). This, in turn was based off the Hashcash algorithm by Adam Back, which was developed originally to fight e-mail spam.

The Hashcash algorithm, when used on the Web, is a JavaScript function that's run to fill a hidden text field, to be validated after submitting the form. The catch is that it can take a few seconds for most computers to compute the challenge (which might look something like '1:20:090723010931:example_hash::5OSqavyzeco:2z2O' in the end). The end user won't even notice it. Sadly, neither will some poor chap in Pakistan.

However, the automated spam servers will notice it. They'll be sending out a million pieces of spam, and suddenly, *blip* the computer slows down for a bit. And that's assuming it even processes JavaScript. (The routine intentionally does not degrade gracefully.) Enough sites use it, the CPU cycles end up costing more than the return, and they're forced to remove the sites from their lists.

I thought tonight that I would write a Drupal module for the routine. Luckily for me, I learned that Simon Rycroft (sdrycroft) had long ago beaten me to the punch.

So now I've added the Hashcash module to this site as a second line of defense against spam. I'll let you know how it goes!

Please note that this post is not meant as a criticism of Mollom! They provide an invaluable service, which I also intend to continue using. Even though 25+ spam comments a day is annoying, they're still blocking sometimes a thousand more a day. Thank you, Mollom!

AttachmentSize 26.71 KB 23.44 KB 20.88 KB 17.15 KB 12.52 KB
Oct 13 2008
Oct 13


As long as we do not make the distinction and call everything spam, we make it harder to find solutions. Mollom takes away the pain of what is typical spam, and that's why I am now only confronted with the atypical spam that is very targeted, takes effort to remove and some may even accept those comments as useful (or are being tricked into it).

What's even more, if Mollom does not make the distinction, I and others are making Mollom less effective because the atypical spam is diffusing the extremes.

Mollom gives me the following options:

  • Don't send feedback to Mollom
  • Report as spam or unsolicited advertising
  • Report as obscene, violent or profane content
  • Report as low-quality content or writing
  • Report as unwanted, taunting or off-topic content

The problem is that in almost all cases I would indicate this is unsolicited advertising, and not (automated) spam. So I would split both categories and make a clear distinction between (automated) spam and (human) unsolicited advertising.

Some of those comments I deem low-quality or even unwanted. But the ones that are somewhat on-topic advertise something commercial or unrelated, are in the second category.

So maybe this is more a feature request for Mollom? I don't know whether it makes sense to make the distinction and what the impact now is of all the unwanted (human) comment spam I send to Mollom. But instead of making it bipolar (ham vs spam), I would make it tripolar (ham vs automated spam vs human spam).

This is actually a semantic discussion, but Wikipedia calls spam "unsolicited bulk messages", by that definition the comment spam I received would not even be spam because it is not in bulk.

Sep 22 2008
Sep 22

Like many other people, I received an email this morning announcing that Mollom, a project of Drupal founder Dries Buytaert, is out of beta. I use Mollom on this website, as well as another personal one, to reduce and sometimes outright eliminate blog comment spam. In my configuration, Mollom works by using heuristics against blog comments and if they are considered spammy enough, the user is challenged to a simple CAPTCHA system to prove that they are not an automated spammer.

Mollom is a great system, since some studies (direct PDF link) have shown that as much as 75% of all attempted comments on blogs are spam!

I've been using Mollom for a few months and have been very happy with it. If you run a blog, even one that isn't in Drupal, I would encourage you to check it out. It's free for many uses, so you lose nothing by at least giving it a shot. There is a developer API and Mollom has already made downloadable integration available for Drupal, WordPress, and Joomla, as well as language-specific libraries.

Congratulations to Dries and the Mollom team! I look forward to the system only getting better as more and more folks start to use it.

Update: A couple folks asked if I'd mind posting my Mollom statistics graph, so you can find it here. There were many hundreds of spams stopped in the past month!

Sep 22 2008
Sep 22

I don't think much of Mollom on my Drupal site. It's not that I don't like it, actaully I freakin' LOVE it! It is just that I never, ever, have to think about it.

A couple of months ago I was told about Mollom by Josh Brauer and decided that I did indeed want to give it a try. It was supposed to be a site spam service, working as a Drupal module, to protect your site from being inundated with blog post spam, etc. It was supposed to be pretty much invisible, unless the Mollom service thought that the comment or post might be spam, then it would spring into action with Captcha check and nail the post as spam or ham as a result. It lives up to these expectations and more.

So, what makes Mollom different, from a end-user point of view, than the other spam solutions I have tried (Akismet, Spam Karma, etc.)? Nothing, or rather, you have to do nothing, which is a whole lot less than what you do with the others. In fact, you don't have to deal with queues, moderation, constant attention and emails about all of the above. In other words you don't have to do anything. Oh, yeah, and the fact that it just plain works. I have yet to see a spam on my site.

What's crazy is that until this morning, when I got an email letting me know that Mollom was out of beta and now you could buy a subscriptions for their bigger-site service, I had actually completely forgotten that I had it installed. I thought that it might not be on, but when I went into my Mollom admin, I saw to my surprise that it had blocked almost 100 spams from my tiny site in the last 30 or so days.

Oh yeah, and those stats that I was looking at, yeah, they are SHINY! Look at that nice graph, it fills my designy heart with happiness :)

Mollom Stats

I hope I didn't put you off with the words "Buy" and "Subscription", because Mollom is always free for sites with less than 100 comments/posts per day. They offer this because, in Dries' words "We make Mollom Free available for free because we think that making spam protection available to as many sites as possible is the right thing to do." Nice.

Mollom was contrived by Dries Buytaert who also brought us the awesomeness that is Drupal as well as the RedHat of the Drupal world, Acquia (I ask you, does he do anything that isn't awesome?).

Ok, now that I have put my thoughts down about Mollom, I can go back to forgetting about it. Some things are best when they aren't seen :)

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web