Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough

Stopping spam in a Drupal community platform

Parent Feed: 

Introduction

Drupal provides a lot of functionality to build community driven websites. For the award winning platform ModeMuze, we have developed a platform to expose the different fashion collections of different Dutch museums. Besides exposing the different collection items, one of the goals is to engage the Dutch fashion community and enrich the metadata of the collection.

We want to make it easy for people to join the community. Captcha was not really an option. We enabled the possibility to provide anonymous comments, optionally creating an account through the comment registration module. The standard registration form was enabled as well. Once they are registered, the users are able to create theme related expositions of collection items and help out with the tagging of these items.

It would be great if all users are enthousiastic people who create beautiful content, but unfortunately this is not always the case.Every community website is going to be targeted by malicious users who create spam and/or try to hack their way into the site one way or the other. This is why Drupal has a lot of options to secure websites and fight spam.

For this particular project, we found that the setup described below worked really well in stopping the creation of spam users, content and comments.

Honeypot

The Honeypot module is the most basic form of protection. We basically add this to all sites we build. This module adds the honeypot method to the forms (it is possible to configure which forms you want to protect) and a timestamp. In a nutshell, when a user submits a form too fast, or fills in a hidden field that shouldn’t contain a value, the modules stop the form submission from completion.

The Comment verification module is used to add an extra check for comment by anonymous users. When an anonymous user adds a comment, they need to verify their comment through an e-mail link.

Spambot

The Spambot module protects the user registration form from spammers and spambots by verifying registration attempts against the Stop Forum Spam online database. It also adds some useful features to help deal with spam accounts. The module allows up to 20.000 checks per day. In the end, this module helped the most. It is also possible to delay the request for malicious users, which helped to bring the number of stopped spam accounts from 10 per minute to about 3 per minute.

Userone

The Userone module main purpose is to protect the user with uid 1. An important and special user in a Drupal installation. The module also has an important extra feature which helped a lot in stopping hackers. It can automatically block IP addresses when they have a certain amount of failed logins.

Cloudflare

The Cloudflare module provides beter Drupal integration with the online Cloudflare service. CloudFlare is a FREE reverse proxy, firewall, and global content delivery network. It has a ton of features. Besides improving performance by caching your pages for anonymous users, it can also provide SSL options (even in the free version). Since your domain points to the reverse proxy of Cloudflare, hackers will not find out the IP of your server. This will make it harder to attack your site. It also provides options to serve a captcha to users when it detects malicious behaviour. The performance is the most important feature, but all the bonus options are really nice to have.

Mollom

Last but not least it is good to mention the Mollom module that provides integration with the external Mollom service. This service can check user input for possible spam, and is very effective in stopping malicious users. For this project we made the choice not to use Mollom. The client did not feel comfortable about an external service checking their content. That is something to seriously consider when using external services like Mollom.

Original Post: 

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web