Recently, I asked a colleague why I couldn't comment on their fancy, new, corporate blog and this was their response:
Yeah, it's pretty unfortunate at the moment, I've had to turn off commenting for unregistered users on the site, because we were getting spammed so heavily and even though I had the Spam filter on at full strength many were still getting through. I'd like to find a better solution, though, because right now you have to create an account to be able to post comments (which nobody will do, I'm sure). If you have any wisdom or suggestions from your Drupal experience on how to deal with such massive spamming issues, I'd love to glean some knowledge
At the risk of attracting a line-up of comment spammers determined to make me look bad, I offer the following recipe for fighting comment spam with Drupal (as I do on my Drupal-powered blog): * First, I use the Captcha module without the image captcha (instead, it uses a simple math question to confirm that the comment is from a human) * Then I add the Comment Mail module (to get notifications of new comments) * Next, I stir in the Comment Info (which allows people to check a "remember me" button) * Finally, add a quick dash of Spam Module v2 (just in case the occasional brute force attack on the math question slips through*)
This way, I don't require that people log-in, or create an account, to leave comments.
The results:
- People actually comment (on occasion) because there are fewer hurdles to jump over
- Increased security, because there are no "privileged" accounts on my system
- No spam: ever. (Though, I'm hanging my ass out a bit with this posting!)
- No need to pre-screen comments, as the only ones that get through are legit
There you go: a Drupal comment-spam fighting recipe fresh from your friends at Community Bandwidth. Go Drupal!
* Update: Laura Scott of Ping Vision reported on the last Drupal shops call that she was getting the occasional spam still using a similar recipe -- so, if you have an experience to share -- or, better yet, another recipe -- please post it here!
Comments
12 Comments
Works a treat
Thanks to Phillip's prodding, we just implemented this on the New Internationalist [ http://www.newint.org ] website where we have Drupal serving up our blog [ http://interact.newint.org ]. So far so good!
Thanks.
Disappointed with Wordpress
I've going to switch to Drupal because I've had it up to here with Wordpress. No matter what I did I couldnt stop the damn barrage of spam. Trackbacks, Akismet, Captcha code. Nothing. It completely runined my pr4 website. Im going to try Drupal now with the implementations that you mentioned. Hope it works out better this time. Thanks
I am getting spam comments
I am getting spam comments on my blog even with enabled captcha.
Do you have any other modules enabled?
In addition to the Captcha module, I'm also running the Akismet module (was running the Spam module until recently). Never see "spam," unless it very well disguised, e.g., your comment got through and I'm not entirely sure it's not spam. ;-)
Manual "Spam"
What about manual spam?
Do You delete this comments in the backend, delete their URLs or aren't there any manual spam comments any more (because it's simply to much expense)?
Hey Robert,
I don't see much
Hey Robert,
I don't see much manual spam, and -- in fact -- any manual spam attempts I do see are often caught by Akismet too. Oddly enough, your comment was marked as spam -- so I guess the filter is quite aggressive.
Perhaps it wouldn't work on a busy site? However, for this site, it seems to do that trick and requires very little oversight.
And, yes, if I need to, I can manually publish or delete any of the comments that come in.
Cheers,
Phillip.
I just got spammed!
but it was my fault...I didn't install captcha and still need to get Akismet figured out. But my question is how do you get rid of the hundreds on unwanted comments given the spam module only looks at new comments? any thoughts. thanks for the helpful advice
How to get rid of old spam
That's a great question. And I wish I could tell you that I had an answer!
My suggestion: roll up your sleeves and start deleting old spam. Then get Akismet and captcha in place and take a vacation. :-)
Good luck Stefan.
Phillip.
I've going to switch to
I've going to switch to Drupal because I've had it up to here with Wordpress. No matter what I did I couldnt stop the damn barrage of spam. Trackbacks, Akismet, Captcha code . Nothing. It completely runined my pr4 website. Im going to try Drupal now with the implementations that you mentioned. Hope it works out better this time. Thanks
I'm stopping SPAM in my Drupal site using shinobi methods
I've checked all SPAM control methods for Drupal and I'm not happy with them. They're complicated, resource intensive, unaccesible and many of them are annoying for most users.
There's a more simple way, Shinobi methods for those that master the art of silence. I've explained them all in my blog:
http://www.isegura.es/blog/stop-spam-your-site-being-invisible-honeytrap-drupal-comments-form
http://www.isegura.es/blog/stop-spam-your-site-being-slow-flood-control-method-drupal
More than 99% success at this time, but I'm always open to suggestions to improve this ratio even further.
drupal not stopping spam
We only allow registered users to comment on our blogs. They must complete a CAPTCHA and email verification at user registration and they must run through CAPTCHA at the comments and we're still seeing tons of spam.
One important thing about
One important thing about shopping for vibram shoeis to check what percent of the product you are buying is actually madefrom the berry or the juice of the berry. You want to find Vibram Five Fingersproducts that have a high percentage of the fruit itself. Vibram shop http://www.vibramshoe.us