I came up with a simple snippet to block a huge amount of anonymous comment spam that I'd like to share. I made a rule that anonymous users cannot include links in their comments. I don't believe that this is much of an inconvenience to legitimate visitors. They can still paste a URL into their comment, it just won't be hyperlinked.
Here's the code (from a module called fiercecommon that contains a common functions used across our sites -- you can put it wherever):
<?php
/**
* Implementation of hook_comments() -- Blocks anon comment spam by preventing posts with link tags!
*/
function fiercecommon_comment($a1, $op) {
global $user;
if ($op == 'validate') {
if (($user->uid == 0) && preg_match("#(<A\s+HREF|[url=)#im",$a1['comment'])) {
form_set_error("comment","Sorry, anonymous users cannot include links in comments");
}
}
}
?>It's important to do it this way rather than simply filtering out link tags. After all, I don't want the spam filtered for links, I want it blocked! The beauty of using form_set_error() is that the page returns a status code of 200, so the spam bots don't even realize that the comment never made it through.
If you wanted to allow some comments, you could easily modify that regexp so that it only blocks, say , posts with more than 3 links.
If I get time I'll try to gather some statistics on how effective this is, but I'd have to estimate that it's blocking 90% of the spam that gets through the captcha.
I also created some mod_security rules that block some spam attempts, but that's a topic for a much longer post. :)
Eli
Comments
Module to block anonymous links
See: http://drupal.org/node/149858
I already asked (and got) a cvs-account to post this as a module on drupal.org... hope I can make some time for it on thursday.
Awesome -- sorry I missed
Awesome -- sorry I missed that or I would've posted over there.
I don't have a ton of free time, but if need some help I'd be happy to pitch in where I can.
Eli
First release
I don't have tons of free time either.
But, as promised, I made some time for it today.
The result can be seen at: the blockanonymouslinks project page.
About pitching in where you can: any feedback on the module is welcome.. It should be available for download within 12 hours (when the cron job for packaging module releases has run).