spam

I'm going to delete the 200-odd submissions just created by the (brand new) user zhoroscop

http://groups.drupal.org/user/20738

Cartierul Independentei din Sighetu Marmatiei
Sighetu Marmatiei
United Nations region Abkhazia
United Nations region Afghanistan
United Nations region Akrotiri Dhekelia
United Nations region Aland
United Nations region Albania
United Nations region Algeria
United Nations region American Samoa
United Nations region Andorra
United Nations region Angola
United Nations region Anguilla
...

etc.

CAPTCHA is a great way of preventing spam. Another method of spam prevention is using a web service that scans the content for spam-like content. One popular choice is Akismet. Dries has launched a new web service called Mollom. The thing that makes Mollom neat is that it presents a CAPTCHA when the published content is thought to be spam. Very neat service!

I found this coming in from Drupal planet http://www.tech-wanderings.com/drupal-nofollowed-too-pervasive.

Greg Holsclaw talks about how nofollow attributes could be hurting Drupal (rel=nofollow being a well intentioned way of deterring spam. Something that has managed to keep the ratio of spam to real content on the web down to a respectable 10:1 :P) Basically, he points out that most internal links on drupal.org get the nofollow attribute attached to them.

Greg makes a number of good points, but I think the two most important are:

I came up with a simple snippet to block a huge amount of anonymous comment spam that I'd like to share. I made a rule that anonymous users cannot include links in their comments. I don't believe that this is much of an inconvenience to legitimate visitors. They can still paste a URL into their comment, it just won't be hyperlinked.

Here's the code (from a module called fiercecommon that contains a common functions used across our sites -- you can put it wherever):
<?php
/**
* Implementation of hook_comments() -- Blocks anon comment spam by preventing posts with link tags!
*/

I added latest captcha to this site. It is active for story form, registration form, and comment form. i will soon change og so there is a confirmation form when subscribing to a group since we've seen group subscription spam as well. we are using the text form of captcha, since that seems the sanest to me.

once you pass a single captcha, you never see it again as long as your session is active.

comments welcome.

In my experience as a Drupal site admin and webmaster, I've found only one way to absolutely prevent spam on two of my sites: require payment of a a subscription fee before allowing users to post new content.

As you can imagine, this has stopped spammers in their tracks. No spammer will ever pay a dime to post spam, it seems. Of course, new content postings have dropped significantly, as well!

One of my sites allowed a new user (a spammer, of course) to register and start posting content under the 'authenticated user' role a few days ago, even though my user settings were configured to require admin approval of all new accounts.

One of my low-traffic sites was hit with significant trackback spam. We found out when we were notified by our hosting provider of a significant bandwidth overage for the month.

The spam module was doing a great job of keeping the spam out, but due to the flood of trackback requests during a sustained period, we experienced a massive increase in traffic.

I have now disabled trackbacks on that site (ti's the only site I had set up to allow trackbacks) and have enabled the spam module's "Trackback Black Hole" module so that all trackback requests are dropped immediately.

I was thinking about this idea to make captcha easier for normal (non spam) users.
What if the captcha module would also offer an option to to hide the captcha with client side javascript and solve the captcha with client side javascript? That way the captcha would be invisible (but still correctly solved on submission) for users with javascript enabled. It degrades gracefully for users without javascript enabled to the standard captcha. I guess it's possible to do it for the default math captcha. For the image based captcha's it is of course near impossible.

The basic premise to make this work is, of course, that spambots do not have a javascript interpreter. Otherwise it is just silly. I don't have an idea how advanced the spam bots are these days.

any thoughts on this?

I just wrote an article about using htaccess to block spambots and scrapers, thought it might be good to post here. In the article, I go over how to block access by user-agent, referrer, IP address, and a few other things.