Plagued by spam? Baffled by bots? Are your site logs clogged with bogus entries from phantom visitors?
Let's share resources on best practices for keeping a Drupal-based site free of spam posts, spam user profiles, 'bot' postings and user signups.
What are the strengths and weaknesses of existing modules? How can they be improved?
What tools are missing? What new modules and/or tools might help?
I have been playing webmaster on several Drupal sites, and have had varying levels of success using spam.module, captcha.module, and other techniques. I'd like to share my experiences with, and gain some feedback from the larger Drupal community on this important topic.
Spammers are invading parts of Drupal Groups
Someone please lookup the ip address of the spammers clogging up group content and block them. This is getting ridiculous.
Read more
Seeking usability study participants for Mollom UX research
Hello!
Help us improve Mollom!
I'm planning a usability study for Mollom and need participants. Each session will be remote and 45 minutes long. You will be compensated $40 Amazon gift card (or equivalent in currencies offered on other Amazon country sites).
If you're available on Friday, Aug 23rd, please fill out this sign up form and answer these questions in the last comment field on the form:
How frequently do manually moderate comments?
- Daily
- Once a week or so
- Once a month or so
- Less than every month
Block All Variations of a Google Address
Google lets you put any number of periods in your gmail address, and it ignores all of them when receiving mail for you.
Try it; it's fun!
Spammers have taken advantage of this, unfortunately, to spam more and more easily.
If you see a Gmail address with about as many periods as letters, it is probably a spammer. If that address turns up twice, differing only by the number or placement of periods, it is pretty certainly a spammer.
Read more
Need a +1 or twelve for a simple issue: Add an "Associations" field to our d.o profiles
Apologies in advance for this crossposting to 11 groups. I recently started an issue to help us get to know each other better: Add field for "Memberships in Associations, Societies, and Other Professional Organizations" to User Profile. The initial response was, "Don't see why not, but let's hear more support before we do." So this is an appeal to read the issue and consider giving it your support.
Read more
JavaScript: Don't display comment page to bots
Hi,
I have a private site which is undergoing a massive attack (without success, already mentioned here: http://drupal.org/node/811734).
An answer was to set up a small javacript that sets a variable and if a robot visits the javascript won't be triggered.
I could then test for the variable & if not set then don't display the comment form.
How would I do that?
Any help is appreciated.
Are there better tools for comment moderation?
Like many others, our site is being overrun by spam. We have tried running our site two ways to stop spam:
1. Require registration to comment
2. Enable Mollom and allow anonymous comments
Ultimately, we would love to allow anonymous comments, but alas even with Mollom, dozens of spam comments get through each day. The same is true with option 1. The advantage of option 1 is then we have a user to ban.
Read more
Block anonymous comment spam by restricting link tags
I came up with a simple snippet to block a huge amount of anonymous comment spam that I'd like to share. I made a rule that anonymous users cannot include links in their comments. I don't believe that this is much of an inconvenience to legitimate visitors. They can still paste a URL into their comment, it just won't be hyperlinked.
Here's the code (from a module called fiercecommon that contains a common functions used across our sites -- you can put it wherever):
<?php
/**
* Implementation of hook_comments() -- Blocks anon comment spam by preventing posts with link tags!
*/
Spam killing Server
I do like the trackback functionality very much, but no chance, so I tell a similar story to others in the group.
In my case comments still are manageble - trackbacks not.
On my blog (now on Drupal 5.2) I do allow anonymous commenting but had to stop trackbacks.
The spam module is really very good in identifying spam und unpublishing it, that is the good side. I configured comments to have preview mandatory, there the remaining spam is managable for now.
Read more
Stopping Spammers Cold
In my experience as a Drupal site admin and webmaster, I've found only one way to absolutely prevent spam on two of my sites: require payment of a a subscription fee before allowing users to post new content.
As you can imagine, this has stopped spammers in their tracks. No spammer will ever pay a dime to post spam, it seems. Of course, new content postings have dropped significantly, as well!
Read moreNew user account created, bypassed admin approval process - how?
One of my sites allowed a new user (a spammer, of course) to register and start posting content under the 'authenticated user' role a few days ago, even though my user settings were configured to require admin approval of all new accounts.
Read moreTrackback Spam
One of my low-traffic sites was hit with significant trackback spam. We found out when we were notified by our hosting provider of a significant bandwidth overage for the month.
The spam module was doing a great job of keeping the spam out, but due to the flood of trackback requests during a sustained period, we experienced a massive increase in traffic.
I have now disabled trackbacks on that site (ti's the only site I had set up to allow trackbacks) and have enabled the spam module's "Trackback Black Hole" module so that all trackback requests are dropped immediately.
Read more
Blocking spambots with .htaccess
I just wrote an article about using htaccess to block spambots and scrapers, thought it might be good to post here. In the article, I go over how to block access by user-agent, referrer, IP address, and a few other things.
Read moreFiltering POST data
I'm also getting hit by nareman trying to unsuccessfully log in. I've managed to block 90% of it with mod_rewrite, but the changing bot will make that time consuming to keep up with.
Anyway, is there any way to filter POST data (in Apache - I don't want to invoke Drupal for this). I'm in no position to write an Apache filter, and not keen on installing mod_security for various reasons. Is there any way of getting mod_rewrite to match on POST data?
I'm almost tempted to start looking at IDS style tools that can update my firewall rulesets (ouch).
Read moreReferrer Spam on the rise
I've seen a significant increase in referrer spam lately. Starting a few months back, I saw the referrer 'alti.asu.edu' rise to the top of my "Top Referrers in the past N days" logs - along with apparent automated account sign-ups by 'nareman' and comment spam with 'people' in the title.
Banning IP addresses was pointless - a waste of time, because the IP addresses used varied widely over time, and the access patterns seemed to ensure that the spammer wouldn't trigger any kind of flood control - the IP addresses shifted often enough that the IP addresses wouldn't rise to the top of the 'Top Visitors' log. It was like playing Whack-a-mole -- by the time the IP address was on the radar screen, it was too late, the bot was using a different IP address.
Read more