2 min read

My goodness, my spamness

My goodness, my spamness

For any individual or organisation that has a public facing website allowing comments and user interaction spam is a continual problem. Taking a look at some of my watchdog logs for this site over the past few days is probably quite indicative of the sheer volume of spam that even a small site can generate.

Perhaps it's my fault for allowing anonymous comments but without allowing any form of reader feedback the flow of content is one way, not the greatest idea for the website of someone who advocates transparency and sharing of information. I don't want to make people register to comment either, as:

  • People don't want to register to sites to comment and will more likely not comment than register.
  • The spam created will now be in user registration rather than comment and I'll have to filter through them instead.

What options do I have for dealing with spam?

Luckily, the Drupal community being the way it is,

There's a module for that!

In fact there are several. They can all be vaguely categorised into one of three categories:

  • Protection against bots
  • Prevention of posting advertisements/medication
  • Quality control

To take a huge chunk of the spam filtering modules out in one hit the CAPTCHA module has most covered. By including a field at the bottom of comment forms CAPTCHA includes a variety of techniques for deterring/rebuking spam posted to the site. From the very simple math captcha to a more complex pictorial captcha this really is one of the simplest ways to prevent spam.

CAPTCHA and assorted modules like Field Hidden are best targeted against bots. Spambots are getting better at solving captchas yet they have a tendency to want to fill every field. If they fill a hidden field that a human would not normally be able to find; caught!

I even wrote my own form of spam protection module, Unique Comments. It is however, not an attempt at preventing Zopharin (or whatever drug it is) being advertised. Rather, an attempt to ensure that as the site matures, users take a requisite amount of care in the comments they add.

Similar to the concept spawned on the xkcd IRC and explained in the subsequent blog post, the module ensures that no two comments (either site-wide or on a node by node basis) are the same. As time goes on, the amount of possible comments diminishes until users have to be constructive and use more than one word!

Unique Comments therefore probably falls closer under a quality control banner than actual spam protection. This puts it in the same category as half of mollom. The other half of mollom falling under actual spam prevention, it's a good service on the whole from my experience but has the downside of sometimes being too efficient in judging comments as spam.

​Further spam prevention

​An ever increasing number of spam comments is written by humans. This makes hidden fields and captchas ineffective since humans are ​able to fill in the number of copy the letters. This then gives rise to more intensive methods of blocking and banning users who contribute spam. By blocking a number of users in iptables (around 8 IP addresses) I've stopped the majority of spam arriving at my site. This is possible for site administrators who are not so savvy by using drupal's inbuilt IP blocking mechanism and by adding the offending IP addresses to the block list (admin/config/people/ip-blocking).

All in all spam is an unfortunate thing we appear to have to deal with. Here's hoping for more botnets fall leaving more webspace for us legitimate users.