Jump to Navigation
08 Dec, 2009

That annoying human spammers - Simple Solution for Spam in Drupal

Last couple of months we started to notice spam comments on our site. We have installed image captcha but obviously there are more and more human persons whose job is to manually spam sites.
We quickly created couple of triggers and actions that are sending emails and notify us when a new comment is created. Then we would manually check that comment and if it is a spam (>95% chance) we would put it into moderation.

Not a perfect process (and quite boring too) but it worked for us relatively OK. Spam gradually increased on our site - we started to get 2-3 human spam comments every day but we are always very busy with other projects... so we kept the non-perfect but working system.

Until one day we notice that we have about 20 spam comments that are laying around in our site and that were posted in the last month or so. Pfffft.... After quick investigation we figured out that our actions are disconnected from our triggers - who knows why, maybe some upgrade went wrong or somebody clicked in a bad place in a hurry...

We quickly reconnected actions and triggers but it was obvious to me that we should find a better solution. There are very advanced Drupal modules for spam out there like mollom... but they are all big and complex and I really wanted something dead simple.

So I started to investigate the situation and quickly figure the fundamental flaw of every spam - every spam needs to have at least one link that is leading to some spammer site. If somebody really wants to write a real comment on our blogs, he/she will maybe put some links inside, but a spammer will always put at least one link.

After 2h I had a module called spam_watchdog that is addressing this specific issue. This module will check newly added comments. If a link has been found in the comment, the module will put that comment in moderation and send a notification to site admin.

After 10 days of using it on our site we finally have perfect solution (or at least we have it for now ;) . spam_watchdog automatically moderates all comments with links. First 2-3 days of using we had 2-3 human spam comments per day. After that, they started to loose interest for our site (they are still trying, but there is nothing we can program against stubbornness ;-) . Now we have about one or two attempt of human spamming per week.

And this is exactly the solution I wanted to have: dead simple to install, just enable the module and forget about it. Combined with image captcha we eliminated the spam on our site (at least for now).

I am also attaching spam_watchdog module, maybe somebody else will find it useful.

AttachmentSize
spam_watchdog-6.x-0.1-dev.zip8.42 KB

Comments

hi Zeljko, thanks for the

hi Zeljko,
thanks for the t-shirt.
I see drupal is expanding in Ireland

groups.drupal.org/ireland

R

Human SPAM?

I've been receiving human-like SPAM these last days. It looks "quite human", but they're bots, and I found a way to stop almost all of them. Yesterday I received 52 SPAM attempts, but I developed a method that is working fine more than 95% of the times. This is acceptable with 50 attempts a day, but what if I become popular and receive, say, 500 attempts?

Therefore, I accept suggestions to improve my method. Please have a look at it.

http://www.isegura.es/blog/stop-spam-your-site-being-invisible-honeytrap...

good for spam boots

Hi Ignacio,

I have checked your code and logic - its perfectly OK for automated spam boots and it will probably work very well.

However on our site, because we are using image captcha protection form, we do not have problem with spam bots. But we have a problem with human spammers - and for human spammers your solution will probably not work very well.

There will be spam...

until google changes it's pagerank algorithm. There are too many programms on the market to search for high ranked pages with automated text fill in. The only thing a human has to do is fill out the captcha form, and that's done in a few seconds.

I would to thank Ignacio

I would to thank Ignacio Segura for his comment. Really helpful thnx.

There will be spam...

In response to nemag, maybe it's not Google's PR algorithm that should change but their SERP ranking algorithm. PR doesn't drive that much revenue to a website anymore but SERP rankings. It's what these Internet marketers are after. They are the human spammers and indeed they are very much annoying. I'm a wordpress user and these spammers are also frequent visitors to my website. Nice tool for Drupal you have here. :)

until google changes it's

until google changes it's pagerank algorithm. There are too many programms on the market to search for high ranked pages with automated text fill in. The only thing a human has to do is fill out the captcha form, and that's done in a few seconds.

Stop spam with userlogin

You can stop spam. Don't let users reply on a topic without a login.

And who will then stop logged

And who will then stop logged users to spam or create dummy accounts?

And what if I don't want to have user accounts for comments like on this site?

Version for Drupal 7

Hi - Just recently came accross your site. This sounds like an effective way to fight spam. I have found the same thing - spammers leave links in their posts. Will there be a Drupal 7 version of this module? I checked on Drupal for it, but did not find a project page.

Hmmm Drupal 7 version...?

Hi Brian and thanks for your comment.

Yes we are very effectively fighting with spam on our site with this module. You can not find this module on drupal.org for now because it was never released there.

If you really think that this solution would be good for you I can create first a project on drupal.org put Drupal 6 version there and then create Drupal 7 version.

What do you think?

Can stop spam bots

We had some great improvement on our form when we added a hidden form which should be empty. We had less spam via our forms. I think a Captcha code is not a good option for a webshop.

A valid point but also missed a point a bit

A valid point but what we also want here is to stop also a human spammers, having captcha or hidden field will not help you here at all.

Your comment is actually a good example, you definitly readed this post and answer to it in apropriate context, but you added url that is pointing to page where you sell monitors - and that is definitly not a context of this post ;). But anyway I enbled your post - because it is such a good example :)

So this module can only help site admins a little bit - each comment that have any link will be moderated and site admin need to define what to do with it. And it is working very on our site, so I am thinking more and more to port this module to D7 and add some more nice features to it; for example

- it would be cool that when you get email that comment is been moderated you also get link in email for unmoderating it - so you don't need to visit your drupal site and then login and then unmoderate comment - so it would fast a process to unmoderate valid comments.
- other nice feature would be to track all comments that are moderated by this module and then just delete them after some configurable time.

I will try to find some time in next month maybe to do this and publish module on ddo.

Thanks!

This sounds like a great approach. Please submit the module to drupal.org!
My problem is with logged in spam, however, so as is this won't fix my issues. My site only allows comments from registered users. But a spammer just added comments and triggered email notifications to hundreds of users.
Your module is a great solution, though, and perhaps a starting point for me. If I delete the lines about "don't do anything for logged in users" and then moderate all comments with links?

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Internal paths in single or double quotes, written as "internal:node/99", for example, are replaced with the appropriate absolute URL or path. Paths to files in single or double quotes, written as "files:somefile.ext", for example, are replaced with the appropriate URL that can be used to download the file.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd><br><p>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.