Skip to Main Content

Spam and what we do about it

Running a significant site with user accounts means that spam goblins like to register on the site in order to add links to their sites so that their sites appear higher in search engine rankings.

goblin cook imageMostly, they want to comment on items (news, forums, blog posts) with links to their products, and set up people profiles in order to put links to their products in those too. Most of these are machines, some are human. They are amazingly sophisticated and one of the darker elements of the internet. 

As we work to make the site more 'user-friendly', we experience a paradox; making it easier for people to add comments and content leads raises the risk of encouraging spam comments and accounts, while every addition of spam protection leads to people not being able to easily register to make comments and add their information.

So none of us want spam, but we all want to be able to comment on things easily.

We try to keep a balance of this situation with the following measures:

  • Use mollom to handle comment spam which is amazingly effective
  • Run Captcha module for humans to prove they are humans on forms by re-writing what they see in a picture (unpopular but neccesary)
  • Discussed and will configure our login module LoginToboggan to delete users after a specified time period (one month?)
    • Added notes to the registration email users receive after they have registered informing users that we will delete un-confirmed accounts
  • Installed and added to makefile Spambot module and set it up on TN.org to check 50 user accounts per cron run (hourly) and block those that match known spammers automatically. It will also block all emails/IPs that are registered as spammer scum. Note that all 'trusted' users (i.e. above grunt level) are immune from scanning.
  • Installed and added to makefile Botcha and set it up on TN.org to provide forms protection alongside Captcha (might replace it in the future?)
  • Set up a report to show user profiles with the same firstname and lastname (including nothing) and deleted all user accounts with the same firstname lastname (1776 in total) from TN.org on 25/02/13
  • Unsubscribed all names from the list above from Mailchimp newsletter subscribers list (not that many)
  • Keep an ongoing Wiki page on this work and an open development ticket

We remain in awe of the drupal community for having such an amazing array of answers to problems that we all share. Thank you.

If you are running a big site with similar issues, and using different processes, let us know. We hope that this is useful for others in the same position.

About the author
User picture

Ed is the Web Manager for Transition Network. This means that he works on all the web stuff from the day to day support, to tactical activities to strategic and special projects work for Transition Network about linking up all the Transition Initiative websites without them having to come to the main site all the time for updates and news.

He lives in Bristol, likes digging and climbing, growing vegetables and reading, bicycles and books, swimming, camping and generally being outdoors.

Published on February 25, 2013, by Ed Mitchell

Comments

Wibowo Sulistio's picture

Great set of solutions

25 February 2013 - 3:42pm — Wibowo Sulistio

Great post Ed!... and what a stelthy-looking set of fortress you guys have built!... Definitely the advantage of using a well-proven platform with great community support behind it.

I especially love how BOTCHA works to ensure bots identified themselves as such... and be blocked by the system for spam attempt!!

I wonder if, after all this, any spammer still manage to find their way into the system?... from the looks of things, it doesn't seem to be adding any substantial burden to users who just wish to legitly comment... if 'none' and 'yes' is your response to the question and guess... bravo, well don, great job!!!