Spam and what we do about it
Running a significant site with user accounts means that spam goblins like to register on the site in order to add links to their sites so that their sites appear higher in search engine rankings.
Mostly, they want to comment on items (news, forums, blog posts) with links to their products, and set up people profiles in order to put links to their products in those too. Most of these are machines, some are human. They are amazingly sophisticated and one of the darker elements of the internet.
As we work to make the site more 'user-friendly', we experience a paradox; making it easier for people to add comments and content leads raises the risk of encouraging spam comments and accounts, while every addition of spam protection leads to people not being able to easily register to make comments and add their information.
So none of us want spam, but we all want to be able to comment on things easily.
We try to keep a balance of this situation with the following measures:
- Use mollom to handle comment spam which is amazingly effective
- Run Captcha module for humans to prove they are humans on forms by re-writing what they see in a picture (unpopular but neccesary)
- Discussed and will configure our login module LoginToboggan to delete users after a specified time period (one month?)
- Added notes to the registration email users receive after they have registered informing users that we will delete un-confirmed accounts
- Installed and added to makefile Spambot module and set it up on TN.org to check 50 user accounts per cron run (hourly) and block those that match known spammers automatically. It will also block all emails/IPs that are registered as spammer scum. Note that all 'trusted' users (i.e. above grunt level) are immune from scanning.
- Installed and added to makefile Botcha and set it up on TN.org to provide forms protection alongside Captcha (might replace it in the future?)
- Set up a report to show user profiles with the same firstname and lastname (including nothing) and deleted all user accounts with the same firstname lastname (1776 in total) from TN.org on 25/02/13
- Unsubscribed all names from the list above from Mailchimp newsletter subscribers list (not that many)
- Keep an ongoing Wiki page on this work and an open development ticket
We remain in awe of the drupal community for having such an amazing array of answers to problems that we all share. Thank you.
If you are running a big site with similar issues, and using different processes, let us know. We hope that this is useful for others in the same position.