4 Must-Have Drupal Spam Prevention Modules

Does this scenario sound familiar? You go to fill out a form online and submit information about yourself, but before you can actually hit “submit,” you have to decode a series of blurry letters.

Did you know those blurry letters have an actual name? They are called a CAPTCHA.

Online banking against tablet pc on deskCAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a program or system intended to recognize a human user and prevent spam. There are different types of CAPTCHAs, but unfortunately, one of the most popular is a challenge-response system like the one mentioned above, where users are inconvenienced with text or picture puzzles to solve in order to prove they are human users. This type of CAPTCHA can be a major deterrent for users. It lowers conversion rates on forms and decreases customer satisfaction.

Google recently updated its captcha system — called reCAPTCHA — to make it easier to use. There are no more word challenges or pictures to recognize, however, there is still a check box for user to click.

The best scenario is to have a spam prevention service like Mollom that requires no user interaction at all (in most cases).

For those who have never heard of Mollom, it is an Acquia-supported, very popular spam filtering service. The strength of Mollom is that it does not rely on CAPTCHA for verification but instead analyzes content for "spam like" characteristics in real time. Good content gets posted normally. Bad content get blocked. For content that Molllom is unsure about, a CAPTCHA is presented.

In a surprising announcement, it was recently announced that the Mollom service will reach its end-of-life as of April 2018. That means the Drupal Mollom module will either block all form submissions or none, depending on how it is configured. Therefore, it is highly recommended to start converting away from Mollom and use an alternative spam prevention module.

Fortunately, there are other excellent Drupal spam prevention modules that are also not intrusive for users, meaning they don’t feature a CAPTCHA.

  1. http:BL (https://www.drupal.org/project/httpbl)

    Similar to the Mollom module, http:BL is based on anexternal service. Unlike Mollom, it is a very different type of service called Project Honey Pot. http:BL basically relays on a centralized DNS blacklist that is generated collectively by websites that utilize it. It has several impressive features, but most notably it can completely block incoming requests coming from blacklisted IPs and can prevent spam bots from scraping websites for email addresses. Furthermore, it works well together with other spam blocking modules.

    BL will be available for both Drupal 7 and Drupal 8, but the Drupal 8 version is currently in dev only.
  2. Antibot (https://www.drupal.org/project/antibot)

    This is a small and simple module that does not require user interaction at all. It works based on an assumption that spambots will not try to process javascript, so the only requirement is for users to have javascript enabled in their browsers. In a rare case that a spambot will render a page with javascript, the Antibot module checks for users’ keyboard key press or mouse movement before allowing form submission. This feature makes it extremely effective. From a performance point of view, this module also allows for page caching while protecting forms, which is a significant advantage over many other spam prevention modules that disable cache on pages with protected forms.

    Antibot is available for both Drupal 7 and Drupal 8.
  3. Honeypot (https://www.drupal.org/project/honeypot)

    Honeypot is currently one of the most popular anti-spam modules. It is not intrusive (no CAPTCHA) and it utilizes two methods to block unwanted submissions. First, it adds hidden fields to protected forms. This field is configurable, but it usually will have a name such as url, link, webpage, etc. — basically a field that spam bots will not be able to resist, hence the "Honeypot" method. The other method is a timestamp that basically checks how long it took for the form to be submitted from the time the page was loaded. The default time is five seconds, but it can be adjusted accordingly. One negative point is that pages with forms protected by honeypot can’t be cached.

  4. Honeypot is available for both Drupal 7 and Drupal 8.
  5. BOTCHA (https://www.drupal.org/project/botcha)

    BOTCHA is an older module that can be considered a Swiss army knife for battling spam. It features a highly configurable spam protection framework that does not punish users with CAPTCHA. Botcha has several recipes (methods) for preventing “spammy” form submissions. For example, it can utilize two variations of the Honeypot method. One option is to add a honeypot trap with a hidden field, and another option could be based on source calculation. "Timegate" is another option. This is basically like a timestamp method, but unlike other modules, it does not require javascript. It also blocks all attempts of resubmitting the same form with a "NoResubmit" recipe. It is a very effective spam prevention tool, but it lacks newer releases and unfortunately is not available for Drupal 8.

    BOTCHA is available for Drupal 7 only.

While Mollom’s discontinuation is disappointing, as you can see, there are a number of other spam prevention options available to Drupal users.

If you have questions about these or other modules, or would like to learn more about Duo, please don’t hesitate to contact us today.


CTA link generic

Ready to start a conversation?