10 Ways to Block Spam Registrations in Drupal
If you're going to use popular software like Drupal, one of the downsides is that you'll need to deal with spam.
A lot of members report that they receive many spam user registrations
on their sites.In this blog post, we'll look at 10 of the best ways to
avoid getting overwhelmed by spam users.
#1. Core approval features
Drupal has a default feature that allows you to either completely block or moderate all user registrations.
Go to Configuration > Account settings. You can set "Who can register accounts" to a couple of useful settings:
Go to Configuration > Account settings. You can set "Who can register accounts" to a couple of useful settings:
- Administrators only: this will block all registrations.
- Visitors, but administrator approval is required: This will require you to manually approve all users.
#2. E-mail verification
Another Drupal core feature allows you to require e-mail verification
before a user account becomes active. This add a significant hurdle for
spammers. Go to Configuration > Account settings to enable this
feature.
https://drupal.org/project/user_verify add
some more sophisticated options to the email verification process,
including the requirement for the user to enter a special token.
#3. Block certain user details
If you have a lot of spam registrations, there's a good chance there
will be some patterns in the spam user details. For example, you might
have a lot of users signing up as "John Smith" or using .ru email
addresses.
https://drupal.org/project/user_restrictions allows you to block both emails and usernames based on certain patterns. Here's an example which blocks .ru domains:
https://drupal.org/project/user_restrictions allows you to block both emails and usernames based on certain patterns. Here's an example which blocks .ru domains:
#4. Captchas
A Captcha presents a visual challenge that is supposed to be difficult for spammers to solve.https://drupal.org/project/captcha provides easy integration with your Drupal registration forms.
However, Captchas have several problems. They can often be hard for even
normal users to see. They are also not good for users with visual
disabilities.
https://drupal.org/project/riddler is an interesting variation on a captchas. It allows you to ask a question that will probably stump spambots:
https://drupal.org/project/riddler is an interesting variation on a captchas. It allows you to ask a question that will probably stump spambots:
#5. Honeypots / Secret form fields
One spam-defeating technique that we've found to be very effective is
hidden fields. You add an extra input field to every form and then hide
it with CSS. Humans never see the field but spambots do and when they
fill in the field the form is discarded.
https://drupal.org/project/spamicide is a module that makes it easy to create hidden fields.
This technique is often called a Honeypot and there's a module with the same name:https://drupal.org/project/honeypot. Click here to read the modules's author explaining the meaning behind the name "Honeypot".
There are some funny variations on this idea. For example, https://drupal.org/project/simpleantispam add a visible checkbox marked "I'm not a spammer" and a hidden checkbox marked "I'm a spammer":
https://drupal.org/project/spamicide is a module that makes it easy to create hidden fields.
This technique is often called a Honeypot and there's a module with the same name:https://drupal.org/project/honeypot. Click here to read the modules's author explaining the meaning behind the name "Honeypot".
There are some funny variations on this idea. For example, https://drupal.org/project/simpleantispam add a visible checkbox marked "I'm not a spammer" and a hidden checkbox marked "I'm a spammer":
#6. Block by location
http://drupal.org/project/geoblocker allows you to black-list or to white-list access to a Drupal site by countries.
It's not the most sophisticated technique because determined spammers will find a way around these restrictions, but it will block a lot of low-level spam attempts.
Certainly it's worth considering if your site is specifically focused on one location and you have little to no interest in overseas users.
It's not the most sophisticated technique because determined spammers will find a way around these restrictions, but it will block a lot of low-level spam attempts.
Certainly it's worth considering if your site is specifically focused on one location and you have little to no interest in overseas users.
#7. Secret codes
If you have a site without a large audience, you could consider giving out a secret code to potential members.
https://drupal.org/project/mothermayi allows you set a secret code that people must enter in order to register successfully.
https://drupal.org/project/mothermayi allows you set a secret code that people must enter in order to register successfully.
#8. 3rd party spam tools
There a wide variety of 3rd party systems that try to prevent spam
registrations. These are often paid services. Here are some of the most
popular:
- Mollom: https://drupal.org/project/mollom
- Stop Forum Spam: https://drupal.org/project/spambot
- Cloudflare: https://drupal.org/project/cloudflare
#9. Delayed roles
https://drupal.org/project/role_delay is an interesting approach. It allows you to slowly give users more permissions over time.
For example, a brand new user might not be able to post comments or forum posts. Over time they can automatically be moved into Drupal user roles with more permissions.
For example, a brand new user might not be able to post comments or forum posts. Over time they can automatically be moved into Drupal user roles with more permissions.
#10. Warning message
https://drupal.org/project/warning made
me smile. Instead of providing a sophisticated technical solution, the
Warning module simple tells your users that won't tolerate spam. Here's
how the module create describes it:
"I wrote this module because my personal blog was listed in do-follow lists and generated up to 30 spam comments per day that were not filtered by Mollom. After adding a simple (default) warning for comment submission about the fact that I do not tolerate unrelated links and the comments are moderated, this number dropped to 3 spam comments on average."
"I wrote this module because my personal blog was listed in do-follow lists and generated up to 30 spam comments per day that were not filtered by Mollom. After adding a simple (default) warning for comment submission about the fact that I do not tolerate unrelated links and the comments are moderated, this number dropped to 3 spam comments on average."
No comments:
Post a Comment