Drupal Multimedia
Drupal Multimedia, by Aaron Winborn, Available Now!Popular content
- Built a New Widget! (73,664)
- Erik Gecas's Art Show (71,364)
- Drupal Multimedia Book Announcement at Drupal.org (67,180)
- YouTube Expands API: Good for Embedded Media Field (62,863)
- Map a Video Feed! (62,159)
User login
Navigation
Continuing the Good Fight against Spam...
So I installed both Spamicide and Hashcash, and Mollom reported a huge dip in spam attempts in August (from the 17th to the 28th, as seen in the screenshot). However, the amount of spam getting through steadily increased after that. The volume of visits according to Google Analytics has remained about the same over the past year. Now the volume of spam getting through is back to roughly where it was before I made the configuration changes...
I'm about to give up and look at Akismet or Typepad (using AntiSpam for Drupal users)...
I'll keep folks posted.
Recent comments
-
metin2 yang (not verified)
very nice
-
Eğitim Seti (not verified)
We're considering using drupal for a new electrical business that we are starting here in New Zealand. This has helped cement my ideas about it. Thanks!
-
Lawrence (not verified)
I'm having theming problems, could you explain how you themed yours? Mine is here - http://iommo.com/feature and it's really bare bones. Thanks for a great demonstration!
-
wahiaronkwas (not verified)
@Danny Concannon, you've never sat beside someone who knew nothing about the things you do, and watched them try to post something/anything on Drupal, have you?
I wish this was available for D6.
-
Anonymous (not verified)
thank you so much for posting about this. Amazing mess of modules to do this but awesome recipe! Soooo glad that someone's taking advantage of the new file api in 7 and even in quickly playing with it this is going to make upgrading to D7 a must for us. Sooo much better media integration and sets up for better resource management similar to Apture's simple way of getting web 2.0 content sources into 1 area. Love the way your doing this, keep up the great work.
I may have to look into writing a plugin to suck data in from other sources like Vimeo, Picasa, Scribd.
Syndicate
Comments
Wow! That's huge amount of
Wow! That's huge amount of spam!
BTW, is it possible to use Akismet with the Drupal and make it work correctly? I've heard that it causes problems with Drupal (and this is why development of the corresponding module was stopped)
All the best,
Dave
P.S.
While posting this comment I've passed Mollom CAPTCHA, but got "Your hashcash string is not valid. Are you a spammer?" error message.
I'm using akismet. Quite
I'm using akismet.
Quite works.
iste budur kurumsalseo.com R10 lida fx15 pohudey zayıflama
Testing
Curious if I have to be logged in to write a comment.
If this post is up, then I don't.
Thanks.
hashcash and mollon together
hashcash and mollon together works great. You can also add some kind of mathematics or science question. As you know spammer are school dropout. this can also help you.
I've had good luck so far
I've had good luck so far with the Spam module.
Over at the badcamp site, I think we are getting attacked by actually humans, cause the captcha isn't slowing them down. Or maybe the spammers have developed AI captcha recognition code that is good enough to beat the basic Drupal captcha (hmm, maybe I should up the fuzz). But at least the spam module makes it quick and easy to ban IP addresses.
Boy, you are really getting nailed by that wohuhuhua guy/bot.
Ah, the Spam module. I forgot
Ah, the Spam module. I forgot about it -- I'd used it some years ago, and it looks like it's really improved since then. I've installed it as well -- probably spending half my cycles on fighting spam now... :P
Thanks for the tip, @Tao!
Hey Aaron, I'd be really
Hey Aaron, I'd be really interested to hear how the AntiSpam module goes for you. In particular I'd like to know how Typepad's Antispam goes seeing as it's completely free.
As I previously mentioned we had good results with Spamicide, have you tried changing the "Form field name" option on the settings page because the spam bots pickup on it after a while. If you change the field name to something like "body" you may see better results.
I'd also be interested to see if your spam creeps back up if you turn of Spamicide.
- Sean Bannister
I've added Typepad Antispam
I've added Typepad Antispam (on top of Mollom; they don't seem to collide thus far). I'll definitely let folks know how that goes.
Thanks for the Spamicide tip, @Sean -- I just changed the field name, so we'll see if that helps as well.
Hey Aaron, I was just
Hey Aaron,
I was just thinking about your spam problem. If changing the field name doesn't work then spammers are either manually spamming or picking up on the Spamicide field. I don't think they're manually spamming every comment as you did see a dip in spam when you first installed Spamicide.
So I got thinking about how the spammers could easily get around Spamicide. For a start all they would need to do is have one human spammer visit the site and fill in a comment, this would then log the ID of each form field and then a bot could come back and spam as much as they like, for example you currently use the default Drupal comment field ID's of; edit-name, edit-mail, edit-homepage, edit-subject, edit-comment. Even easier is if they know your running Drupal they know these are the default form IDs.
So I was thinking what Spamicide should do is randomized the ID of the comment form and randomize the ID of the Spamicide field. This would make it much harder for a bot to automatically spam the site and if they are manually spamming the site there isn't a lot you can do anyway and I'm sure if they're only doing spots of manual spamming to pickup in form IDs it almost beats the hashcash method as they won't come back to your site if it's randomizing the IDs.
There is one other thing the Spam bots could do to get around this method and that's checking the DOM of each form field and seeing if it's outside the viewport. It got me wondering what would happen if you left the field inside the viewport but covered it with a div the same color as the background. Sure it's possible with a lot of code to work out that the field is covered but spammers have easier sites to spam.
Anyway after all that blabbing I think the main point I want to make is I think the default Comment Form IDs are a big part of the problem and if you could write a module that randomizes them and also utilizes a random ID on Spamicide it should work well.
- Sean Bannister
Oh bad mojo. I click to read
Oh bad mojo. I click to read this article and there is a big spammer comment in the recent comment block LOL.
Honestly I kept going through tons of different recipes to try and stop spam on my site and finally threw in the towel. I stopped using Drupal comments and switched over to Disqus. I was reluctant at first since I had nightmares with Haloscan in the past on a very large political blog I do the tech work for. I got to say that after about 6 months of using Disqus, I am extremely pleased. I never get any slow load issues from their service, and the design integrates very nicely into my site.
The other nice benefit is the export feature Disqus offers for free (HaloScan you had to pay and then you only got small chunked files). If I ever decide to go back to using Drupal's comments then I just need to write an importer from Disqus' XML file and can switch back.
Disqus is nice. I saw it on
Disqus is nice. I saw it on Rob Loach's site (and he created the Disqus module, for anyone wondering how to use it). I haven't decided whether to use it or not, but I hadn't thought of its anti-spam capabilities; I was just thinking about its networking benefits. Thanks for the tip, @Jamie!
Akismet and CAPTCHA
Back in the Drupal 4.7/5 era , I had luck with Akismet along with the CAPTCHA module. I never really tested the two together in Drupal 6 so I'm not sure how friendly the two modules are together these days.
Of all the anti-spam modules/services/applications that I've tried...Mollom has proven the most reliable for me. I think the issue for most is when the Mollom servers on the free plan are overloaded and you've selected as your fallback strategy, "Leave all forms unprotected and accept all submissions". Perhaps this is where Mollom's module could be improved. If the servers are unreachable then there should be a choice if the comments should be published or placed in the approval queue.
Now that I've thought about this, I think I'll ask for it as a "feature request" or give it a +1 if someone else has opened up the ticket.
@BryanSD, that sounds like a
@BryanSD, that sounds like a good request. I made the mistake of using "Leave all forms unprotected and accept all submissions", then their server went down a few months ago, just for a few hours, and I had several hundred spam comments get through and learned my lesson. So that doesn't apply to the latest round of spam.
Mollom is back to normal
I faced the same issue that you did, with the spam level spiking, despite Mollom performing well in the past. And I did go the Hashcash route as well. However, I got complaints about Hashcash from commenters on my sites, so I removed it.
In the meantime, Dries fixed the Mollom issues, which were mainly load related and when the server was unreachable, spam did get through.
Now, I am back to Mollom only and things are going well, as there were a few months ago.
@Khalid, what kind of
@Khalid, what kind of complaints did you get about Hashcash?
What about ReCaptcha?
That seems to be the best solution at the moment...
I used to use Recaptcha, but
I used to use Recaptcha, but it turned out to be completely worthless as the traffic increased on this site. That's why I started using Mollom in the first place. Although I guess I could put that back on as yet another line of defense... Might mean some people need to do two Recaptchas though, so I'll wait to see if my latest steps work.
Thanks!
Post new comment