How to prevent spam on your Drupal website

The Drupal logo

Spam is a massive nuisance for website owners, with spam bots scouring the Internet for any unprotected web form to fill your website with unwanted and unnecessary content. In fact, on a site Media Matters Technology has recently reviewed, there were 17,304 spam comments on one blog entry alone - there were also over 600 spam user accounts on the site.

On your Drupal site, spam bots and even humans being paid to hand-post spam on your site, post irrelevant content in your comments, forums and content if they have permissions - they can also create spam user accounts.

You may want real-life users to be able to comment on your site or post in your forum. Or maybe you would like users to be able to create themselves an account without having to have it approved by an administrator first. If so, there are plenty of Drupal modules that are designed to prevent the spam posts and accounts on your site.

Honeypot is one of Media Matters' favorites when it comes to preventing spam on our client's sites - we use it on all sites that we create that allow users to post content or create themselves an account!

Honeypot works by placing a configurable field on your forms. This field is not visible on your webpage which means that human visitors to your site will not see the field or have to enter anything into it. However, spam bots that fill out web forms automatically will 'see' this field on your form and so they will enter text into the field. Say for example you configure the field within the Honeypot configuration page to be called 'telephone' - spam bots will enter a number into this field.

Here's where the magic happens; anything (spam bots) that enter text into this special hidden field will be rejected and cannot fill out the form. The biggest advantage to using this module is that users of your site will not be punished - they do not have to fill out any extra fields and you do not need an ugly Captcha on your forms, however the hidden field tricks spam bots and so prevents them from posting content or registering accounts on your site.

The Captcha module is another popular method for preventing spam on your site. You've probably seen Captchas on a lot of websites around the Internet.

This is the less preferred module to Honeypot as this module punishes genuine site users. You can configure which of your Drupal forms the Captcha appears on including comments, user registration, log in and contact forms. Not only is the Captcha quite ugly on clean sites, but all of your visitors have to fill in the Captcha to be able to complete the form, however this module is a good option in preventing spam on your site.

Similar to the Captcha module mentioned above, reCAPTCHA works in the same way but it works to improve the Captcha system - this module provides great email address protection!

Although never used by Media Matters Technology, Mollom is another great module for Drupal sites that's used to prevent all that unwanted spam on your site. Mollom monitors your site 24/7 to look for spammers and spam bots - if it finds a known spam bot it will block the form submission straight away for you. However, if the module is unsure whether the visitor is genuine or a spam bot, it will present the visitor with a Captcha to complete. You may need to register an account on the Mollom website before using this module on your site.