Preventing spam on Drupal: Difference between revisions

From ULYSSIS documentation
 
(One intermediate revision by the same user not shown)
Line 16: Line 16:
* Now go to https://www.drupal.org/project/honeypot, to the downloads section. Here right click the link to the download (often .zip or .tar) and press 'copy link'.
* Now go to https://www.drupal.org/project/honeypot, to the downloads section. Here right click the link to the download (often .zip or .tar) and press 'copy link'.
* Next go back to your website and in your URL bar, go to /admin/modules/install. So it will look something like username.ulyssis.be/admin/modules/install . If you get an error that this page can't be found, check step 1 again.
* Next go back to your website and in your URL bar, go to /admin/modules/install. So it will look something like username.ulyssis.be/admin/modules/install . If you get an error that this page can't be found, check step 1 again.
* Now you will get a box that says 'Add from a URL'. Here you enter the link from the module download page, and press continue. This should give a message that the modules has been installed.
* You will see a box that says 'Add from a URL'. Here you enter the link from the module download page, and press continue. This should give a message that the modules has been installed.
* Now you will still need to enable this module, in the same way as with the 'Update Manager' module from step 1.
* Now you will still need to enable this module, in the same way as with the 'Update Manager' module from step 1.
* At last you can configure the module to your own liking by opening the triangle in the description of the module en selecting 'Configure'.
* At last you can configure the module to your own liking by opening the triangle in the description of the module en selecting 'Configure'.
Of course, beside this extension, there are many more similar extensions which you can use to prevent spam. Though if you install multiple, we would advice to check if the extensions are compatible with each other before installing.


===Google's reCAPTCHA===
===Google's reCAPTCHA===
For answers to those questions you can look at google's page about recaptcha (https://google.com/recaptcha)
CAPTCHA, originally from a complicated acronym, is a term used for different kinds of challenges to prevent automated scripts from trying to comment, register or login on websites. reCAPTCHA is a project owned by Google that is quite successful at designing these challenges. You probably know reCAPTCHA as the "I'm not a robot" checkbox you often have to press. More details are available on <nowiki>https://google.com/recaptcha</nowiki>


===Installation===
You can follow these instructions to get started:
This installation guide requires drupal '''6,7 or preferably 8''' (or higher).
'''Note this installation requires captcha and recaptcha, these are different plugins and not a type error.'''


* Go to drupal's captcha page and download the appropriate version at the bottom of the page (https://www.drupal.org/project/captcha)
* First of all make sure that you have the 'Update Manager' module enabled in the 'Extend' tab of your admin panel. If not check the box next to it and press install at the bottom of the page.
 
* Now go to https://www.drupal.org/project/captcha, to the downloads section. Here right click the link to the download (often .zip or .tar) and press 'copy link'.
* Go to drupal's recaptcha page and download the appropriate version at the bottom of the page (https://www.drupal.org/project/recaptcha)
* Next go back to your website and in your URL bar, go to /admin/modules/install. So it will look something like "<nowiki>https://username.ulyssis.be/admin/modules/install</nowiki>" . If you get an error that this page can't be found, check step 1 again.
* You will see a box that says 'Add from a URL'. Here you enter the link from the module download page, and press continue. This should give a message that the modules has been installed.
** Extract the archives into '''sites/all/modules/[recaptcha/captcha]'''respectively and relative to your own drupal installation '''(this folder may need to be created manually)'''
* Now you will still need to enable this module, in the same way as with the 'Update Manager' module from step 1.
 
* Next you will also need to install the reCAPTCHA module, by performing the same steps above but using the following link instead: https://www.drupal.org/project/captcha.
* Now navigate to your drupal administration page in your browser (/admin/modules)
* To use the reCAPTCHA module, it is '''critical''' you first go to the configuration page of this module, where you will need to enter the keys to use reCAPTCHA. You can register these on <nowiki>https://www.google.com/recaptcha/admin</nowiki>
** Search for captcha and enable it
** Go to reCAPTCHA's configuration page by going to the 'Extend' tab, finding the reCAPTCHA module, expanding the small triangle, and clicking configure.
** Search for recaptcha and enable it
** Now fill in the required keys you got on google's reCAPTCHA's administrator page before
 
** When finished entering these keys, press the "Save configuration" button to save your settings '''[[Category:Security & anti-spam]] [[Category:CMSs]]'''
* Once complete it is '''critical''' to configure your captcha setting in the web interface (/admin/config/people/captcha) '''and do not forget to enable the captcha-points (/admin/config/people/captcha/captcha-points).
 
[[Category:Security & anti-spam]]
[[Category:CMSs]]

Latest revision as of 17:33, 16 September 2021

Restricting comments

By default, Drupal allows anyone to comment freely on any post you make on your website. While this makes sense when you maintain a blog, it makes less sense when you're using Drupal as the basis for your student organization's website or for something with little to no reader interaction. We therefore advise those with a Drupal installation to consider disabling comments by following these instructions:

  • If you just installed your website and have not created any pages with comments enabled, you can skip this step. If not, go to your admin panel. From here go to the tab Extend and find the 'comment' module. In the description of this module, open the small triangle by clicking it, and press 'Configure'. In the next interface, go to 'Content' and delete every comment section that has been created on your website.
  • Disabling the comment module itself on Drupal is very difficult. The alternative solution is to check whenever creating new content on your website, to check the tab 'Comment settings' and make sure that it is on 'close'.

Detecting spam

As mentioned above, it's better in most cases to simply not allow comments or to restrict them very heavily than having to deal with spam. If you have no other choice, there are some options available to help you out.

Honeypot

Honeypot uses both the honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site. The module currently supports enabling for all forms on the site, or particular forms like user registration or password reset forms, webforms, contact forms, node forms, and comment forms.

To install Honeypot follow these instructions:

  • First of all make sure that you have the 'Update Manager' module enabled in the 'Extend' tab of your admin panel. If not check the box next to it and press install at the bottom of the page.
  • Now go to https://www.drupal.org/project/honeypot, to the downloads section. Here right click the link to the download (often .zip or .tar) and press 'copy link'.
  • Next go back to your website and in your URL bar, go to /admin/modules/install. So it will look something like username.ulyssis.be/admin/modules/install . If you get an error that this page can't be found, check step 1 again.
  • You will see a box that says 'Add from a URL'. Here you enter the link from the module download page, and press continue. This should give a message that the modules has been installed.
  • Now you will still need to enable this module, in the same way as with the 'Update Manager' module from step 1.
  • At last you can configure the module to your own liking by opening the triangle in the description of the module en selecting 'Configure'.

Of course, beside this extension, there are many more similar extensions which you can use to prevent spam. Though if you install multiple, we would advice to check if the extensions are compatible with each other before installing.

Google's reCAPTCHA

CAPTCHA, originally from a complicated acronym, is a term used for different kinds of challenges to prevent automated scripts from trying to comment, register or login on websites. reCAPTCHA is a project owned by Google that is quite successful at designing these challenges. You probably know reCAPTCHA as the "I'm not a robot" checkbox you often have to press. More details are available on https://google.com/recaptcha

You can follow these instructions to get started:

  • First of all make sure that you have the 'Update Manager' module enabled in the 'Extend' tab of your admin panel. If not check the box next to it and press install at the bottom of the page.
  • Now go to https://www.drupal.org/project/captcha, to the downloads section. Here right click the link to the download (often .zip or .tar) and press 'copy link'.
  • Next go back to your website and in your URL bar, go to /admin/modules/install. So it will look something like "https://username.ulyssis.be/admin/modules/install" . If you get an error that this page can't be found, check step 1 again.
  • You will see a box that says 'Add from a URL'. Here you enter the link from the module download page, and press continue. This should give a message that the modules has been installed.
  • Now you will still need to enable this module, in the same way as with the 'Update Manager' module from step 1.
  • Next you will also need to install the reCAPTCHA module, by performing the same steps above but using the following link instead: https://www.drupal.org/project/captcha.
  • To use the reCAPTCHA module, it is critical you first go to the configuration page of this module, where you will need to enter the keys to use reCAPTCHA. You can register these on https://www.google.com/recaptcha/admin
    • Go to reCAPTCHA's configuration page by going to the 'Extend' tab, finding the reCAPTCHA module, expanding the small triangle, and clicking configure.
    • Now fill in the required keys you got on google's reCAPTCHA's administrator page before
    • When finished entering these keys, press the "Save configuration" button to save your settings '