Preventing spam on Drupal: Difference between revisions
No edit summary |
|||
(5 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
== | == Restricting comments == | ||
By default, Drupal allows anyone to comment freely on any post you make on your website. While this makes sense when you maintain a blog, it makes less sense when you're using Drupal as the basis for your student organization's website or for something with little to no reader interaction. We therefore advise those with a Drupal installation to consider disabling comments by following these instructions: | |||
* If you just installed your website and have not created any pages with comments enabled, you can skip this step. If not, go to your admin panel. From here go to the tab Extend and find the 'comment' module. In the description of this module, open the small triangle by clicking it, and press 'Configure'. In the next interface, go to 'Content' and delete every comment section that has been created on your website. | |||
* Disabling the comment module itself on Drupal is very difficult. The alternative solution is to check whenever creating new content on your website, to check the tab 'Comment settings' and make sure that it is on 'close'. | |||
'' | |||
==Detecting spam== | |||
As mentioned above, it's better in most cases to simply not allow comments or to restrict them very heavily than having to deal with spam. If you have no other choice, there are some options available to help you out. | |||
=== Honeypot === | |||
Honeypot uses both the honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site. The module currently supports enabling for all forms on the site, or particular forms like user registration or password reset forms, webforms, contact forms, node forms, and comment forms. | |||
To install Honeypot follow these instructions: | |||
* | * First of all make sure that you have the 'Update Manager' module enabled in the 'Extend' tab of your admin panel. If not check the box next to it and press install at the bottom of the page. | ||
* Now go to https://www.drupal.org/project/honeypot, to the downloads section. Here right click the link to the download (often .zip or .tar) and press 'copy link'. | |||
* Next go back to your website and in your URL bar, go to /admin/modules/install. So it will look something like username.ulyssis.be/admin/modules/install . If you get an error that this page can't be found, check step 1 again. | |||
* You will see a box that says 'Add from a URL'. Here you enter the link from the module download page, and press continue. This should give a message that the modules has been installed. | |||
* Now you will still need to enable this module, in the same way as with the 'Update Manager' module from step 1. | |||
* At last you can configure the module to your own liking by opening the triangle in the description of the module en selecting 'Configure'. | |||
Of course, beside this extension, there are many more similar extensions which you can use to prevent spam. Though if you install multiple, we would advice to check if the extensions are compatible with each other before installing. | |||
[[Category:Security & anti-spam]] | ===Google's reCAPTCHA=== | ||
CAPTCHA, originally from a complicated acronym, is a term used for different kinds of challenges to prevent automated scripts from trying to comment, register or login on websites. reCAPTCHA is a project owned by Google that is quite successful at designing these challenges. You probably know reCAPTCHA as the "I'm not a robot" checkbox you often have to press. More details are available on <nowiki>https://google.com/recaptcha</nowiki> | |||
You can follow these instructions to get started: | |||
* First of all make sure that you have the 'Update Manager' module enabled in the 'Extend' tab of your admin panel. If not check the box next to it and press install at the bottom of the page. | |||
* Now go to https://www.drupal.org/project/captcha, to the downloads section. Here right click the link to the download (often .zip or .tar) and press 'copy link'. | |||
* Next go back to your website and in your URL bar, go to /admin/modules/install. So it will look something like "<nowiki>https://username.ulyssis.be/admin/modules/install</nowiki>" . If you get an error that this page can't be found, check step 1 again. | |||
* You will see a box that says 'Add from a URL'. Here you enter the link from the module download page, and press continue. This should give a message that the modules has been installed. | |||
* Now you will still need to enable this module, in the same way as with the 'Update Manager' module from step 1. | |||
* Next you will also need to install the reCAPTCHA module, by performing the same steps above but using the following link instead: https://www.drupal.org/project/captcha. | |||
* To use the reCAPTCHA module, it is '''critical''' you first go to the configuration page of this module, where you will need to enter the keys to use reCAPTCHA. You can register these on <nowiki>https://www.google.com/recaptcha/admin</nowiki> | |||
** Go to reCAPTCHA's configuration page by going to the 'Extend' tab, finding the reCAPTCHA module, expanding the small triangle, and clicking configure. | |||
** Now fill in the required keys you got on google's reCAPTCHA's administrator page before | |||
** When finished entering these keys, press the "Save configuration" button to save your settings '''[[Category:Security & anti-spam]] [[Category:CMSs]]''' |
Latest revision as of 17:33, 16 September 2021
Restricting comments
By default, Drupal allows anyone to comment freely on any post you make on your website. While this makes sense when you maintain a blog, it makes less sense when you're using Drupal as the basis for your student organization's website or for something with little to no reader interaction. We therefore advise those with a Drupal installation to consider disabling comments by following these instructions:
- If you just installed your website and have not created any pages with comments enabled, you can skip this step. If not, go to your admin panel. From here go to the tab Extend and find the 'comment' module. In the description of this module, open the small triangle by clicking it, and press 'Configure'. In the next interface, go to 'Content' and delete every comment section that has been created on your website.
- Disabling the comment module itself on Drupal is very difficult. The alternative solution is to check whenever creating new content on your website, to check the tab 'Comment settings' and make sure that it is on 'close'.
Detecting spam
As mentioned above, it's better in most cases to simply not allow comments or to restrict them very heavily than having to deal with spam. If you have no other choice, there are some options available to help you out.
Honeypot
Honeypot uses both the honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site. The module currently supports enabling for all forms on the site, or particular forms like user registration or password reset forms, webforms, contact forms, node forms, and comment forms.
To install Honeypot follow these instructions:
- First of all make sure that you have the 'Update Manager' module enabled in the 'Extend' tab of your admin panel. If not check the box next to it and press install at the bottom of the page.
- Now go to https://www.drupal.org/project/honeypot, to the downloads section. Here right click the link to the download (often .zip or .tar) and press 'copy link'.
- Next go back to your website and in your URL bar, go to /admin/modules/install. So it will look something like username.ulyssis.be/admin/modules/install . If you get an error that this page can't be found, check step 1 again.
- You will see a box that says 'Add from a URL'. Here you enter the link from the module download page, and press continue. This should give a message that the modules has been installed.
- Now you will still need to enable this module, in the same way as with the 'Update Manager' module from step 1.
- At last you can configure the module to your own liking by opening the triangle in the description of the module en selecting 'Configure'.
Of course, beside this extension, there are many more similar extensions which you can use to prevent spam. Though if you install multiple, we would advice to check if the extensions are compatible with each other before installing.
Google's reCAPTCHA
CAPTCHA, originally from a complicated acronym, is a term used for different kinds of challenges to prevent automated scripts from trying to comment, register or login on websites. reCAPTCHA is a project owned by Google that is quite successful at designing these challenges. You probably know reCAPTCHA as the "I'm not a robot" checkbox you often have to press. More details are available on https://google.com/recaptcha
You can follow these instructions to get started:
- First of all make sure that you have the 'Update Manager' module enabled in the 'Extend' tab of your admin panel. If not check the box next to it and press install at the bottom of the page.
- Now go to https://www.drupal.org/project/captcha, to the downloads section. Here right click the link to the download (often .zip or .tar) and press 'copy link'.
- Next go back to your website and in your URL bar, go to /admin/modules/install. So it will look something like "https://username.ulyssis.be/admin/modules/install" . If you get an error that this page can't be found, check step 1 again.
- You will see a box that says 'Add from a URL'. Here you enter the link from the module download page, and press continue. This should give a message that the modules has been installed.
- Now you will still need to enable this module, in the same way as with the 'Update Manager' module from step 1.
- Next you will also need to install the reCAPTCHA module, by performing the same steps above but using the following link instead: https://www.drupal.org/project/captcha.
- To use the reCAPTCHA module, it is critical you first go to the configuration page of this module, where you will need to enter the keys to use reCAPTCHA. You can register these on https://www.google.com/recaptcha/admin
- Go to reCAPTCHA's configuration page by going to the 'Extend' tab, finding the reCAPTCHA module, expanding the small triangle, and clicking configure.
- Now fill in the required keys you got on google's reCAPTCHA's administrator page before
- When finished entering these keys, press the "Save configuration" button to save your settings '