Preventing spam on Drupal
Restricting comments
By default, Drupal allows anyone to comment freely on any post you make on your website. While this makes sense when you maintain a blog, it makes less sense when you're using Drupal as the basis for your student organization's website or for something with little to no reader interaction. We therefore advise those with a Drupal installation to consider disabling comments by following these instructions:
- If you just installed your website and have not created any pages with comments enabled, you can skip this step. If not, go to your admin panel. From here go to the tab Extend and find the 'comment' module. In the description of this module, open the small triangle by clicking it, and press 'Configure'. In the next interface, go to 'Content' and delete every comment section that has been created on your website.
- Disabling the comment module itself on Drupal is very difficult. The alternative solution is to check whenever creating new content on your website, to check the tab 'Comment settings' and make sure that it is on 'close'.
Detecting spam
As mentioned above, it's better in most cases to simply not allow comments or to restrict them very heavily than having to deal with spam. If you have no other choice, there are some options available to help you out.
Honeypot
Honeypot uses both the honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site. The module currently supports enabling for all forms on the site, or particular forms like user registration or password reset forms, webforms, contact forms, node forms, and comment forms.
To install Honeypot follow these instructions:
- First of all make sure that you have the 'Update Manager' module enabled in the 'Extend' tab of your admin panel. If not check the box next to it and press install at the bottom of the page.
- Now go to https://www.drupal.org/project/honeypot, to the downloads section. Here right click the link to the download (often .zip or .tar) and press 'copy link'.
- Next go back to your website and in your URL bar, go to /admin/modules/install. So it will look something like username.ulyssis.be/admin/modules/install . If you get an error that this page can't be found, check step 1 again.
- Now you will get a box that says 'Add from a URL'. Here you enter the link from the module download page, and press continue. This should give a message that the modules has been installed.
- Now you will still need to enable this module, in the same way as with the 'Update Manager' module from step 1.
- At last you can configure the module to your own liking by opening the triangle in the description of the module en selecting 'Configure'.
What is recaptcha and how/will it help prevent spam ?
For answers to those questions you can look at google's page about recaptcha (https://google.com/recaptcha)
Installation
This installation guide requires drupal 6,7 or preferably 8 (or higher). Note this installation requires captcha and recaptcha, these are different plugins and not a type error.
- Go to drupal's captcha page and download the appropriate version at the bottom of the page (https://www.drupal.org/project/captcha)
- Go to drupal's recaptcha page and download the appropriate version at the bottom of the page (https://www.drupal.org/project/recaptcha)
- Extract the archives into sites/all/modules/[recaptcha/captcha]respectively and relative to your own drupal installation (this folder may need to be created manually)
- Now navigate to your drupal administration page in your browser (/admin/modules)
- Search for captcha and enable it
- Search for recaptcha and enable it
- Once complete it is critical to configure your captcha setting in the web interface (/admin/config/people/captcha) and do not forget to enable the captcha-points (/admin/config/people/captcha/captcha-points).