Combatting Spam in the world of Drupal

There is clear statistical evidence illustrating the rise in Drupal's popularity. Still, even without numbers it was easy to tell that Drupal was becoming widely adopted over a year ago. It was around that time that Drupal powered sites became the target of widespread comment spam. This post is about how to fight back against those spammers.

Comment spamming is usually perpetrated by robots: programs written to sign up to a site and fill out its comment forms. The fact that such robots exist shows that it made economic sense for spamming companies to invest in the creation of software targeted specifically at Drupal. In other words, given the large installation base of Drupal, it made sense for unscrupulous business people to target those sites.

In the interest of being transparent, the reason I bring this topic up is that this site was recently defaced with some comment spam. Despite knowing that the threat if spam existed, I had not taken any action to help prevent it. Luckily I have dealt with this problem before and there are a wide range of tools at my disposal.

Tools to fight spam

Spam prevention
Akismet (also see

This module allows you to use the Akismet web service to protect your site from being spammed. Originally implemented by markus_petrux.

Captcha Module

A CAPTCHA is a challenge-response test most often placed within web forms to determine whether the user is human.

Captcha Riddler (Captcha module addon)

Riddler compliments [captcha, spam, akismet] modules by catching [spam] before it gets submitted.

reCaptcha(Captcha module addon)

Uses the reCAPTCHA web service to improve the CAPTCHA system and protect email addresses.


The combination of MyCaptcha and Form Store enables you to add captchas to arbitrary forms on your site without modifying a single line of code.

Spam suppression
The Spam Module

[a] Bayesian filter does statistical analysis on spam content, learning from spam and non-spam that it sees to determine the likelihood that new content is or is not spam


Other spam fighters (not just comment spam)

....provides IP-based blacklisting through http:BL and allows linking to a honeypot. http:BL allows blocking of email harvesters and comment spammers through a centralized DNS blacklist


The GlobalTEK GTSpam module obfuscates email addresses to help prevent spambots from collecting them, without loosing the mailto URL scheme default semantics and operations (see RFC 2368).

As you can see, there are a wide variety of solutions to help combat spammers in the Drupal world. Use some of these tools alone or in combination.


August 24th 2007 4PM
By: andre
File Under: