[Drupal] How to prevent spam bots from posting to your Drupal site

| | 2 min read

Every website has POST and GET feature involved for continuous client and server communication. We would have got many unauthorized requests from the site to and fro which are categorized as spams. Spambots usually create fake accounts and send spam using them, although in many cases it would be obvious that a spambot is sending it.

The following spam-protection modules in drupal deals to prevent the unauthorized requests in the site:

  • Mollom
  • CAPTCHA
  • reCAPTCHA
  • BOTCHA
  • Hidden CAPTCHA

From the above list honeypot and recaptcha are the most recommended modules to block spam bolts.

The Honeypot module provides two spam fighting techniques:
1. A concealed field that is not intended to be filled by humans
2. A time check, that blocks forms that are filled in impossibly fast

There are a number of configuration options that allow you to use one or both methods, and target particular forms on your site to add protection to. Currently Honeypot is successfully dealing with virtually all spam submissions on this site.

The configuration for the honrypot module are as follows:

  • Downloaded the module honey pot from drupal.org
    Followed the documentation of the honey pot(https://www.drupal.org/node/1232638) to get through the configuration that to be done.
  • Copied the module honey pot to the modules folder(drupal-6 version)
  • Enable the module from admin settings(admin/modules)
  • Checked the configuration page for honey(admin/settings/honeypot)
    *Enable honey pot protection for all forms or we can select the forms
  • Enabled honey pot module for the required forms on the site form.

The following are the onfigurations for the recaptcha module:

  • Enable both the reCAPTCHA and CAPTCHA modules in admin/build/modules.
  • reCAPTCHA tab in the CAPTCHA administration page admin/user/captcha/recaptcha
  • Register for a public and private reCAPTCHA key
  • Input the keys into the reCAPTCHA settings. The rest of the settings should be fine as their defaults
  • Visit the Captcha administration page (admin/user/captcha) and set where you want the reCAPTCHA form to be presented
  • Added the recaptcha module for the registration form in the settings(/admin/user/captcha/)
  • For the recaptcha to work, the domain name need to be registered for API keys. Register API keys for the domains from recaptcha.net which is free sign-up.
  • Configured the keys for the recaptcha in settings(admin/user/captcha/recaptcha)
    Public key:6LcpFv0SAAAAAONpzAG3Vf-21X3axo31fjL9txsT
    Prvate key:6LcpFv0SAAAAAEMjj3EW155LDkVhW_H4DH-8n661
  • provided permissions for admin to administer CAPTCHA settings, administer recaptcha and skip CAPTCHA.
  • Enabled recaptcha module for the required forms on the site form.