xdeb.org

One of the fun things with blogs is the possibility for readers to post comments. Unfortunately spammers post spam comments just like they send spam e-mail. So to keep the possibility for real visitors to post comments we need some type of defence against spammers.

The ratio of spam in comments is about the same as for e-mail. Something like 7 or 8 out of 10 is spam.

In an effort to stop comment spam xdeb.org has used the Captcha module with a simple math captcha. I like the match captcha since it’s language independent. All comments has been queued for moderation. Real comments has been published and all spam deleted manually by a site administrator. It has also been required to preview comments before posting, this seems to confuse some spam scripts. I also think it’s generally a good idea to take a second look at something before you post it.

Over time the need to manually moderate comments has become a bore, especially since the spam comments just seems to increase in numbers for every year. I started to investigate the different Drupal modules that handels these kind of problems.

Spam control modules for Drupal:

• Spam module
• Bad Behavior module
• Akismet module

I narrowed down my choices to the Spam module (+ Bad Behavior module) or the Akismet module.

The Spam module use Bayesian filter, keywords and IP checks. Much like the spam filtern in most modern e-mail clients work.

Akismet is a web service by Automattic, the folk behind WordPress. Jeff Eaton has built the Drupal module, making the service easy to use on any Drupal site. All comments is sent to the Akismet web service for analysis and it respons with a thumbs up or thumbs down. Akismet is free for personal use and reasonable priced for commercial use.

When Akismet makes a mistake, site administrators can use submit-spam and submit-ham links to report it. This way Akismet can quickly learn about new spammers and new types of spam and all users of Akismet benefits from it.

From what I have read it seems that Akismet is the better and more modern choice. It sees better at handeling the ever changing nature of spam. A few days ago I installed and activated Akismet here on xdeb.org and so far it works really well.

I still use the math captcha as well. They are easy for real visitors and at least makes it a bit harder for spam script, taking of some load from Akismet.

I have made one hack to the Akismet module for xdeb.org that may be of interest. I recently activated the Live module for authenticated users. Very neat to get live previews for comments!

With live previews you obviously don’t want to require users to preview before posting comments. At the same time I want to keep the requirement to preview for anonymous users. This is not possible with the normal Drupal setting so here we come to the hack.

I have set Drupal not to require previews for comments. Then I have added the following code to the function akismet_form_alter() that removes the “Post Comment” button from the initial comment form for users without the “post with no akismet checking” permission.

My hope is that Akismet + captcha + required previews will prove effective enough for me to allow anonymus comments to be handeld automatically.