In light of the recent COVID-19 pandemic - OPTASY would like to offer DRUPAL website support for any Health Care, Government, Education and Non-Profit Organization(s) with critical crisis communication websites or organizations directly providing relief. Stay Safe and Stay Well.

7 Anti-Spam Drupal Modules to Spam-Proof Your Website With

7 Anti-Spam Drupal Modules to Spam-Proof Your Website With

by Adrian Ababei on Jul 04 2017

When you say “SPAM” you say “facts of life”! The life of any Drupal site/app/blog owner or administrator out there! And aiming for a 100% spam-proofed website is as realistic as toiling hard to eradicate... social inequity for good. And yet, you can still cut it down to the very minimum thanks to this heavy weighting “offer” of anti-spam Drupal modules available to you!

Depending on the spam prevention Drupal approach that you'll supercharge your website with you'll be fighting spam via:

 

  • challenge-response interaction
  • real-time filtering
  • a “deadly” combo of the two approaches
  • more or less user intrusive methods (meaning featuring CAPTCHA or not)

     

And if the Mollom module for Drupal still is you site's old and familiar “shield” against spambots, you should know that the popular, non user-intrusive  spam filtering service will cease to exist as of 2 April 2018. 

Since no one knows how it's going to get configured after this date, whether it will continue to safeguard all sites or none, you'd better be open to alternatives.

Now to spare you of a time-consuming research, here are 7 anti-spam Drupal modules that our Toronto web development team has already hand picked for you! Scan them through, compare them and go for the one that best suits your site's anti-spam needs:

 

1. Honeypot

Honeypot is, by far, THE anti-spam module!

Basically, when they say or think of “spam prevention”, 99% of “Drupalists” out there say/think of the Honeypot module, of the Honeypot method (for yes, there's even an anti-spam “method” named after it).

So, you get the idea: in Drupal world spam-filtering means “honey-potting” in 9 out of ten cases!

“How does it work?”, you say? It fights back spambots on two fronts:

 

  1. It uses a simple, yet surprisingly effective little “trick”: it adds a hidden field precisely to those forms on your Drupal site that it spam-proofs. An easily configurable “bait field” named something like “website” or “URL”. Once that hidden field gets filled in, it's a sign that a spambot has taken the bait. Sneakily-clever and effective!
  2. It uses a timestamp (which, again, you get to configure to your liking, the default time being of 5 seconds). If a web form on your Drupal site gets filled in quicker than that specific timeframe that you've set, Honeypot will instantly block its submission. It will identify the “submitter” behind it as being a... spambot.

     

So simple, so effective and where do you add that Honeypot falls into that category of anti-spam Drupal modules that are 100% non intrusive. The ones that don't keep “bugging” your site's visitors with captcha tests to be solved in order to prove their humanity!

There's no user interaction involved, since Honeypot runs its “spambot-detecting” tests on the web forms directly!

Note: a con of this module is that those particular web forms on your Drupal site placed under Honeypot's anti-spam protection can't get cached! The module disables caching for these particular web forms.

 

2. http:BL

Now here's another spam blocking Drupal module worth your full attention!

Compared to Honeypot's own methods, the HTTP:BL's one is completely different: it blocks any requests coming from Ips included on a DNS blacklist! A blacklist put together by all the Drupal sites using this module for spam protection.

A sort of collective fight against spam, one that your own site will be involved in and “reap” the benefits of!

Note: the http:BL module can be installed on Drupal 7 websites only for the time being.

 

3. Captcha, One of The Reference Anti-Spam Drupal Modules

How could we have left out, from our list, precisely the module leveraging the “reference anti-spam method” itself: the CAPTCHA method?

It does precisely what its name says: it integrates CAPTCHA into your web forms! A challenge-response system meant to block any attempt of automated spam posting, based on “inconveniencing” the user to pass a given test (answering a question, solving a math problem etc.)

The module comes with its own default challenge-response tests, so it can be used as a standalone spam-blocking solution, and it can also be used as a base API for other anti-spam Drupal modules.

Notes:

 

  1. our Toronto digital agency's team strongly recommends you to go for the second scenario, to make it just part of an entire “ecosystem” of anti-spam solutions on your Drupal site. There have been quite a few cases when spambots did manage to solve these challenge-response tests.

     
  2. do keep in mind that captchas are always a deterrent for your users and can easily turn into a factor responsible for the low conversion rate on your Drupal site

     

4. reCaptcha

Take the CAPTCHA and the Re-Captcha modules as a “check and double check” spam-preventing method!

The ReCaptcha module goes even tougher on bots as it leverages the “squiggly words” method for blocking spam. Basically, words difficult to read by spambots get taken from old books and turned into captchas.

Note: a potential disadvantage of using this anti-spam Drupal module is that some users, too, might find it hard to recognize these “hard nut to crack”, less common words!

 

5. Antibot, One of the Anti-Spam Drupal Modules to Supercharge Your Site With

Here's another representative of the group of anti-spam Drupal modules that are totally unintrusive!

It uses its spam-preventing “superpower” like this: it practically assumes that bots are discouraged to spam pages using Javascript, therefore users enabling JavaScript in their browsers are, implicitly, spam-proofed by default.

For those cases where spambots do attempt to render precisely these “safe” JavascripT-based pages, the module will inspect your visitors' mouse movements and keyboard key presses in order to identify them as “humans” and to allow them to submit their filled in forms.

A pretty clever check-up if you come to think of it!

Note: one of the Antibot module's notable features is that, unlike other anti-spam Drupal modules, it doesn't disable cache on the web forms that it protects. A performance-enhancer you just can't overlook!

 

6. Botcha

Take the Botcha module as an all-in-one spam-blocking solution for websites running on Drupal! And where do you add that it doesn't involve any user interaction (and therefore “user bugging”) either!

There are 3 methods that this module uses for detecting and blocking spammy form submissions:

 

  1. the honeypot method: it adds that hidden, “spambots luring” field to the protected web forms on your website
  2. the source calculation-based method
  3. the time-based method

     

And there's more! Once enabled, this module will also prevent any attempts of resubmitting the same form by using its own “NoResubmit” formula.

Note: the only downside is that there's no Drupal 8 version of the module. Not just yet!

 

7. Simple Anti-Spam        

This module's main “role”, in its mission to prevent spam posting processes, is to block automatic spam coming from anonymous users.

And its name says it all; it's a simple “two-ingredient recipe” that it relies on for blocking spam:

 

  1. there's an “I'm not a spammer” checkbox
  2. and there's an “I'm a spammer” hidden checkbox

     

Once the later gets checked or the former is left unchecked, it will just “warn” the module of a “suspicions activity” on your Drupal site. It's then that Simple Anti-Spam displays a warning message or simply blocks that specific form from being submitted to your Drupal site.

Moreover, from:

 

  • blocking web forms by maximum text length
  • blocking them by stop words
  • to blocking form by number of links
  • and the list can go on

     

...the Simple Anti-Spam module is one of those anti-spam Drupal modules that can report a form as being “suspicious” (automatically blocking it, too) based on a whole array of criteria.

Note: there's yet no Drupal 8 version!

 

Your turn now! What other approaches have you adopted on your Drupal site for... pulling the plug on any type of spam activity? 

Development

We do Web development

Go to our Web development page!

Visit page!

Recommended Stories

Drupal 9 Modules Readiness: How Hard Is It to Find Compatible Modules and Build a Website in Drupal 9?
Is it (still) too early to give Drupal 9 a try? To start fresh and build a website from scratch in the latest version of Drupal? Should you stick to Drupal 8 for... a little longer and upgrade later? How difficult will it be for you to find compatible Drupal 9 modules (and themes)? Let's find out: 1. But First: Why Drupal 9? What are the biggest benefits of Drupal 9 over Drupal 8? Why would you choose precisely this version of Drupal to build your new website with? because of the automated updates that it makes possible because of the headless support that it ships with because of the robust multilingual capabilities because of the improved performance: your web pages will load faster thanks to the BigPipe technology because it removes a lot of the legacy code because of its layout features because of its extensibility: you get to incorporated third-party systems quick and easy because of its media library and robust media functionality because of the new, Twig-based theme engine because it's easier to use: you can make the most of its in-place editing (CKEditor) And particularly because there will be no more major re-builds (aka "major pains to upgrade"). Instead, a set of new features gets released every 6 months, including new improvements and additions to be incorporated seamlessly into your Drupal 9 build. 2. Most Drupal 9 Modules Don't Change at All So, stay assured: you won't be having a hard time finding compatible modules for your new Drupal 9 website. Many of the modules on Drupal.org have been, are being made, and will be made compatible with Drupal 9. There's a collective effort coming from the Drupal community in this direction. And where do you add that the process is pretty straightforward:  Same code, but without the deprecated APIs. 3. But What About Those that Do Need Changes? For there have been changes under Drupal 9's hood. Changes in coding with a direct impact on some modules and APIs. Which means that some modules have turned from Drupal core modules to... outside dependencies: this is good news, considering the performance gains you get but also a challenge if you were relying precisely on those modules for your Drupal 9 website Luckily, you have at least 2 helpful tools at hand that you can use to: identify the Drupal modules that still need to get updated apply the fixes needed to make those modules compatible with Drupal 9 3.1. The Upgrade Status Module Why use it? Because it offers you a view of all that has been changed in Drupal.  Source: Drupal.org You have links to the modules' pages there, that you can access to review those changes. 3.2. The Upgrade Rector Module The great thing about this tool is that it provides you with automated code fix suggestions to help you make your target modules Drupal 9 compatible. Source: Drupal.org 4. Some Module Get Removed from Drupal 9 Now, there are a few Drupal modules that didn't get the chance to grow into Drupal 9 modules. And I'm talking here about: Simple Test, that's now replaced by PHPUnit Place Blocks, now replaced by the Layout Builder  As you can see, in both cases you get to use better alternatives. So, it's just a matter of favoring more powerful solutions. Good to know! Expect other modules and themes (i.e. the Classy theme, the Stable theme) to get deprecated and removed by the time we reach Drupal 10. 5. What About the Contributed Modules? What if you need more than the out-of-the-box Drupal 9 modules to build your new website? What if you depend on particular contributed modules? Or on... many contributed modules? Well, then things get a little more challenging... Because many of the contributed Drupal modules still need to be made compatible with Drupal 9. They need some time to catch up with the new version of Drupal. Take for instance: updating tests to PHPUnit or updating deprecated API usages. Now, what you can do is give a helping hand to accelerate the updating of these modules. And the steps/best practices to follow are pretty simple, as suggested in this guide on Drupal.org : use the patch referred to here, create an issue in the module project (first, make sure it doesn't exist already), and choose a title suggestive enough to let the maintainer know that it needs to be tested for Drupal 9 deprecations add an explanation for the signaled issue ... and follow all the other steps suggested in that Drupal.org guide. Tip! Ask that contributed module's maintainer how he/she would like to address the issues you're signaling. Because the guidelines available for Drupal core aren't always relevant for addressing contributed module issues, as well. The END! Now, assuming that: you only need a limited no. of contributed modules for your new Drupal 9 build it's not a heavily customized website that you're building ... how do you get it up and running in? We're here to help. Just drop us a line! We've been building Drupal websites since... Drupal 5. Image by Siggy Nowak from Pixabay   ... Read more
Adriana Cacoveanu / Aug 28'2020
5 tips to pass your Acquia Site Studio (Cohesion) Certification Exam
A few weeks ago, I had the chance to take the Acquia Site Studio (formerly Cohesion) Certification exam. In this post we are going to discuss why I took this exam and more importantly, how I passed it and became an Acquia Certified Site Studio Site Builder. Optasy and its commitment to quality through knowledge You already know that quality is part of the corporate culture of Optasy. For us quality is a key factor to protect our clients' investments and guarantee them a high ROI. But having a good QA department is not enough. Actually, it's often too late when the QA team detects an issue. At Optasy we prefer to ensure quality at the early stages of our projects, analyzing deeply the needs of our clients and transform them into effective digital experiences but we also know that the quality of the code we produce comes from the experience and the skills of our developers. That's why Optasy has an internal 'skill knowledge acquisition program' to help its employees (optasians) to acquire new skills or improve them. This program gives to each optasian one day off per month (paid by the company) to study a particular field. As a way to ensure knowledge acquisition and validation, optasians also receive paid leave to study and give their Acquia certification exams. This includes the exam cost too, that’s why many of the optasian developers are actually Acquia Certified developers or Acquia Certified site builders All things considered, it was a pretty easy choice for me to take the exam, not only do I get to improve my skills, but I get paid for it too! What are the Acquia certification programs? Acquia is a preferred Optasy partner that delivers a cloud-based digital experience platform built on Drupal that enables organizations to build experiences that scale. Acquia is committed to facilitating certification programs allowing developers to validate their Drupal skills year after year. Acquia certification exams are administered at Kryterion Testing Centers in more than 750 locations across the globe. Exams are also available as online-proctored tests and are often offered at DrupalCons across the world. What is Acquia Site Studio? Acquia Site Studio (formerly Cohesion) is a low-code solution for building and editing Drupal sites. As an Acquia partner, our team got the chance to become an early adopter of the technology.  Acquia Site Studio is a sort of layout builder on steroids without writing any line of code. Not only can you build layouts or templates, but also you can build whole websites from the headers to the footers, and everything in between, like components and widgets, just by using the interface. No code required! It's a kind of atomic design system (like Pattern Lab) where you can create and preview CSS style guides, components, template layouts, page layouts or view layout from a visual user interface with simple “drag and drop”. And all of this within your Drupal site! To be fair, Acquia Site Studio is an amazing tool allowing designers and marketers to create and modify any layout component without calling the development team. If you’re a designer with no coding knowledge you’ll be able to create totally unique layouts based on your designs using intuitive drag and drop layout builder. If you're an editor, you may choose the layout you want to use and add all the pre-designed components you wish. Want to add a slider or a 'Related Articles' block? You drag and drop it in your layout! 5 tips to successfully pass your Acquia Certified Site Studio exam As other Acquia Certification exams, the Certified Site Studio exam requires both experience and knowledge. Though the test is not difficult, it’s not something you want to run into unprepared. From my experience, the questions ranged from a very low to medium range of difficulty, there were barely any difficult questions. This exam validates your ability to: Understand the features and functionality provided by Site Studio Install and configure Site studio environment on new or existing websites. Build a website using Site Studio style builder, components and website structure design elements. The official description of this exam can be found on Acquia's certification overview page. But in short: The tests are all multiple choice. They don't require that you actually configure a Drupal site or write any code. They are available in person at a testing center, or at home by installing the exam software on your computer. The price was $155 (In my case, Optasy paid for the test) Get a good understanding of Drupal Layout Builder As I mentioned earlier, Acquia Site Studio is a Layout Builder on steroids and many concepts are the same, so having some experience with this Drupal module will help you a lot, like the inline editing tools or the concept of drawing element into the layout. This is not mandatory, but I felt really comfortable with Site Studio having this previous experience. Read carefully the contents of the exam On Acquia's certification overview page you'll find the blueprint of the exam like the following: But below it, you'll find the content itself. Read it carefully and repeatedly. This should be your guideline during your study. This will help you focus on what really matters but also to recap and structure your notes. Read and study the documentation While there are really good videos on the Acquia Academy site about Site Studio, watching all of them won't be enough. If you don't have prior experience with Site Studio, it's a good starting point. But it definitively won't give all the knowledge you need to pass the exam. Reading the documentation should sound obvious, but you'll really need to read and study all the documentation in depth. Don't leave anything behind cause the exam covers all the aspects of Site Studio, from the basics to more advanced topics. This will also give you the right vocabulary to understand the questions of the exam, since sometimes they can try to trick you changing just one word. So the technical vocabulary has an important role, and that's where the documentation comes into play. Write down some notes after reading each section. This will help you a lot during the recap! Train on the Acquia Site Studio demo environment You can request an online demo environment for free at the bottom of this page The main benefit is that you won't need an API key or an Agency key, so you can test Site Studio for free, the environment acts just like a normal Drupal website. and the site will be all yours to experiment on. This site will be your friend during your study, you should test everything you learned in the documentation here. Do it several times and try different cases. The night before the exam, after reading back your notes, try to build a site from scratch in this environment to recap all the main concepts. This is key! Don't forget the 'Miscellaneous concepts and features' part These three concepts are not placed in one section, they are dispersed in the documentation. Study and practice all of them because you'll have a question about each one. They are only three, it doesn’t sound like a lot but they are worth 15% of the exam! That is a quick and easy win! A bonus tip What really worked for me was to read a section, practice the concepts of this section in the demo environment, read again the same section and take some notes. The day after, read all the notes of the previous day, do the same 7 days later, reading back your notes and practicing again on the demo site. That way, 80% of what you studied will stay forever in your memory. Conclusions Acquia Certification Site Studio Site Builder can be a good way to validate your skills and knowledge There are barely any difficult questions Study all the documentation because the exam is based on it, but also because the exam will cover all of it. Practice a lot, recap a lot. ... Read more
Karim Boudjema / Aug 27'2020
10 Best Tools for Conducting a Drupal 8 Site Audit (to evaluate its performance, security, and stability)
You want to audit your Drupal website's infrastructure, SEO, best practices, security, stress, overall performance... And you ask yourself: Are there tools that help you run a Drupal 8 site audit? ... and generate the reports you need? There are quite a few, actually. To narrow down your too many options, we've made a list of 10 tools and Drupal modules that you can use to test your website's performance, security, and stability. 1. 3 Best Tools to Run a Website Security Audit 1.1. Coder     What does it do? it checks your code to see whether it meets the industry standards it checks your text, so you'll know whether i's properly sanitized or not quite In short, a Drupal 8 audit module you'll want to have in your toolbox when conducting a website security audit. 1.2. Qualys SSL Server Test Another tool that you'll want to use during your Drupal 8 security audit process. Why? Because it performs a thorough analysis of a public SSL certificate and generates a grade for you. 1.3. Security Kit How does it work?  It provides you with a set of security-hardening options, that strengthen the shield around your site against CSRF, XSS, and clickjacking attacks. 2.3 Best Tools to Run a Drupal 8 Site Audit Focused on Its Performance 2.1. PageSpeed Insight, YSlow, GTMetrix  Take these 3 website performance audit tools as your the "swiss army knife" in your toolbox.  They run multiple tests on your website and generate a whole set of practical recommendations on how you can boost its front-end performance. Here are just some examples of recommendations: cut down on the number of elements the browser's forced to parse by simplifying the DOM cut down on the number of requests  by aggregating your JS files or using image sprites 2.2. New Relic An all-into-one Drupal site audit module that helps you monitor different sections on your website: from infrastructure to server, to browser and application. Now, here's precisely why you'll want to keep it close at hand while assessing your website's performance: it allows you to set up multiple customized dashboards that show graphs and charts of your website's performance data it enables you to keep an eye on your website's traffic and performance in real-time it allows you to isolate bottlenecks and set up alerts for key events 2.3. Performance Monitor   Let's say you've just moved your Drupal website to another hosting and you now feel that it has slowed down. And that the new server needs to be optimized for Drupal. This is precisely where this module comes in handy: It gives you a clear picture of how your website's performing now, while comparing different servers/hostings. Here are some of the features you'll love: it checks the Mysql status and variables (and provides recommendations) it tests the overall system performance (it runs database, CPU, and file operations performance tests) it evaluates the "Performance score"  3. 4 Best Tools to Evaluate Your Website's Stability 3. 1. Behat, PHPUnit, Nightwatch Or you can put together your own "combo" of unit and functional testing tools. Automated testing will improve your website's stability... in the long-term (and nothing can beat the peace of mind that you'll get). 3.2. Code Sniffer Whenever you need to assess your code's quality, just reach out for this Drupal 8 audit tool. It will... "sniff on" your code and signal you if it doesn't meet the coding standards.  Also, while testing your code's stability, you'll want to have a look at: the quality of your links the cycles of peer review for codes the factors that influence the SEO the access and breadth of documentation the modules you have on your website: are there any outdated ones? 3.3. Tugboat You save time and money using Tugboat (or an alternative continuous integration tool). Here's how: it runs the automated and linting tests that you will have set up and generates a report to your developer before even merging or reviewing the code it builds a completely working website that incorporates that new feature you've added or has that specific bug fixed before it gets merged A true time-saver that you'll definitely want to have in your toolkit when testing newly added code for stability.  3.4. Linting Tools How do they help you increase the stability of your Drupal website? they get all the developers in your team on the same page when it comes to the code format to be used they (i.e. Drupal Code Sniffer) enforce the Drupal coding standards once integrated to your developers' text editors Tip! Make sure you incorporate your linting tools into your automated testing routine, the one that gets performed on each pull request. The END! These are your best options when it comes to the Drupal 8 site audit tools to include in your toolkit. But what if you dread the idea of digging deep into your code, checking every single one of your Drupal modules, evaluating the CPU performance... What if you could still get a clear picture of how you're website's performing without the dread of going through all these tedious, time-consuming tasks? Just shift the burden to us! Drop us a line and let's get your Drupal website checked for all the issues and bottlenecks affecting its performance, security level, and stability! Image by Free-Photos from Pixabay   ... Read more
Adriana Cacoveanu / Aug 06'2020