Home » Blogs » admin's blog

Block spam with Mollom

Printer-friendly versionPrinter-friendly version

Before I installed Mollom on my sites, spam was a continual threat.  Not only were email forms at risk of being exploited, flooding their recipients with hundreds of unwanted messages a day, but comment spam could take over a site, covering useful pages in garbage or actually coopting the browser with iframes and other dangerous HTML tags.  I fought back as best I could with captchas and input filters, but it was an arms race I wasn't likely to win.

Then at DrupalCon I heard about Mollom, and I put it into practice, and since then I have been able to open up comments to unregistered users and relax input filters with no worries at all. Mollom doesn't show a captcha unless you have already called your humanity into question, so the majority of users never see a captcha.

Let me give you an idea what volume of spam I'm dealing with.  Here are the Mollom statistics for smartphonemag.com for the past 32 days:

Mollom spam-blocking statistics for smartphonemag.com

If the graphic above were as interactive as the actual stats (which are Flash), you could mouse over the graph to see each data point.  The maximum number of "ham" (valid) posts during this month was 35, the most I see on any of my sites.  Mollom will process up to 100 valid posts a day for free.  So this is the free service we're using here, and it blocked nearly 2900 spam messages in a single day, from this one site alone.  That is an unbelievable value! Even at the paid rate of 1 Euro per day, it would still be an unbelievable value.

The one downside of the free service is that if the Mollom server goes down, you have to make a choice: stop receiving any posts on your site, or let them all through.  We have chosen to let them through, and the server did go down once, and about 500 spam comments made it onto the site.  But before Mollom we were tackling spam every single day.  In the time we've used it, we've had a total of 3 false negatives (i.e. spam messages passing as valid).  We deleted them and reported them to Mollom, and no messages like them have made it through since.

I highly recommend Mollom to anyone with a Web site that accepts any kind of public feedback.

Bookmark/Search this post with:
  • Delicious
  • Digg
  • Facebook
  • Google
  • Yahoo
  • Technorati

reCAPTCHA

Spam blocking is an arms race, and about a month ago the spammers got the upper hand again, deluging iphonelife.com and smartphonemag.com with comment spam that got right through Mollom's filters.  I wound up installing another blocking module, called reCAPTCHA.  It uses the reCAPTCHA service to display graphics that are already known to cause problems to OCR software, so if a human can read them, it not only identifies the reader as human, it also helps to digitize books.  It's a win-win scenario for everyone but the spammer!

The reCAPTCHA module gets along well with the Mollom module; you can manually specify which forms you want the captchas to appear on and whether the same user should be subjected to captchas just once, once on each form, or every time a form is presented.