Alternative CAPTCHA for Drupal

in category.
Spam signIf you're reading this text — most likely you have come to need of usage alternative to CAPTCHA spam protection solutions ( why classic CAPTCHA module for Drupal is not the best solution — read in Drupal caching incompatible with CAPTCHA ).

By combining functionality of some alternative Drupal modules it's possible to create pretty strong defense against spam, and furthermore — this modules will work unnoticed to visitors and don't require from them any actions, thus usability of your website goes higher.

Spamicide Module for Drupal

First one from this modules is Spamicide, whose work based on common CSS trick and some back-end module code to cheat spambots. 

How it works? Spamicide module adds to any form ( comment form, for example ) special text field, which is hidden by CSS rule display:none;. This text field must remain empty when form is submited, otherwise it will not validate against spam. Description to this field can be something like "Are you a bot? If no, leave this field empty". Visitors with browser, such as IE or Firefox, will not see this text field at all, and will not even know that form was spam-protected.

Spambots generally see "naked HTML", so for them this text field will look as native part of the form. At the same time many websites in their forms have text fields that marked as "required", so general spambot most likely will fill all fields with some text to pass a validation against empty fields ( that can be marked as required ). Thus form on your website with filled special text field, created by Spamicide, will be rejected by Drupal as spam. Simple yet pretty effective.

It's worth to mention that such kind of protection is very basic and easily can be passed by advanced spambots or targeted spam attack. But probability of such "pleasant" attention to your website is relatively low, so for some time this method can be simple, elegant and effective solution against spam.

Furthermore, you still can use more advanced solutions ( like reCAPCTHA ) for protecting more important forms, or for forms located on separated from main content pages.

Block Anonymous Links Module for Drupal

Second module is even simpler than first and protects from spambots who passed through first line of defense ( Spamicide ). As you might guess from the title, this module blocks anonymous comments with links in them, keeping in mind that most spam contains links to advertised websites.

On Blockanonymouslinks project page module version 1.1 available, which does't have functionality to specify number of links allowed on comment message ( thus it blocks any anonymous comment that contains even one link ). It's obvious that this is not very handy, so one of Drupal community member created patch for this module, which allows in module settings specify a number of links allowed to be posted.

I think number 1 is pretty good choice, because it's unlikely that average user will wish to post at the same time 2 or more links — if he wantys to, he/she always can register and post any number of links he wants. Anyway, patched module attached to this post ( see at the end of this post ).

Spam Module

If you want a more complex protection with some features similar to Blockanonymouslinks and more other ones — be sure to take a look on Spam module. This module has many tools and filters to automatically deal with spam messages and can become great all-in-one alternative to classic image CAPTCHA.

Spambot Module

Fourth module in our CAPTCHA alternatives review is Spambot, great solution for preventing fake/spam automatic user registrations, which uses database to check provided during registration email address and user IP, and if they are found in database ( thus marked as spammers ) — user registration will be blocked. Also Spambot module can scan existing users and detect those accounts that are already registered, but was found in database. Such fake accounts can be easily deleted.


Well, that's it — using this four modules in different combinations you can make your Drupal website protected against spam, while not forcing visitors to prove that they are humans, instead trying to catch spambots that they are NOT humans. Besides the higher usability for websites that don't require users to solve riddles of another crazy-looking CAPTCHA, alternative spam protection solutions like this have another benefit in Drupal context — pages still can be cached.
Average: 6 (4 votes)
About the Author: Sergey “Treidge” Danchenko

AvatarSergey "Treidge" Danchenko is a founder and the author of 3DG.Me blog, 3D Artist and game developer, Drupal web-developer and one-man-band with experience in some other areas. Personal credo — "If you want a thing done well, do it yourself". In times of great inspiration writes poetry and plays volleyball. Primary professional tools — Autodesk Maya & Mudbox, Adobe Photoshop. Wild about turkeys and parrots, loves music and videogames.  Thanks for reading and come again!


Good article. Which one(s) do you use on

It's both of them - Spamicide and Block Anonymous Links modules together, which are described in this article. Also I have encountered many spam registrations with false users, so I've added one more great module to protect against them - Spambot module. With this three I'm pretty happy about spam, I receive maybe one, maximum two spammed comments in some days that are go through protection and non at all in other days, while Log tells that there was a lot more of attempt to bypass it. Maybe some another module that will analyze comment contents and detect spam this way will make it all up to 99 %  protection, but I'm still pretty happy with it as it is right now. angel

Copyright © 2010-2013 Sergey "Treidge" Danchenko. Feel free to Contact me with any questions. Theme based on a BlogBuzz design by