CAPTCHA for Drupal: Anti-spam Protection and Usability
One of the worst Drupal webmaster enemy is the spam bots — this little guys can turn any unprotected website into spammed trash heap, flooded with undesirable junk messages about viagra, pharmacy or something like that. Do I need to tell that human visitors and Search Engines will be not verry happy about that?.. Unfortunately, many of ready-to-use CMS ( Content Management Systems ) like Drupal doesn't have built-in anti-spam protection "from the box", so it will be necessary to add such kind of functionality by yourself.
Most common way to prevent spam submissions is to implement a [tooltip titleCompletely Automated Public Turing test to tell Computers and Humans Apart]CAPTCHA[/tooltip] system on your site — usually it's an image and a textfield, where user must enter digits and/or letters, displayed on this image. This way humans are distinguished from bots and automatic submission programs ( what are the same things ).
But, this way of spam protection has some problems:
- Some image generation scripts is too primitive and bots can easily recognize symbols and complete the test
- Reverse case — some scripts ( or their settings that was defined by site administrator ) produce too distorted and noisy images, so now a human barely can recognize symbols and often will fail test many times in a row, what is very frustrating for a human site visitor
- Frequent need to enter some digits and letters to pass the test each time user wants to do something ( like submitting a comment ) also will be irritating and not very user-friendly
"Vanilla" Drupal 6 does not provide spam prevention tools, but there is enough third-party modules that capable with success to solve this problem. Let's look at some of them.
CAPTCHA module
CAPTCHA is base module for most of anti-spam solutions in Drupal, this module provides core functionality ( much like an API for adding test to a forms ), and other modules likely will be dependent on it. This module already has built-in anti-spam features, such as image and math tests. In some cases having this module enabled with math ( or image ) test will be enough to fight with random attacks of spam bots, but if your site falls under siege of spam botnet — most likely this module alone will be unable to stop them.
Below and to the right are examples of CAPTCHA tests by this module ( math test below, image test is to the right ):
reCAPTCHA
reCAPTCHA is a very popular and common type of CAPTCHA, which can be seen on many sites. It's a very good addition to previous module and can be recommended for usage in many cases. reCaptcha uses it's own web service for creating challenge forms and requires obtaining an API access key.
So now we briefly reviewed some of classic, standard forms of spam protection using CAPTCHA systems. But, for purpose of usability and more convenient way of separating bots from humans, its may be really good idea to search for other ways.
Alternative to CAPTCHA and reCAPTCHA modules
CAPTCHA and reCAPTCHA modules are the very widely used anti-spam solution for Drupal websites. But what if you're wanting something other than this two? For completely alternative anti-spam protection without usage of any CAPTCHA modules read Alternative CAPTCHA for Drupal. And if you wanting something with a slightly different approach for CAPTCHA implementation — read further down.
With Drupal itself and two third-party modules you can offer simplified and more user-friendly challenge. Requirements are:
- Any D rupal-based site
- CAPTCHA module.
- NotCaptcha for Drupal module.
- JavaScript enabled in user browser
- Enabled PHP mcrypt on hoster server ( most likely it's enabled by default )
- Enabled PHP GD on hoster server ( similarly, it's likely that it will be available by default )
NotCaptcha
We already overviewed CAPTCHA module, so now let's look at NotCaptcha. Key feature of this module is the way it implements "human-or-bot" test — in difference from any other solutions, with NotCaptcha user don't need to enter any letters of digits in test form. System is different — to pass the test user should vertically align a set of three pictures with sliders below them. That's it — move sliders and test is passed.
That's looking pretty good, but how to not forcing users to pass test each time they want to submit a comment, for example? Easy with Drupal. For such task CAPTCHA module settings has a very useful option:
Point: in this settings block is possible to select how CAPTCHA module will behave for each separate user. Well, all of them pretty self-explanatory, so i will just say that in my opinion second option is the way to go — user will have to pass a test only once and if he or she pass it successfully — CAPTCHA will not appear again, and this user will be qualified as "human".
But still this function must be used with caution — if spam bot somehow managed to pass challenge once — he will be green-lighted to post in every page anything he wants without any problems.
Conclusion
In this post we discussed spam issues with Drupal websites and how to fix them with CAPTCHA modules in a good way. Always keep in mind that users don't like any challenges and difficulties — so try to find most easy and simple way to achieve your goals.
And there is one more very important thing about CAPTCHA in Drupal you should know. Unfortunately Drupal caching incompatible with CAPTCHA module! For not to overload this article I moved all details to another post, which can be found by link just slightly up from here. Also I've found even more elegant alternative to CAPTCHA in the light of such incompatibility — read about Spamicide module in mentioned above post.
- 11870 reads
- Русский