Strategies adopted to stop spam in D7 (1st)
In my opinion a big problem for the 2.0 websites are the spambots, annoying programs designed to invade your web forms with a lot of spam. After multiple attempts, I have found a nice compromised that it helps me to reduce this phenomenon, saving my bandwidth. Below I explain the Drupal 7 modules which I installed and some settings. At present I haven't totally erased these attacks but I am studying a new approach to block them (in a next article if I'll solve some essays).
In my case, I installed and enabled the following modules:
In http://my_site/admin/config/people/captcha my default challenge type for CAPTCHAs is Image (from module image_captcha), because of its multiple settings and being more effective. In http://my_site/admin/config/people/captcha/image_captcha I put code length 6, distortion level 5 – medium and noise level 3 – medium. In this manner the resulting image is difficult to bypass by OCR technology and the humans can solve it easily.
However the CAPTCHA hasn't fixed completely the problem, so I had to install, register and enable another type of method, the so-called Behavior-Based Methods. Firstly I tried Bad Behavior but this didn't work on my site, as such probably I use sqlite like database. Secondly http:BL that implements a malicious traffic blocker using http:BL by Project Honey Pot. To use this capability you will need an http:BL access key, received from Project Honey Pot. For more information about http:BL, see the http:BL homepage at projecthoneypot.org.
That module has reduced the spambots but hasn't yet deleted these attacks. Every 4 visits, 3 are bots (including google and altervista ones)! But now after seeing Top visitors page at http://my_site/admin/reports/visitors, it's rarely that I have had to block some IP address, yet not impossible! Using http:BL my monthly bandwidth is 15% (2 GB), before it was 20-25%. But generally my Top visitors in the past 1 day page is like this:
|Top visitors in the past 1 day|
On this data, I can conclude that my strategies work quite well (only a spam comment per week overcomes my protections). Anyway I'm trying to create a custom module to disable the comment form for some minutes after a specific IP fails some CAPTCHAs. It's not easy, but I found useful information here:
If I solved the present issues and it worked well, I would publish my solution as soon as possible. At the moment I'm testing this provisional solution.