Skip to main content
Working from scratch, following simplicity

Strategies adopted to stop spam in D7 (1st)

In my opinion a big problem for the 2.0 websites are the spambots, annoying programs designed to invade your web forms with a lot of spam. After multiple attempts, I have found a nice compromised that it helps me to reduce this phenomenon, saving my bandwidth. Below I explain the Drupal 7 modules which I installed and some settings. At present I haven't totally erased these attacks but I am studying a new approach to block them (in a next article if I'll solve some essays).

In the Drupal Modules for Combatting Spam (Drupal 7) article, you can find an almost complete list correlated with a little explanation of many Drupal 7 modules to struggle against the spambots.

In my case, I installed and enabled the following modules:

In http://my_site/admin/config/people/captcha my default challenge type for CAPTCHAs is Image (from module image_captcha), because of its multiple settings and being more effective. In http://my_site/admin/config/people/captcha/image_captcha I put code length 6, distortion level 5 – medium and noise level 3 – medium. In this manner the resulting image is difficult to bypass by OCR technology and the humans can solve it easily.

However the CAPTCHA hasn't fixed completely the problem, so I had to install, register and enable another type of method, the so-called Behavior-Based Methods. Firstly I tried Bad Behavior but this didn't work on my site, as such probably I use sqlite like database. Secondly http:BL that implements a malicious traffic blocker using http:BL by Project Honey Pot. To use this capability you will need an http:BL access key, received from Project Honey Pot. For more information about http:BL, see the http:BL homepage at

That module has reduced the spambots but hasn't yet deleted these attacks. Every 4 visits, 3 are bots (including google and altervista ones)! But now after seeing Top visitors page at http://my_site/admin/reports/visitors, it's rarely that I have had to block some IP address, yet not impossible! Using http:BL my monthly bandwidth is 15% (2 GB), before it was 20-25%. But generally my Top visitors in the past 1 day page is like this:

Top visitors in the past 1 day
Top visitors in the past 1 day

On this data, I can conclude that my strategies work quite well (only a spam comment per week overcomes my protections). Anyway I'm trying to create a custom module to disable the comment form for some minutes after a specific IP fails some CAPTCHAs. It's not easy, but I found useful information here:

If I solved the present issues and it worked well, I would publish my solution as soon as possible. At the moment I'm testing this provisional solution.

Add new comment

The content of this field is kept private and will not be shown publicly.

Plain text

  • No HTML tags allowed.
  • Web page addresses and email addresses turn into links automatically.
  • Lines and paragraphs break automatically.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Sponsored Links

Nicola Rainiero

A civil geotechnical engineer with the ambition to facilitate own work with free software for a knowledge and collective sharing. Also, I deal with green energy and in particular shallow geothermal energy. I have always been involved in web design and 3D modelling.