Mollom

Last week, a configuration error on the Mollom servers caused a bug in Drupal 5 and Drupal 6 to surface which prevented sites from automatically reconnecting to the Mollom servers.

We identified a bug in the Drupal 5 module of Mollom, and released a fix for it earlier this week. We notified people about this through e-mail and on our blog.

What we hadn't discovered at the time was an additional bug in the error-handling code of the XML-RPC libraries in Drupal core. Special thanks to Joshua Brauer of Acquia Support for debugging this problem and bringing it to our attention.

In other words, the notification that we published earlier was incomplete and additional action is required for both Drupal 5 and Drupal 6 users.

We have since fixed the bug in Drupal 5 and Drupal 6 core, and this week, Drupal 6.14 and Drupal 5.20 were released. If you want to fix this problem for real, we highly recommend that you upgrade your Drupal installations to Drupal 5.20 or Drupal 6.14.

Note that Mollom has two fallback modes when no servers can be reached: "do not block spam" and "do not allow posts from protected forms". The module's default fallback setting is "do not allow posts from protected forms". Some customers may be unaware that Mollom spam blocking is presently disabled on their site.

If you can't instantly upgrade, the quick work around for both Drupal 5 and Drupal 6 users is to visit your Mollom module configuration page, which has a side-effect of automatically resetting the list of Mollom servers. You'll know this has worked when you receive a confirmation message at the top of the page which says, "We contacted the Mollom servers to verify your keys: the Mollom services are operating correctly. We are now blocking spam.".

Earlier today, we fixed a significant bug in the Drupal 5 module for Mollom that was the likely root cause for some problems reported by several of our Drupal 5 Mollom users. In some cases, the list of available Mollom servers was not being reset correctly, leaving Mollom with an inaccurate list of servers to contact to validate CAPTCHA responses or to analyze comments. If you received some errors about Mollom servers being unreachable, or if you noticed spam getting through to your site, read on.

A bug fix release of the Drupal 5 was made available today: if you are using Drupal 5, you should upgrade to the latest Drupal 5 release available from http://drupal.org/project/mollom. As an interim fix until you have time to upgrade your Mollom module, you can force your server list to reset to a correct set of values by visiting the Mollom settings page (?q=admin/settings/mollom or admin/settings/mollom, depending on your Clean URLs setting).

Note that this bug only affected the Drupal 5 version of the Mollom module. The latest version of the Drupal 6 Mollom module does not have this bug, although if you are not running the latest version of the Drupal 6 Mollom module, we certainly encourage you to upgrade. As you can see on http://drupal.org/project/usage/mollom, too many people are still using outdated versions of the Mollom module for Drupal.

We apologize for this bug, and for any difficulties it caused any of your users. At Mollom, we're committed to a seamless experience that keeps you from even thinking about spam on your site. While we may not be there yet, we're fast working toward that goal.

Thank you for using Mollom, and please feel free to contact us if you have any additional questions or concerns.

As one of the team that routinely responds to support requests for Mollom.com, I've seen a lot of questions come through our queue. Especially as we grow the Mollom infrastructure in response to changing spam patterns across the web, lately we've had more than our regular number of support challenges. Fortunately, with the infrastructure, hardware, and algorithmic improvements Ben and Dries have implemented, we're back down to our usual level of support requests.

The thing about a support queue is -- of course -- you're usually talking to people with questions, or assisting with a particular problem. There are tons of Mollom users out there who never write us for support because, we hope, Mollom just works for them. Those are users' we'd like to hear from more, because their feedback and thoughts are invaluable.

Dries pointed out just such a post by Alvin Alexander to me today. It's on devdaily.com, which uses Mollom to protect its comment and contact forms from spam. This is how the article sums up Mollom:

"Wow, it's rare for me to say this about any piece of software, but I don't have any complaints about Mollom. It was a breeze to set up, and I rarely even think about it ... as far as using it with Drupal is concerned, it just works."

I'd encourage anyone considering using Mollom to read his post. It's a great tutorial, and really hits all the high points of Mollom's feature set. I know I'll be referring people to it in the support queue so its going on my list of bookmarks.

Thanks, Alvin! We appreciate the feedback, and we're glad that Mollom is working out so well for your site!

Laconica, billed as an open-source microblogging tool similar to Twitter or Jaiku, now has its own Mollom plugin to reduce comment and posting spam. Laconica is designed to allow people in a community, company or group to exchange short messages of 140 characters or less, over the web. The Mollom plugin for Laconica is available at http://gitorious.org/laconica-mollom-plugin/mainline/trees/master, and is written in PHP.

Zion Security, a Belgium-based company specializing in the security analysis of web sites and systems, has used Mollom's open API to develop a Microsoft IIS module utilizing Mollom to detect and prevent comment and posting spam.

This module is unique in that it is a HTTP module coded for Microsoft IIS, comparable to an Apache module, and allows Mollom to potentially expand to a number of ASP/IIS based systems.

The Mollom IIS module is available as a zipped file for download here and is listed on our downloads page. It checks any submitted form for spam using Mollom's spam detection analysis, and like other Mollom plugins, requires you to obtain a set of registration keys from mollom.com before it can be actively used to protect your ASP-based forms.

Because it is written as a module at the webserver layer, it may be possible to use Mollom's spam-detection and CAPTCHA challenge ability with existing web applications running on IIS (think SharePoint or DotNetNuke). It's an interesting approach and one we haven't really considered ourselves. It will be interesting to see how this develops, and if it sticks.