Drupal

Spam retention options (for the Drupal Mollom module only)

Not all of our users are comfortable with the idea of Mollom discarding spam without the possibility of manual review (no matter how spammy the message appears to be). To address this issue, versions of the Drupal Mollom module beginning with mollom-6.x-1.15 add a new basic configuration option that causes comments to be retained as unpublished posts in your site's moderation queue, no matter how spammy they may appear to be. Moderators and site administrators can then periodically review the moderation queue if necessary.

Only forms that support a publishing status (like comments or posts) may be retained. This feature is not available for some contributed modules which manage data that does not have a "published" or "unpublished" status. An example of such a module is webform.

My site shows a "Mollom test form". How can I disable it?

The "Mollom test form" is used in Mollom unit testing, and is not necessary on a site that uses Mollom to protect content or comments.

For this entry to appear in your menu, you must have the mollom_test.module enabled in your modules list. Since, there's no reason to have that module enabled (unless you're during unit testing of some kind), simply go to admin/build/modules and uncheck the box by mollom_test.module, which will uninstall that module and prevent that menu entry from appearing for all users..

Drupal module tutorial (6.x)

Submitted by Keith Smith on June 25, 2010 - 20:15

This tutorial is for the 6.x-1.13 version of the Mollom Drupal module.

Mollom provides a one-stop solution for all spam problems and protects the following Drupal forms:

  • Comment forms,
  • Contact forms,
  • User registration and password request forms, and
  • Node forms for all standard and custom content types, including forum topics, articles, stories, and pages.
  • Additional forms provided by custom or contributed modules that expose their information to Mollom via Mollom's programming hooks. See the function node_mollom_form_info() in mollom.module for an example of how to implement these hooks.

Mollom intelligently combines text analysis, reputation models, site-specific blacklists and both image and audio CAPTCHAs to block spammers in an optimal, non-intrusive way. If Mollom is certain that certain content is "spam" (bad), it is automatically blocked. Likewise, if Mollom is certain that content is "ham" (good), it is automatically approved. If Mollom is uncertain, it automatically displays a CAPTCHA challenge; if the challenge is completed correctly, the content is approved, and if not, it is rejected.

For more information about Mollom, read this introduction, check the top 10 features, consult the extensive FAQ, or download the technical whitepaper.

Mollom is available in both free and subscription-only versions. Although the free version is a perfect fit for many sites, the subscription-only service Mollom Plus provides support for large post volumes and has access to an enhanced backend server architecture not available to Mollom Free clients. The subscription-only service Mollom Premium provides enterprise-level support and even larger posting volumes for large corporate and enterprise clients. Mollom was initially developed for Drupal, although many other clients and development libraries are available.

Installing and using Mollom

First steps

  1. Download the Mollom module from the project page or from Mollom.com. Be sure to pick a version of the Mollom client that matches your version of Drupal (the Mollom module featured in this tutorial is 6.x-1.13, for 6.x versions of Drupal). The module package should be placed with the rest of your contributed Drupal modules (generally, in "sites/all/modules" or "sites/default/modules").
  2. Go to Mollom.com.
  3. Login with your Mollom.com account or create an account if you don't have one.
  4. Select "Manage sites" from the upper right menu at Mollom.com.
  5. Select "Add subscription" to create a new key pair for your website (or "edit subscription" to access a subscription for an existing site tied to your account).
  6. Visit your site's module list (Administer >> Site building >> Modules) and enable the Mollom module.

Mollom configuration settings

  1. Visit your site's Mollom "Settings" page (Administer >> Site configuration >> Mollom >> Settings) and enter the key pair associated with your site (from the previous step 5). While at this page, also configure your site's "Fallback strategy" (which determines how Mollom dispenses of new posts if the Mollom backend network is unavailable) and if a link to Mollom's privacy policy should be displayed on protected forms.

  2. Visit the "Add form" page (Administer >> Site configuration >> Mollom >> Add fom) and select the forms you wish to be protected from the drop-down menu. User registration, node entry, comment and contact forms (if the contact module is enabled) can be selected in most Drupal installations, along with any additional forms that your custom or contributed modules may make available. Each form you select may present an additonal configuration page that allows you to select what fields on that form, if applicable, are analyzed. If a form is added to Mollom's protection list, but no specific fields on the form are selected for analysis, the form always protected by a Mollom CAPTCHA image. If individual (or all) fields on a form are selected for analysis, the text in those fields are analyzed by Mollom's content filters and a CAPTCHA image is only displayed if Mollom is unsure whether to classify the text as "ham" (good) or "spam" (bad) content.


  3. Optionally, visit the "Forms" page (Administer >> Site configuration >> Mollom >> Forms) to adjust the specific settings for any forms that have already been added to your Mollom configuration.

  4. Optionally, visit the "Blacklist" page (Administer >> Site configuration >> Mollom >> Blacklist) to add any specific URLs, words or phrases that you would like to specifically blacklist. Your blacklist settings are specific to your site, and allow you to automatically block either specific phrases or specific URLs from form fields. For each entry, you can determine the "reason" (i.e., Spam, Profanity, and Unwanted) each phrase or URL is blocked. (See the mollom.addBlacklistText and mollom.addBlacklistURL for more information on blacklisting.)

Mollom permissions, logging and reporting spam

  1. Visit the "mollom module" section of the"Permissions" page (Administer >> User management >> Permissions) to configure your site's access permissions. If any of your user roles should automatically bypass or skip Mollom protection (i.e., never be presented with a Mollom CAPTCHA), check "bypass mollom protection" for that user role. User roles with administrative responsibilities may also need "administer mollom" permissions if they are responsible for moderating content. It is not necessary to restrict access to the permission "post comments without approval" when using Mollom, as Mollom will automatically analyze comments when the "Comment: comment form" is added to Mollom's forms list.

  2. Mollom is designed to operate without constant administrator intervention. All of Mollom's decisions about whether it approves, denies, or displays a CAPTCHA on new content is recorded in the standard Drupal log (Administer >> Reports >> Recent log entries).

  3. The Mollom module provides a graphical representation of the content that is approved or blocked on your site, which can be accessed on the "Mollom statistics" page (Administer >> Reports >> Mollom statistics).

  4. Occasionally, it might be necessary to report a post or comment to Mollom as spam if a spam comment slips by Mollom's filters. Mollom automatically adds "Report to Mollom and unpublish" and "Report to Mollom and delete" options to the "Update options" dropdowns available at the "Content" (Administer >> Content management >> Content) and "Comments" (Administer >> Content management >> Comments) pages. Additionally, "report to Mollom" links are automatically added to protected content when it is displayed, if you have "administer content" permissions.

Mollom CAPTCHAs

  1. When submitting a form protected by Mollom, the Mollom module will display a Mollom CAPTCHA challenge if (a) text analysis on the form fields passed to Mollom's backend network generates an "unsure" score, meaning Mollom cannot determine if the content is spam or not (if Mollom is sure the content is good, the form is accepted outright; if it is sure the content is bad, the form is rejected outright) or (b) the form configuration is set so that all form fields are unchecked (in this case, Mollom will always display a CAPTCHA challenge).

  2. If the CAPTCHA challenge is not entered successfully, the user will be prompted to re-try the challenge with a different CAPTCHA image.

Drupal module tutorial (5.x)

Submitted by Dries Buytaert on November 25, 2008 - 20:13

This tutorial is for the 1.7 version of the Mollom Drupal module.

Mollom provides a one-stop solution for all spam problems and protects the following Drupal forms:

  • Comment forms
  • Contact forms
  • User registration forms
  • Password request forms
  • Any node form, including forum topics, articles, stories, pages, and more. As you create new content types with CCK, additional settings to protect these forms appear on your Mollom setting page.

Mollom intelligently combines text analysis, reputation models and both image and audio CAPTCHAs to block spammers in an optimal and non-intrusive way. For more information about Mollom, you can read this introduction, check the top 10 features, consult the extensive FAQ, or download the technical whitepaper.

Mollom is available in both free and subscription-only versions. Although the free version is a perfect fit for many sites, its subscription-only service, Mollom Plus, provides support for large post volumes and has access to an enhanced backend server architecture not available to Mollom Free clients. Mollom was initially developed for Drupal, although a number of other clients and development libraries are available.

Installing Mollom's spam protection module

  1. Download the Mollom module from the project page or from Mollom.com. Be sure to pick a version of the Mollom client that matches your version of Drupal. The module package should be placed with the rest of your contributed Drupal modules (generally, in "sites/all/modules" or "sites/default/modules").
  2. Go to Mollom.com.
  3. Login with your Mollom.com account, or create an account if you don't have one.
  4. Select "Manage sites" from the upper right menu at Mollom.com.
  5. Select "Add subscription" to create a new key pair for your website (or "edit subscription" to access a subscription for an existing site tied to your account).
  6. Visit your site's module list (Administer >> Site building >> Modules) and enable the Mollom module.
  7. Visit your site's Mollom settings page (Administer >> Site configuration >> Mollom) and enter the key pair associated with your site (from step 5).
  8. Review the other Mollom settings and adjust as necessary.

Managing spam with Mollom

Mollom allows flexibility in protecting your forms from spam

When configuring Mollom, select the forms you wish Mollom to protect (shown below), and how you wish them to be protected. When you enable "Text analysis with CAPTCHA backup" for a form, its content will be analyzed in real-time for spam-like characteristics; if the content is definitely spam, the form submission will be blocked. If Mollom is unsure, the user is challenged with an audio and video CAPTCHA; successful CAPTCHA responses allow the form to be processed. If you select "CAPTCHA only" for a form, a CAPTCHA challenge is always displayed: a successful response to the challenge allows the form to be submitted, while an incorrect response does not. You may also select "No protection" if you wish to not use Mollom with this form.

If the content might be spam, Mollom inserts a CAPTCHA

Mollom analyzes content and rates it on its likelihood of being spam. But unlike other filtering services that only rate content with either a "ham" (not-spam) or "spam" result, Mollom also includes "unsure". If Mollom is unsure if content is spam, it presents a challenge to the user in the form of an audio/visual CAPTCHA (shown below). If the user can interactively complete the CAPTCHA, the content is processed as normal; if not, the content is blocked.

Mollom keeps you informed about your site's spam traffic

At Mollom's administration page (Administer > Site configuration > Mollom), the Mollom module interacts with the Mollom server network to present an interactive graph (shown below) of your site's spam activity.

Mollom dramatically reduces time spent on comment moderation and spam deletion

Mollom essentially eliminates the need for your comment approval queue. By analyzing the content of comments as they are posted, good comments pass through while spam comments are blocked. When Mollom is unsure about the content of a comment, it directs your site to present a CAPTCHA challenge to the poster. But, if you'd like to manually flag a comment as spam using the comment administration page, Mollom allows you to do so (shown below).

Mollom adjusts its spam filters based on your actions

If an inappropriate posting is left on your site, you have the option to delete it via a link on the comment itself. As you do so, you're prompted to tell Mollom exactly how the comment is inappropriate for your site (shown below). Mollom learns from the comments you manually block as spam, and incorporates that knowledge into its content analysis engine.