Drupal module tutorial (6.x)

Submitted by Keith Smith on June 25, 2010 - 20:15

This tutorial is for the 6.x-1.13 version of the Mollom Drupal module.

Mollom provides a one-stop solution for all spam problems and protects the following Drupal forms:

  • Comment forms,
  • Contact forms,
  • User registration and password request forms, and
  • Node forms for all standard and custom content types, including forum topics, articles, stories, and pages.
  • Additional forms provided by custom or contributed modules that expose their information to Mollom via Mollom's programming hooks. See the function node_mollom_form_info() in mollom.module for an example of how to implement these hooks.

Mollom intelligently combines text analysis, reputation models, site-specific blacklists and both image and audio CAPTCHAs to block spammers in an optimal, non-intrusive way. If Mollom is certain that certain content is "spam" (bad), it is automatically blocked. Likewise, if Mollom is certain that content is "ham" (good), it is automatically approved. If Mollom is uncertain, it automatically displays a CAPTCHA challenge; if the challenge is completed correctly, the content is approved, and if not, it is rejected.

For more information about Mollom, read this introduction, check the top 10 features, consult the extensive FAQ, or download the technical whitepaper.

Mollom is available in both free and subscription-only versions. Although the free version is a perfect fit for many sites, the subscription-only service Mollom Plus provides support for large post volumes and has access to an enhanced backend server architecture not available to Mollom Free clients. The subscription-only service Mollom Premium provides enterprise-level support and even larger posting volumes for large corporate and enterprise clients. Mollom was initially developed for Drupal, although many other clients and development libraries are available.

Installing and using Mollom

First steps

  1. Download the Mollom module from the project page or from Mollom.com. Be sure to pick a version of the Mollom client that matches your version of Drupal (the Mollom module featured in this tutorial is 6.x-1.13, for 6.x versions of Drupal). The module package should be placed with the rest of your contributed Drupal modules (generally, in "sites/all/modules" or "sites/default/modules").
  2. Go to Mollom.com.
  3. Login with your Mollom.com account or create an account if you don't have one.
  4. Select "Manage sites" from the upper right menu at Mollom.com.
  5. Select "Add subscription" to create a new key pair for your website (or "edit subscription" to access a subscription for an existing site tied to your account).
  6. Visit your site's module list (Administer >> Site building >> Modules) and enable the Mollom module.

Mollom configuration settings

  1. Visit your site's Mollom "Settings" page (Administer >> Site configuration >> Mollom >> Settings) and enter the key pair associated with your site (from the previous step 5). While at this page, also configure your site's "Fallback strategy" (which determines how Mollom dispenses of new posts if the Mollom backend network is unavailable) and if a link to Mollom's privacy policy should be displayed on protected forms.

  2. Visit the "Add form" page (Administer >> Site configuration >> Mollom >> Add fom) and select the forms you wish to be protected from the drop-down menu. User registration, node entry, comment and contact forms (if the contact module is enabled) can be selected in most Drupal installations, along with any additional forms that your custom or contributed modules may make available. Each form you select may present an additonal configuration page that allows you to select what fields on that form, if applicable, are analyzed. If a form is added to Mollom's protection list, but no specific fields on the form are selected for analysis, the form always protected by a Mollom CAPTCHA image. If individual (or all) fields on a form are selected for analysis, the text in those fields are analyzed by Mollom's content filters and a CAPTCHA image is only displayed if Mollom is unsure whether to classify the text as "ham" (good) or "spam" (bad) content.


  3. Optionally, visit the "Forms" page (Administer >> Site configuration >> Mollom >> Forms) to adjust the specific settings for any forms that have already been added to your Mollom configuration.

  4. Optionally, visit the "Blacklist" page (Administer >> Site configuration >> Mollom >> Blacklist) to add any specific URLs, words or phrases that you would like to specifically blacklist. Your blacklist settings are specific to your site, and allow you to automatically block either specific phrases or specific URLs from form fields. For each entry, you can determine the "reason" (i.e., Spam, Profanity, and Unwanted) each phrase or URL is blocked. (See the mollom.addBlacklistText and mollom.addBlacklistURL for more information on blacklisting.)

Mollom permissions, logging and reporting spam

  1. Visit the "mollom module" section of the"Permissions" page (Administer >> User management >> Permissions) to configure your site's access permissions. If any of your user roles should automatically bypass or skip Mollom protection (i.e., never be presented with a Mollom CAPTCHA), check "bypass mollom protection" for that user role. User roles with administrative responsibilities may also need "administer mollom" permissions if they are responsible for moderating content. It is not necessary to restrict access to the permission "post comments without approval" when using Mollom, as Mollom will automatically analyze comments when the "Comment: comment form" is added to Mollom's forms list.

  2. Mollom is designed to operate without constant administrator intervention. All of Mollom's decisions about whether it approves, denies, or displays a CAPTCHA on new content is recorded in the standard Drupal log (Administer >> Reports >> Recent log entries).

  3. The Mollom module provides a graphical representation of the content that is approved or blocked on your site, which can be accessed on the "Mollom statistics" page (Administer >> Reports >> Mollom statistics).

  4. Occasionally, it might be necessary to report a post or comment to Mollom as spam if a spam comment slips by Mollom's filters. Mollom automatically adds "Report to Mollom and unpublish" and "Report to Mollom and delete" options to the "Update options" dropdowns available at the "Content" (Administer >> Content management >> Content) and "Comments" (Administer >> Content management >> Comments) pages. Additionally, "report to Mollom" links are automatically added to protected content when it is displayed, if you have "administer content" permissions.

Mollom CAPTCHAs

  1. When submitting a form protected by Mollom, the Mollom module will display a Mollom CAPTCHA challenge if (a) text analysis on the form fields passed to Mollom's backend network generates an "unsure" score, meaning Mollom cannot determine if the content is spam or not (if Mollom is sure the content is good, the form is accepted outright; if it is sure the content is bad, the form is rejected outright) or (b) the form configuration is set so that all form fields are unchecked (in this case, Mollom will always display a CAPTCHA challenge).

  2. If the CAPTCHA challenge is not entered successfully, the user will be prompted to re-try the challenge with a different CAPTCHA image.