Drupal

Drupal module tutorial (7.x)

This tutorial is for the Mollom 2.x module for Drupal 7.

Installation

  1. Download the module from the Mollom project page on drupal.org.
  2. Extract it into your modules directory; e.g., /sites/all/modules/mollom.
  3. Enable the module on the Modules page.
  4. Go to People » Permissions to configure user permissions for the Mollom module.
  5. Sign up or log in on https://mollom.com and go to your Site manager to retrieve the public and private API key for your site.

Advanced server environments

If your site runs behind a reverse proxy or load balancer (e.g., Varnish, Nginx) your site must send the actual IP address for every site visitor:

  1. Enable and configure the "reverse_proxy" settings in Drupal's settings.php.
  2. Go to Reports » Recent log messages to confirm that you see a different IP address for each unique site visitor in the "Hostname" field of each log message.

Configuration

Global settings

Go to Configuration » Content authoring » Mollom content moderation » Settings

Copy the API keys for your site from Mollom.com to your Mollom module settings.

  1. Enter the API keys for your site from your Mollom.com Site manager.
  2. Enable testing mode if you want to test Mollom's user interface behavior on your site.
    This allows triggering of specific Mollom responses and protects your own author reputation while testing.
  3. Review advanced settings - these can typically be left at their default values but note that advanced features such as form behavior analysis (beta) and flag as inappropriate can be enabled or configured here.

Set up forms to protect

Go to Configuration » Content authoring » Mollom content moderation

Enable and configure Mollom for each form that you want to protect with Mollom:
Click Add form to protect a new form.

  1. Choose the form to protect from the drop-down menu.
    Select the Comment forms to protect comments. The Node forms will only protect the content submission forms.
  2. Select the protection mode:
    • Text analysis (recommended)
      Checks the submitted content for spam and only shows a CAPTCHA to contributors if Mollom is unsure.
    • CAPTCHA-only
      Only adds a CAPTCHA to the form. Only choose this option if you cannot send content to Mollom for whichever reason.

Usage

Mollom deeply integrates with the selected forms. With text analysis selected:

  1. Spam posts are discarded by default.
    For posts that support the concept of a publishing status (e.g., nodes, comments), you may also choose to retain all spam posts for manual moderation.
  2. Ham (not spam) posts are accepted.
    For comments, the final status depends on whether the author has the permission to post comments without approval.
  3. If Mollom is unsure, the author is asked to solve a CAPTCHA (word verification).
    If the CAPTCHA is not solved correctly, the author is presented a new one and asked to try again.
  4. In case spam posts are not caught by Mollom, you can report them when deleting.
    The Mollom service learns from your feedback.

Content Moderation Platform

The Mollom Content Moderation Platform enables multi-site and team moderation from a centralized and unified interface, and advanced statistics and insights:

  1. Enable the option "Allow content to be moderated from the Mollom Content Moderation Platform" for desired forms.
    (only supported for forms protected via text analysis)
  2. Log in to https://my.mollom.com to moderate new content on your site(s).

Ensure you are running Drupal core 7.23 (or later), or manually apply the fix of #670454 to your site's .htaccess file:


RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Monitoring

Statistics

Go to Reports » Mollom statistics to see the statistics for your site.

Note that the statistics have a delay of 1 day.

Logging

Go to Reports » Recent log messages

Filter by category "mollom" to access detailed information for each form submission that has been processed by Mollom. When requesting support, it is helpful to include the details of one or more log messages.

For more information, read how Mollom works or consult our FAQ.

Can I retain spam posts instead of blocking them?

Not all users are comfortable with the idea of Mollom discarding spam posts without the possibility of manual review (no matter how spammy the message appears to be).

The Drupal Mollom module provides a configuration option that allows comments to be retained as unpublished posts in your site's moderation queue, no matter how spammy they may appear to be. Moderators and site administrators can then periodically review the moderation queue if necessary.

Only forms that support a publishing status (like comments or nodes/content) may be retained.

This feature is not available for some third-party Drupal modules, which do not have a publishing status. A popular example of such a module is Webform.

My site shows a "Mollom test form". How can I disable it?

The "Mollom test form" is used in Mollom unit testing, and is not necessary on a site that uses Mollom to protect content or comments.

For this entry to appear in your menu, you must have the mollom_test.module enabled in your modules list. Since, there's no reason to have that module enabled (unless you're during unit testing of some kind), simply go to admin/build/modules and uncheck the box by mollom_test.module, which will uninstall that module and prevent that menu entry from appearing for all users..

Drupal module tutorial (6.x)

This tutorial is for the 6.x-1.13 version of the Mollom Drupal module.

Mollom provides a one-stop solution for all spam problems and protects the following Drupal forms:

  • Comment forms,
  • Contact forms,
  • User registration and password request forms, and
  • Node forms for all standard and custom content types, including forum topics, articles, stories, and pages.
  • Additional forms provided by custom or contributed modules that expose their information to Mollom via Mollom's programming hooks. See the function node_mollom_form_info() in mollom.module for an example of how to implement these hooks.

Mollom intelligently combines text analysis, reputation models, site-specific blacklists and both image and audio CAPTCHAs to block spammers in an optimal, non-intrusive way. If Mollom is certain that certain content is "spam" (bad), it is automatically blocked. Likewise, if Mollom is certain that content is "ham" (good), it is automatically approved. If Mollom is uncertain, it automatically displays a CAPTCHA challenge; if the challenge is completed correctly, the content is approved, and if not, it is rejected.

For more information about Mollom, read this introduction, check the top 10 features, consult the extensive FAQ, or download the technical whitepaper.

Mollom is available in both free and subscription-only versions. Although the free version is a perfect fit for many sites, the subscription-only service Mollom Plus provides support for large post volumes and has access to an enhanced backend server architecture not available to Mollom Free clients. The subscription-only service Mollom Premium provides enterprise-level support and even larger posting volumes for large corporate and enterprise clients. Mollom was initially developed for Drupal, although many other clients and development libraries are available.

Installing and using Mollom

First steps

  1. Download the Mollom module from the project page or from Mollom.com. Be sure to pick a version of the Mollom client that matches your version of Drupal (the Mollom module featured in this tutorial are the 6.x versions for Drupal). The module package should be placed with the rest of your contributed Drupal modules (generally, in "sites/all/modules" or "sites/default/modules").
  2. Go to Mollom.com.
  3. Login with your Mollom.com account or create an account if you don't have one.
  4. Select "Manage sites" from the upper right menu at Mollom.com.
  5. Select "Add subscription" to create a new key pair for your website (or "edit subscription" to access a subscription for an existing site tied to your account).
  6. Visit your site's module list (Administer >> Site building >> Modules) and enable the Mollom module.

Mollom configuration settings

  1. Visit your site's Mollom "Settings" page (Administer >> Site configuration >> Mollom >> Settings) and enter the key pair associated with your site (from the previous step 5). While at this page, also configure your site's fallback strategy for handling content when Mollom is unavailable as well as any languages you would like to use to limit expected content. This is also where you can enable testing mode to verify Mollom's interface while protecting your author reputation.
  2. Review your advanced configuration be expanding the "Advanced configuration" fieldset on the settings form. These settings can typically be left at their default values but note that advanced features such as form behavior analysis and flag as inappropriate can be enabled or configured here.
  3. Visit the "Add form" page (Administer >> Site configuration >> Mollom >> Add fom) and select the forms you wish to be protected from the drop-down menu. User registration, node entry, comment and contact forms (if the contact module is enabled) can be selected in most Drupal installations, along with any additional forms that your custom or contributed modules may make available. Each form you select may present an additonal configuration page that allows you to select what fields on that form, if applicable, are analyzed. If a form is added to Mollom's protection list, but no specific fields on the form are selected for analysis, the form always protected by a Mollom CAPTCHA image. If individual (or all) fields on a form are selected for analysis, the text in those fields are analyzed by Mollom's content filters and a CAPTCHA image is only displayed if Mollom is unsure whether to classify the text as "ham" (good) or "spam" (bad) content.

  4. Optionally, visit the "Forms" page (Administer >> Site configuration >> Mollom >> Forms) to adjust the specific settings for any forms that have already been added to your Mollom configuration.
  5. Optionally, visit the "Blacklist" page (Administer >> Site configuration >> Mollom >> Blacklist) to add any specific URLs, words or phrases that you would like to specifically blacklist. Your blacklist settings are specific to your site, and allow you to automatically block either specific phrases or specific URLs from form fields. For each entry, you can determine the "reason" (i.e., Spam, Profanity, and Unwanted) each phrase or URL is blocked. (See the mollom.addBlacklistText and mollom.addBlacklistURL for more information on blacklisting.)

Mollom permissions, logging and reporting spam

  1. Visit the "mollom module" section of the"Permissions" page (Administer >> User management >> Permissions) to configure your site's access permissions.
    • access mollom statistics: gives user roles access to view Mollom's reports and usage statistics
    • administer mollom: gives user roles the ability to configure Mollom, set up protected forms, and moderate content
    • bypass mollom protection: allows user roles to automatically skip Mollom protection. This should be applied only to your most trusted user roles.
    • report to mollom: user roles will be shown a link to flag previously protected content as inappropriate for your site

  2. Mollom is designed to operate without constant administrator intervention. All of Mollom's decisions about whether it approves, denies, or displays a CAPTCHA on new content is recorded in the standard Drupal log (Administer >> Reports >> Recent log entries).
  3. The Mollom module provides a graphical representation of the content that is approved or blocked on your site, which can be accessed on the "Mollom statistics" page (Administer >> Reports >> Mollom statistics).
  4. Occasionally, it might be necessary to report a post or comment to Mollom as spam if a spam comment slips by Mollom's filters. Mollom automatically adds "Report to Mollom and unpublish" and "Report to Mollom and delete" options to the "Update options" dropdowns available at the "Content" (Administer >> Content management >> Content) and "Comments" (Administer >> Content management >> Comments) pages. Additionally, "report to Mollom" links are automatically added to protected content when it is displayed, if you have "administer content" permissions.

Mollom CAPTCHAs

  1. When submitting a form protected by Mollom, the Mollom module will display a Mollom CAPTCHA challenge if (a) text analysis on the form fields passed to Mollom's backend network generates an "unsure" score, meaning Mollom cannot determine if the content is spam or not (if Mollom is sure the content is good, the form is accepted outright; if it is sure the content is bad, the form is rejected outright) or (b) the form configuration is set so that all form fields are unchecked (in this case, Mollom will always display a CAPTCHA challenge).
  2. If the CAPTCHA challenge is not entered successfully, the user will be prompted to re-try the challenge with a different CAPTCHA image.

Drupal module tutorial (5.x)

This tutorial is for the 1.7 version of the Mollom Drupal module.

Mollom provides a one-stop solution for all spam problems and protects the following Drupal forms:

  • Comment forms
  • Contact forms
  • User registration forms
  • Password request forms
  • Any node form, including forum topics, articles, stories, pages, and more. As you create new content types with CCK, additional settings to protect these forms appear on your Mollom setting page.

Mollom intelligently combines text analysis, reputation models and both image and audio CAPTCHAs to block spammers in an optimal and non-intrusive way. For more information about Mollom, you can read this introduction, check the top 10 features, consult the extensive FAQ, or download the technical whitepaper.

Mollom is available in both free and subscription-only versions. Although the free version is a perfect fit for many sites, its subscription-only service, Mollom Plus, provides support for large post volumes and has access to an enhanced backend server architecture not available to Mollom Free clients. Mollom was initially developed for Drupal, although a number of other clients and development libraries are available.

Installing Mollom's spam protection module

  1. Download the Mollom module from the project page or from Mollom.com. Be sure to pick a version of the Mollom client that matches your version of Drupal. The module package should be placed with the rest of your contributed Drupal modules (generally, in "sites/all/modules" or "sites/default/modules").
  2. Go to Mollom.com.
  3. Login with your Mollom.com account, or create an account if you don't have one.
  4. Select "Manage sites" from the upper right menu at Mollom.com.
  5. Select "Add subscription" to create a new key pair for your website (or "edit subscription" to access a subscription for an existing site tied to your account).
  6. Visit your site's module list (Administer >> Site building >> Modules) and enable the Mollom module.
  7. Visit your site's Mollom settings page (Administer >> Site configuration >> Mollom) and enter the key pair associated with your site (from step 5).
  8. Review the other Mollom settings and adjust as necessary.

Managing spam with Mollom

Mollom allows flexibility in protecting your forms from spam

When configuring Mollom, select the forms you wish Mollom to protect (shown below), and how you wish them to be protected. When you enable "Text analysis with CAPTCHA backup" for a form, its content will be analyzed in real-time for spam-like characteristics; if the content is definitely spam, the form submission will be blocked. If Mollom is unsure, the user is challenged with an audio and video CAPTCHA; successful CAPTCHA responses allow the form to be processed. If you select "CAPTCHA only" for a form, a CAPTCHA challenge is always displayed: a successful response to the challenge allows the form to be submitted, while an incorrect response does not. You may also select "No protection" if you wish to not use Mollom with this form.

If the content might be spam, Mollom inserts a CAPTCHA

Mollom analyzes content and rates it on its likelihood of being spam. But unlike other filtering services that only rate content with either a "ham" (not-spam) or "spam" result, Mollom also includes "unsure". If Mollom is unsure if content is spam, it presents a challenge to the user in the form of an audio/visual CAPTCHA (shown below). If the user can interactively complete the CAPTCHA, the content is processed as normal; if not, the content is blocked.

Mollom keeps you informed about your site's spam traffic

At Mollom's administration page (Administer > Site configuration > Mollom), the Mollom module interacts with the Mollom server network to present an interactive graph (shown below) of your site's spam activity.

Mollom dramatically reduces time spent on comment moderation and spam deletion

Mollom essentially eliminates the need for your comment approval queue. By analyzing the content of comments as they are posted, good comments pass through while spam comments are blocked. When Mollom is unsure about the content of a comment, it directs your site to present a CAPTCHA challenge to the poster. But, if you'd like to manually flag a comment as spam using the comment administration page, Mollom allows you to do so (shown below).

Mollom adjusts its spam filters based on your actions

If an inappropriate posting is left on your site, you have the option to delete it via a link on the comment itself. As you do so, you're prompted to tell Mollom exactly how the comment is inappropriate for your site (shown below). Mollom learns from the comments you manually block as spam, and incorporates that knowledge into its content analysis engine.