Does this scenario sound familiar? You go to fill out a form online and submit information about yourself, but before you can actually hit “submit,” you have to decode a series of blurry letters.
Did you know those blurry letters have an actual name? They are called a CAPTCHA.
CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a program or system intended to recognize a human user and prevent spam. There are different types of CAPTCHAs, but unfortunately, one of the most popular is a challenge-response system like the one mentioned above, where users are inconvenienced with text or picture puzzles to solve in order to prove they are human users. This type of CAPTCHA can be a major deterrent for users. It lowers conversion rates on forms and decreases customer satisfaction.
Google recently updated its captcha system — called reCAPTCHA — to make it easier to use. There are no more word challenges or pictures to recognize, however, there is still a check box for user to click.
The best scenario is to have a spam prevention service like Mollom that requires no user interaction at all (in most cases).
For those who have never heard of Mollom, it is an Acquia-supported, very popular spam filtering service. The strength of Mollom is that it does not rely on CAPTCHA for verification but instead analyzes content for "spam like" characteristics in real time. Good content gets posted normally. Bad content get blocked. For content that Molllom is unsure about, a CAPTCHA is presented.
In a surprising announcement, it was recently announced that the Mollom service will reach its end-of-life as of April 2018. That means the Drupal Mollom module will either block all form submissions or none, depending on how it is configured. Therefore, it is highly recommended to start converting away from Mollom and use an alternative spam prevention module.
Fortunately, there are other excellent Drupal spam prevention modules that are also not intrusive for users, meaning they don’t feature a CAPTCHA.
- http:BL (https://www.drupal.org/project/httpbl)
Similar to the Mollom module, http:BL is based on anexternal service. Unlike Mollom, it is a very different type of service called Project Honey Pot. http:BL basically relays on a centralized DNS blacklist that is generated collectively by websites that utilize it. It has several impressive features, but most notably it can completely block incoming requests coming from blacklisted IPs and can prevent spam bots from scraping websites for email addresses. Furthermore, it works well together with other spam blocking modules.
BL will be available for both Drupal 7 and Drupal 8, but the Drupal 8 version is currently in dev only.
- Antibot (https://www.drupal.org/project/antibot)
Antibot is available for both Drupal 7 and Drupal 8.
- Honeypot (https://www.drupal.org/project/honeypot)
Honeypot is currently one of the most popular anti-spam modules. It is not intrusive (no CAPTCHA) and it utilizes two methods to block unwanted submissions. First, it adds hidden fields to protected forms. This field is configurable, but it usually will have a name such as url, link, webpage, etc. — basically a field that spam bots will not be able to resist, hence the "Honeypot" method. The other method is a timestamp that basically checks how long it took for the form to be submitted from the time the page was loaded. The default time is five seconds, but it can be adjusted accordingly. One negative point is that pages with forms protected by honeypot can’t be cached.
Honeypot is available for both Drupal 7 and Drupal 8.
- BOTCHA (https://www.drupal.org/project/botcha)
BOTCHA is available for Drupal 7 only.
While Mollom’s discontinuation is disappointing, as you can see, there are a number of other spam prevention options available to Drupal users.
If you have questions about these or other modules, or would like to learn more about Duo, please don’t hesitate to contact us today.