CERN Accelerating science

Anti-Spam alternatives supported centrally

Sometimes you need to protect your web forms from bots and spammers, for example when publishing a webform accessible to anonymous users, or on public comments or contact forms.

On that case there a multiple options you can choose from, but in this article we will focus on the suggested and centrally provided options by the Drupal admins.

In short, the most common mitigation of spam comes in the form of CAPTCHA, but there is also other solutions called Honeypot which might be effective.

Centrally in the infrastructure we provide three modules that implements SPAM filter capabilities, we will present them in the order we consider you should evaluate them, and only in case you discard one of them while evaluating please check the next one.

  • Image Captcha: This module will present an image containing letters and numbers that the user needs to input on a textbox. This module might not be sufficent for advanced Spam bots, but can provide an first protection level at a very limited cost in complexity on your site’s configuration and maintenance.

  • Honeypot: By using this module you can easily have a honypot implemented into your website, compatible with any form and Webforms. It uses honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site. Quick tutorial instructions of usage can be found here

  • ReCAPTCHA: This module implements a CAPTCHA based on the Google’s ReCAPTCHA service v2. This is probably the most secure method from the list but it comes with some important implications in the form of Privacy issues and maintenance. Firstly a google account is needed to use the service, so this might have some impact on the maintenance of the site in case personal Google accounts are used.
    On the privacy aspect you need to understand that by using the Google’s ReCAPTCHA service you are accepting their Terms of Service, and several information is collected from the users accessing your websites in order to provide the SPAM filter functionality.

So, as summary, for maintenance and privacy concerns please use Image CAPTCHA or Honeypot modules and only fallback to ReCAPTCHA in case you don’t have anyother option. Or use any other contributed module installed locally on your website.

Thanks
Eduardo

2 Likes

Hello @eduardoa,

I want to protect some public webforms with Anti-Spam techniques. I currently use Honeypot. Is that enough? Should I accompany it with another alternative?

Kind regards,
Ioannis

Honeypot should be enough for bots, if later on the experience tells you it’s not enough I would only then evaluate other additional measures.

Thank you @eduardoa

Hi @eduardoa,

I am trying to add some captcha to the visit.cern webforms.
I have installed the extension and added captcha elements to my form. However the captcha won’t appear. Any idea what I’m missing here?

Thanks,

Marie

the captcha element will only appear for anonymous users, so be sure to be unauthenticated when visiting the webform.
If that’s not the case please share here the url and I will have a look.
Have you tried the honeypot option? simple captcha elements are easy to resolve by spam bots, the only effective one is ReCaptcha from Google, but it adds some privacy concerns.

Regards

Oh sorry, I hadn’t thought about it. It works fine actually!
Thanks a lot,
Marie