Acquia has announced that they will be ending the life of Mollom. As of April 2018, they will no longer support the product.

You have over a year to find a replacement. I am currently using Mollom and planning on changing mine now. Chances are, if I don’t, I’ll forget to change it closer to the time!

I wrote about various Drupal spam protection methods in this post a couple of years ago. There were many options, as there are now. At the time, I went with the Mollom and Honeypot combination, which I am still using today.

Acquia has recommended a combination of reCAPTCHA and Honeypot. That is what I am planning on switching to.

Full list of other options

While there are a lot of options available to you, I’ve summarised the main ones here. To see the full list, you can check out the Spam Prevention project category on Drupal.org.

reCAPTCHA

The reCAPTCHA module uses Google’s reCAPTCHA service. reCAPTCHA will show suspicious users an “I’m not a robot” checkbox and let through most human users.

To use reCAPTCHA you also need to install the CAPTCHA module.

Drupal Versions

  • Drupal 7: Stable
  • Drupal 8: Stable

reCAPTCHA project page.

Honeypot

Honeypot tricks spam bots by adding a field that only they fill in. The field is named something like “homepage”, so they think it is a real field. In fact, only spam bots see the field and it is hidden from real people. If the field is filled in, the comment gets blocked. Honeypot also uses time detection. So if a comment is created in less than 5 seconds, it is more likely to be a spam bot than a human, so it gets blocked.

Drupal Versions

  • Drupal 7: Stable
  • Drupal 8: Stable

Honeypot project page.

Hashcash

According to its website, Hashcash is “a proof-of-work algorithm, which has been used as a denial-of-service counter measure technique in a number of systems.”

Sounds funky. Friends of mine have said that it worked for them.

Drupal Versions

  • Drupal 7: Stable
  • Drupal 8: Dev version

Hashcash project page: Stable Drupal

Captcha questions

Image based captchas are generally annoying for users and not totally effective. Spam bots have found ways to complete them. Mollom actually uses an image based captcha if it detects a possible bot.

But there is an alternative which people have had success with: question based captcha. Rather than showing the user a difficult to read image, present them with a simple question, such as “what is two plus ten” or “what is the capital of France”. This seems to be more effective against bots, and also a nicer experience for humans. Sure, you have to apply some thought to come up with the answer. But isn’t that easier than trying to figure out the characters in image based captchas?

Drupal Versions

  • Drupal 7: Stable
  • Drupal 8: Dev version

Captcha Questions project page

CAPTCHA

The CAPTCHA module tries to prevent spambots by asking a questions that only humans can complete. reCAPTCHA mentioned above extends CAPTCHA.

Drupal Versions

  • Drupal 7: Stable
  • Drupal 8: Beta version

Captcha project page

Antispam

The Antispam module supports 3rd party services Akismet, TypePad AntiSpam and Defensio.

According to the project page, there are known bugs in the stable version and the dev release is recommended for now.

Drupal Versions

  • Drupal 7: Stable
  • Drupal 8: None

Antispam project page

BlogSpam

The BlogSpam module supports the 3rd party BlogSpam service.

Drupal Versions

  • Drupal 7: Stable
  • Drupal 8: None

BlogSpam

Spamicide

The Spamicide module helps to prevent spam by adding a form field that only spam bots see and fill in.

Drupal Versions

  • Drupal 7: Stable
  • Drupal 8: Dev version

Spamicide project page

BOTCHA

BOTCHA works in a similar way to Spamicide in that it adds a field that bots fill in but humans don’t see.

Some people have suggested that it is more effective than Spamicide. If this is something you want to try, I recommend you test both and see which one is more effective.

Drupal Versions

  • Drupal 7: Stable
  • Drupal 8: None available

BOTCHA

Bad Behaviour

This module integrates Drupal with the 3rd party Bad Behaviour system.

Bad Behaviour is different to the other modules mentioned in that it prevents spam bots from even getting a request from Drupal. This reduces system resources. Check out the about page for more information.

Drupal Versions

  • Drupal 7: Stable
  • Drupal 8: None available

Bad Behaviour

http:BL

This module integrates with the 3rd party http:BL system. It will block spam bots from accessing your site by checking against Project Honey Pot data. You need a free Project Honey Pot account to take advantage of this service.

Drupal Versions

  • Drupal 7: Stable
  • Drupal 8: Dev version

http:BL

Wrapping up

There are a lot of options when it comes to preventing spam on your Drupal site, so there is no need to worry about the loss of Mollom. None of the options available will prevent all spambots, so you can test a few and see which ones are the most effective for you.