Recently, I asked a colleague why I couldn't comment on their fancy, new, corporate blog and this was their response:
Yeah, it's pretty unfortunate at the moment, I've had to turn off commenting for unregistered users on the site, because we were getting spammed so heavily and even though I had the Spam filter on at full strength many were still getting through. I'd like to find a better solution, though, because right now you have to create an account to be able to post comments (which nobody will do, I'm sure). If you have any wisdom or suggestions from your Drupal experience on how to deal with such massive spamming issues, I'd love to glean some knowledge
At the risk of attracting a line-up of comment spammers determined to make me look bad, I offer the following recipe for fighting comment spam with Drupal (as I do on my Drupal-powered blog): * First, I use the Captcha module without the image captcha (instead, it uses a simple math question to confirm that the comment is from a human) * Then I add the Comment Mail module (to get notifications of new comments) * Next, I stir in the Comment Info (which allows people to check a "remember me" button) * Finally, add a quick dash of Spam Module v2 (just in case the occasional brute force attack on the math question slips through*)
This way, I don't require that people log-in, or create an account, to leave comments.
- People actually comment (on occasion) because there are fewer hurdles to jump over
- Increased security, because there are no "privileged" accounts on my system
- No spam: ever. (Though, I'm hanging my ass out a bit with this posting!)
- No need to pre-screen comments, as the only ones that get through are legit
* Update: Laura Scott of Ping Vision reported on the last Drupal shops call that she was getting the occasional spam still using a similar recipe -- so, if you have an experience to share -- or, better yet, another recipe -- please post it here!