Best ways to handle spam in Drupal?

Recently my iPod and now my iPhone has been filling with the excellent Lullabot Podcast. The podcast covers everything Drupal and I've been working back through some of the previous episodes. Episode 40 covers the top 40 Drupal projects. The list is great. I've used many of the modules and I'm now experimenting with many others.

The question I came across has to do with spam handling. I'm using the Spam module and pretty happy with it. Every once in a while something slips through and very rarely there has been the odd false positive but it has worked well overall. The podcast recommends the Akismet module. Does it work better? What sorts of experiences have people had who have tried both?



I suffer too

I get plenty of spam on my site - but thanks to the spam module + a few tweaks (like adding the "people" and "myspace" subject as increased chance of spam) I get VERY little in the way of published spam.

Akismet is probably better, however if you earn anything worthwhile from your blog then they like you to pay for it... Judging by your adsense it looks like you're trying to earn from your blog like I am.

Hint... try setting the adsense to blend in more, I think you'll get more revenue (see my site). Basically, set the background and border to the background colour of the block and then set the link and text colour to the same as your theme.

I have used Akismet on my

I have used Akismet on my Wordpress site and have been very happy with it. I ran both Spam and Akismet on my site for a while but then ended up disabling Spam and kept to Akismet. No idea which is better. Both seemed to let some spam through. The bigger problem I see on Drupal is the difficulty in managing large numbers of comments at once. With Wordpress you have a list of comments with brief previews and can mark each of them as spam or not spam and then process them all at once. On Drupal you only see the titles and can only mark them for once action to be performed at once.

We use both

We use both the Spam and Akismet modules and are happy with the result. We get close to 100 spam comments per day and only one or two a week get through -- if that. There are definitely some that are caught by one or the other, not both, which is why we keep both enabled. I would say that Spam module does a better job as a first line of defense against persistent spambots who barrage you with variations of the same message. Among other things, it looks for URLs in comments that are similar to URLs in previous spam. I think Akismet does a better job dealing with new spam that you haven't seen before.

I also help run a Wordpress blog and agree w/ the previous comment that Wordpress's anti-spam usability is better than Drupal's.

I have used the Akismet

I have used the Akismet module for quite some time now and think it works very good, only two spam comments went through it, one of which was not easy to detect as spam.
I very good method that you use too is to enforce comment preview.

Another Akismet fan

Add my voice to the pro-Akismet chorus. I'm using it on a WordPress blog and two Drupal sites, including our corporate site; Akismet captures literally dozens of spam comments a day on each.

what about captcha? have

what about captcha? have people found that they like spam or akismet better than captcha?

Don't care for captcha

Personally I'm very much against captchas, especially "on the cheap". The first major problem is they don't degrade well. Users with adaptive technology are all too often left out of "low-end" capatcha's and left out of the conversation. They annoy me enough that I rarely comment on a blog that requires them. The text-based "questions" one has to answer are slightly better but I'm still not a fan. The spam module has worked very well for this site (and others) for some time. It takes a little building with some custom filters up front (or at least did in previous versions) but it has worked quite well.


I've had a lot of attempts to spam my Drupal site, but no success so far. I use the Registration Code and Troll modules. I have also set registration and comments to require approval before posting. Additionally, I have blocked anonymous proxies and China in my .htaccess file because about 98% of the would-be spammers at my site surf in on proxies, and when I uncover the IP addresses behind the proxies they are always from China. I get about 30-50 hits per day from auto-registration bots, but so far Registration Code has kept them from successfully registering for an account.

Akismet working fine for me on Wordpress

I run a wordpress blog which don't get much spam but any that I do get is blocked by Akismet, so I get Akismet the thumbs up for any CMS site.

No Help Here - But am Looking For Info on iPods

I don't know.

I would like to know more about iPods.

Wish I could help, but your questions go over my head. I have never even had an iPod and the only pods I know of are in the swamp. But Josh, I like your blog. Would like it even more if I could relate to what you're talking about.

Thanks for the podcast

Thanks for the podcast suggestion. I haven't heard of that one and I am a big podcast fan.

I ended up developing my own solutions

Hi everyone.

I found all those solutions too complicated, annoying for the users, and some of them not accesible, so I ended up developing my own methods. They are perfoming really well, more than 98% effectiveness, but I'm still trying to improve those numbers while keeping the site accesible.

So, suggestions are welcome.

Thse are the links:

Stop SPAM in your site being invisible. A honeytrap for Drupal comments form

Stop SPAM in your Drupal site by being slow

Drupal 5 webform SPAM

I have a legacy client in Drupal 5 that just started getting massive amounts of SPAM via a webform. Since the web form was displayed on all pages in a block, I thought a CAPTCHA would be obtrusive, so I wrote a snippet of code to check for links in the body of the submission. I wrote this up here: