Time for another update on the battle against spam.

Mollom has been great in fending off the large amounts of spam on the other site I run Freaky Tiki Productions. But I allow anonymous comments to be posted so you know that is just a breeding ground for spam comments. And last year for some reason a lot more html linked spam comments were getting through... and to say that it was annoying would be the biggest understatement of last year ( maybe even this year but its too soon to tell).

So I decided it was time to change to that, but I wasn't sure how. I didn't want to give up on the anonymous comments, but I had to stop people from posting linked spam. But after some tinkering I found a solution:

once logged into Drupal, and under the Administer-> Site Configuration-> Input Formats.

1)Click Configure for Full HTML

A.Un-check the box to allow unauthenticated users access to Full HTML

2)Return to Input Formats (the link at the top of the picture works well)
3)Set Filtered HTML to be the default
4)Under the Filtered HTML Edit tab

A.click on the Configure tab at the top

B.inside the “Allowed HTML tags” input box, remove "bracket a bracket"

And that is it. You have now disallowed anonymous users from using full html when posting comments and also stopped them from creating html links within said comments.

This has done wonders for me in cutting down comment spam. Next up, try to figure out the same thing for the name used when posting comments. The war continues!

So a while ago I wrote about CAPTCHA's. And I ended up saying how I was going to try out Mollom for my automated spam removal. Well, a couple of weeks later, I'm returning to this topic to give some kind of review of Mollom.

So I have to say that right off the bat that it works, and it works well. At the moment of this writing, not one piece of spam has infected my comments. While at the same time, people created comments have gotten through. And for all you out there wondering how Mollom can tell the difference. And while that could be a whole blog post just to itself, we can just shorten the idea down to a view simple concepts: Bayesian probability and a very large sample set. We get an idea of how large of a sample set that Mollom might have just by reading the a part of their front page (please note that these numbers are dynamic and will change):

“Mollom is currently protecting 10,310 active websites. The average efficiency is 99.91%. This means that only 9 in 10,000 spam messages were not caught. Mollom has caught 107,635,481 spam messages since it started. Today we caught 179,461 spam messages. On average, 90% of all messages are spam.”

And doing some math with that statical model, you could probably come up with a good sized grid of what are "good" words used in comments and what are "bad" words used in spam.

One of the things I do like about Mollom, is within the Drupal module it has a nice graph to let you know how much spam has been blocked and how many legitimate operations have happened, as shown in the picture below:

Some people might find this helpful, some might not. I do because it gives me a metric towards how frequently my site is getting attacked by spammers.

Some of you might be wondering about false positives. Mollom by default sets up comments to be checked with the Mollom servers and if a comment is flagged as potential spam, it requests the submitter to verify the comment through an image based CAPTCHA. So while there is still a CAPTCHA involved, its not the primary means of human authentication, so I feel this is a healthy compromise.

The short of it is that if you happen to run a Drupal based site, and want to avoid spam , I couldn't recommend Mollom enough.