Website spamming is a way of life on the Internet. Unscrupulous people can cause serious problems with your website by repeatedly registering, posting useless comment links, and other unsavory things to forms on your website.
For smaller websites, having an active moderator can be very effective. You can set Drupal to only allow users to register or comments to be posted after administrator review.
The following methods can help you to alleviate form spam issues on your website:
Note: The methods listed on this page aren't meant to be an exhaustive list, and may not meet your website's particular needs.
Method
Description
User Moderation
To set registration moderation, visit the account settings page (/admin/config/people/accounts), and select both the Visitors, but administrator approval is required and the Require e-mail verification when a visitor creates an account options, because spammers often don't take the step of verifying emails. A further step would be to use a module like Registration Role
Comment moderation
Comments can be turned off on a per-content type basis. You can also limit permissions so that only registered users can comment, and you can also set up comments to turn off after a certain period of time by using the Auto Close Comments module.
CAPTCHA
While moderation is good, it's not scalable to have to rely on one or more people for monitoring. This is where up-front deterrence methods come into play. CAPTCHA provides a challenge image and can be used on most user facing Drupal forms. The CAPTCHA module's project page includes links to several modules that enable this functionality for your website, including the reCAPTCHA module. Take care with CAPTCHA modules on Acquia Cloud, because they can bypass the cache and massively increase website load. Other alternatives include hCaptcha and Friendly Captcha which are designed to respect privacy.
Registration Validation
Registration Validation allows site administrators to configure custom validation rules for the user registration form. This is helpful when bots and human signups are outsmarting regular CAPTCHA validation.
Other modules
There are several other options available for spam control, including the following:
For more information about controlling spam on your Drupal website, including additional information about the methods on this page, see Spam control modules at drupal.org.
The Honeypot project is well supported, and has additional features that some users may find helpful or more secure. It can require some minimal configuration and maintenance to continue performing at optimum levels. Be aware, if you configure time based settings, Honeypot may bypass Varnish and increase server load.
Cloud Platform