What can Mollom currently do?
Simply put, the Mollom service is an advanced spam filter and CAPTCHA server. Learn more.
If I have a problem with Mollom, what should I do?
Use the contact form on Mollom.com to submit a trouble ticket for our Support team. Try to provide as much information as possible about the issue. You can also use this form for information about pricing or sales, or if you have trouble signing in to the Mollom website.
For technical support requests, provide the following information:
- The name of your website
- Any relevant debug information that may have appeared in the logs of your CMS
In particular, in some of the latest Drupal plugins, there is a Mollom session ID that can provide helpful information. If the Mollom session ID is not shown on your Drupal logs, upgrade to the latest version of the module. In this module, the session ID should be at the bottom of the watchdog entry starting with
Unsure:. The session ID can also be found in the UI under Reports > Status report.
Acquia Support may require additional information, which they can help you obtain. Some of this information can include the version of PHP on your server or whether you can make outbound HTTP requests using PHP.
Which content management systems are currently supported?
Mollom supports clients for Drupal, WordPress, Joomla, Radiant, and SilverStripe. Developer libraries for Java, Ruby, Python, .NET and PHP5 that implement Mollom's open API are also available.
If Mollom doesn't already have your preferred platform's client available, the developer documentation can help you integrate Mollom into the platform you're using. See the download page for the latest list of supported systems.
What is different about Mollom’s spam filter?
Mollom uses a two-stage spam-filtering protocol. If Mollom's intelligent text analysis filter decides that some content is suspicious, or if it is unsure whether the content is legitimate, it asks the user to solve a CAPTCHA challenge before allowing the posting.
This procedure prevents almost all spam from getting through, without blocking human users.
On a software level, there is also no
markHam API call, making the service more robust. A
markHam call could allow spammers to trick users into marking spam content as ham. For more information about this method, see the blog post The science behind Mollom: Spam vs. Ham.
Why does the spam filter return "unsure?"
If Mollom is not certain whether a post is ham or spam, it will answer "unsure," and present the user with a CAPTCHA challenge.
A human user can easily solve the CAPTCHA and the content will be accepted, while automated spambot scripts will fail this test and be blocked. This allows Mollom to use much stricter content filtering and still be sure that human users will be able to post content.
I am using Mollom and I still get spam: why is this?
Although Mollom uses state-of-the-art spam detection technology, a spam message may still get through sometimes.
If this happens, submit the message to the Mollom service by clicking the mark as abuse button. Mollom will learn from this information and instantly adjust its filters.
The mark as abuse function allows Mollom to learn new spam patterns very quickly. As soon as more than one person marks a particular message as spam, Mollom will instantly begin considering it as spam, and will block it, therefore saving thousands of users from having to see it.
Where is the moderation queue?
Because Mollom uses intelligent filtering techniques, a moderation queue is not necessary. Mollom blocks approximately 99.9% of spam. Human users who post suspicious content will then use a CAPTCHA to confirm they are not spambots. This method all but eliminates the administrator's need to moderate content.Learn more.
What is a CAPTCHA?
CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It is a type of challenge-response test used to determine whether a user is human. This is done by asking a user to solve a challenge that is hard for computers, but easy for humans. Mollom currently supports both image and audio CAPTCHAs.
I installed Mollom, but I don't always see CAPTCHAs on my website's pages. Is that normal?
Since CAPTCHAs are only displayed when necessary, you will not see them all the time. Mollom protects websites by analyzing the text users enter into a form. If that text looks suspicious, Mollom will use a CAPTCHA to differentiate between the input from spammers and the input from valid users; if not, a CAPTCHA will not be shown.
Aren’t CAPTCHAs an accessibility problem?
Website accessibility is an important issue. It is true that adding image CAPTCHAs to websites makes them inaccessible to visually impaired people using screen readers or braille screens. Mollom offers users the option of requesting (English only) audio CAPTCHAs, which can be solved by visually impaired users.
Why should I use a CAPTCHA web service rather than creating my own service?
CAPTCHAs are created to differentiate human users from automated scripts; however, some CAPTCHAs can be solved by advanced computer algorithms. A common issue is the outsourcing of CAPTCHA solving to human agents in developing countries. Mollom constantly monitors the quality of the CAPTCHAs generated, and instantly adapts them if they have been hacked. Mollom also uses a reputation-based system to monitor people solving CAPTCHAs, preventing outsourced human CAPTCHA solvers from getting through the system.
Why is Mollom a web service and not a standalone module?
A standalone module would not be able to gather information from all the websites that used it. Mollom uses crowd-sourcing, or community intelligence, to analyze spam from all the websites using Mollom and learn from it. This means that if another website receives a particular spam message, Mollom can protect your website from receiving the same message. The more users using Mollom, the better its performance and the faster it can learn.
Will Mollom be able to expand without downtime?
Mollom was built to be extremely scalable and robust. If a server fails or overloads, traffic can instantly be rerouted to other live servers. This is possible because the API is built on a client-side load-balancing protocol. For more information about downtime and service levels, see Mollom's standard service-level agreement for paid subscriptions.
What is client-side load-balancing?
Load balancing means spreading around the work of running a website. High-traffic websites are run across many servers simultaneously. Server-side load balancing relies on a single load-balancer that distributes the work across other servers, which means it can get overloaded. Mollom lets its clients do the load-balancing by giving every Mollom client a unique list of servers that can handle its requests. When one of those servers is down or overloaded, the client can move on to the next active server on the list. This mechanism allows for very robust operations. In the future (or on request), Mollom will offer location-specific servers: this will mean Mollom can assign your website a preferential server near its physical location, minimizing latency while checking the content with Mollom.
Does Mollom block users?
Under some circumstances, Mollom prevents users from posting. Mollom combines text analysis with reputation checking to form a list of known spammers. In severe cases, Mollom may go beyond simply presenting these users with a CAPTCHA challenge, and block, or prevent, them from posting. Blocks are always temporary, however; over time, a blocked account will return to normal.
Does Mollom support multilingual audible CAPTCHAS?
Mollom utilizes the NATO phonetic alphabet to provide audio CAPTCHAs. This alphabet has been widely adopted by international organizations. It may not always be appropriate, however, for non-English language websites. For this reason, the Drupal module provides an option to disable audio CAPTCHAs from the Advanced configuration area of the settings form.
Does Mollom track user reputations?
User reputation is part of Mollom's algorithm for evaluating posts. Posts by a user with a reputation for spam are more likely to be flagged for a CAPTCHA challenge. Mollom uses identity information (like Drupal's user id) when it is available, and also remembers past activity. Posting spam can damage a user's reputation, while posting legitimate content with a low spam score enhances a user's reputation. Because Mollom weights recent user activity higher than past activity, internal reputations decay over time; this means that no one is permanently flagged by Mollom's filter.
How accurate must my CAPTCHA responses be?
You must complete a CAPTCHA accurately, with two exceptions:
- CAPTCHA responses are case-insensitive.
- Alternative responses for specific characters are allowed when testing suggests that those characters are often mistaken for other similar characters. For example, both 8 and B are accepted as a response for B, and both O and 0 are accepted as responses for O.
How does Mollom compare with other services, such as Akismet?
Due to its convenience, accuracy, performance, accessibility, and openness, we believe Mollom is the best solution available for preventing comment spam on your website.
To compare and contrast Mollom with other similar services, here is a table that focuses on a few key areas:
|When in doubt, use CAPTCHA?||Yes||No|
|Protect user registrations||Yes, on some platforms||No|
|Supported platforms||Drupal, Joomla!, WordPress, and others||WordPress and others|
|Multiple language support||Yes||Yes|
|Highly available back-end network||Yes||Unknown|
|Ability to retain spam for manual moderation||Yes2||Yes|
|Protection for new user registrations, lost password requests, etc.||Yes2||Unknown|
|Protection for custom and website-wide forms||Yes2||Unknown|
|Hidden honeypots to trap spambots||Yes2||Unknown|
|Form behavior analysis||Yes (beta)||Unknown3|
|Support and feedback||Yes||Yes|
|Free for personal use||Yes1||Yes|
|Free for commercial use||Yes1||No|
How long does the block on a user last?
User blocks are never permanent. They can last from a couple of hours to a couple of days, depending on the circumstances. In a very severe case, it may take weeks for a malicious poster's reputation to return to normal. There is no automated method to expedite the removal of a block on a user, although in severe cases, it can be done manually.
What about API security?
The Mollom open API uses an HMAC-based authentication scheme to make sure your key stays secure. Since Mollom takes its enterprise users very seriously and will soon also be providing many volume-limited advanced features, it is essential that Mollom user identities are secured using an industry-grade authentication system. This is done by signing each API call to Mollom with both a private and a public key. Mollom also adds an internal reputation system to prevent users from degrading the performance of Mollom’s filters.
What software do I need to play the Mollom's audio CAPTCHA?
Mollom delivers its audio CAPTCHAs using native HTML5 audio in MP3 format whenever possible. Most modern browsers will see native browser controls and be able to take advantage of existing accessibility enhancements or extensions.
When a browser configuration is unable to play the audio in MP3 format natively, a Flash fallback player is utilized. This requires the Adobe Flash Player plugin. Most browsers will automatically prompt to install the plugin if necessary. If a prompt does not appear, or if you do not wish to utilize the fallback player, a direct link to the MP3 CAPTCHA file is also included for playback in your player of choice.
To play an audio CAPTCHA, click the link beneath the CAPTCHA that reads Switch to audio verification and then click the play button or press the space bar to hear a CAPTCHA sequence repeated audibly.
Will Mollom protect multiple domains that all point to the same website?
Yes. If you have multiple domain names all pointing to the same website, and that website is using Mollom to protect against spam, Mollom will work automatically even if only one of those domains has been registered to the website through Mollom.com.
In addition, if your installation has multiple subsites that all share the same user table (like a multisite Drupal installation using Domain Access, for example), a single Mollom subscription registered to one of the subsites will work properly for all of the subsites (as long as all the subsites are using the Mollom module).
Because Mollom pulls user data from a website to inform its spam filtering, each website that has its own user table must have its own set of API keys from Mollom.com.
Why doesn’t Mollom give me a precise "spamminess" or "quality" score?
Giving away the exact scores would make it easier for spammers or malicious users to fine-tune their content and get it past Mollom’s filter mechanisms.
Do you have a service-level agreement that specifies exactly how well Mollom will perform when evaluating my website's posts for spam?
It is difficult to provide an SLA around spam filtering, as the type and nature of spam constantly changes. We do provide real-time statistics specific to your website that detail how Mollom has historically evaluated your posts. To see how well Mollom is operating overall, visit Mollom home page for a number of overall statistics.
Do you have a service-level agreement that specifies the availability of the Mollom network?
Yes. For paid subscriptions, our standard service-level agreement specifies the performance standards we use to evaluate our servers.
As detailed in this agreement, Mollom aspires to 99.9% availability. Paid subscribers who experience downtime outside the terms of the agreement receive credits redeemable toward additional time on their Mollom license.
Mollom users with a free subscription do not receive a service-level agreement.
What are expected languages and how are they used?
If you expect content to be submitted to your website in a small set of specific languages, you can use our expected languages feature to screen for those languages. If you activate this feature, Mollom will be more suspicious of content that does not contain the languages you select. If you do not select any expected languages, content in all languages will be treated equally.
To activate this feature:
- Sign in to Mollom.com and access your Site Manager.
- Click Edit site next to the website you want to change.
- Select one or more languages from the Expected languages section.
- Click Update site to save changes.
What languages does Mollom work with?
Mollom is able to work in many languages. In addition to standard textual analysis, you can configure your website to look for specific languages in the content.
Mollom CAPTCHA challenges currently only appear (and must be answered) in English.
What's the difference between a language check and the expected languages?
The language check will return an analysis of what languages are used within the content to be checked. Mollom will not make decisions based on this check but it provides the information for the client to use as desired.
The expected languages feature allows the website to specify the languages they expect their content to contain. When content is submitted that is not within the expected languages, the content is penalized and could ultimately be blocked. If the expected languages are left empty, then there is no penalty based on language of content.
Can I allow users to mark content as objectionable?
Mollom's "flag as inappropriate" solution allows users to mark content as spam, profane, or unwanted. Website administrators can view the reporting information with the content, or within moderation lists, in order to act appropriately. Content is still available to the public until a website administrator takes action.
To enable this functionality:
- Assign the Report content as inappropriate permission to those roles who should be allowed to flag content.
- Check the types of content that users should be able to flag within the Advanced configuration section of the Mollom settings page. Comments are enabled by default.
Non-Drupal websites can create their own content flagging systems using the Feedback API to submit public feedback on content.
What is form behavior analysis?
Form behavior analysis is a new beta tool to help Mollom identify human users who are filling out your forms. The tool silently analyzes users' behavior while they fill out the form. Users rarely know Mollom is on your website, because it is only as a last resort that they are asked to prove their humanness. The data gathered from a user's behavior helps Mollom determine the user's validity, along with Mollom's other machine learning techniques, language analysis and reputation analysis.
Form behavior analysis displays a tiny, transparent tracking image on your website. This will be served from Mollom's servers in either HTTP or HTTPS protocol to match your webpage. If you prefer to disable this option, you can disable form behavior analysis in the advanced configuration area of Mollom's settings.
Custom implementations can take advantage of simple form behavior analysis by requesting a tracking image and submitting the generated tracking image ID to Mollom with the first
checkContent call. See the API for details.
How can I report incorrectly blocked ham?
There are a number of potential situations in which content may be incorrectly blocked. Sometimes, a questionable post may get past Mollom's filters onto your website, although this rarely happens. Occasionally, Mollom may reject a particular user's comments outright; this can be due to the user's IP being blacklisted by a spam protection clearing house. On other occasions, your website may not interact with Mollom's backend network properly.
When seeking support for a Mollom-related problem, start by creating a support request at Mollom.com/contact. The information you provide is automatically filtered to our support tracking system. Be sure to mention the following items:
- the URL of the website experiencing problems
- the type of CMS (for example, Drupal) and its version
- what Mollom client is in use on the website
- any additional caching modules, accelerators or proxy servers you are using
Acquia Support may also ask for your website's public and private keys and your Mollom.com username.
To help Acquia Support determine why a particular post was classified the way it was, you'll need Mollom session ID information, recorded in the Drupal log by the most recent versions of the Mollom Drupal client (some older versions of the clients did not record this information, which made it almost impossible to track down Mollom's interaction with a specific comment).
As an example, here are several examples of what Mollom recorded in the local Drupal log about comments it categorized as spam:
[post_body] => radiation africa continues
[author_name] => raedanafrica
[author_mail] => [email protected]
[author_url] => http://some-webaddress-we-don't-want-to-publicize-here.aspx
[author_ip] => 22.214.171.124
[spam] => 2
[profanity] => 0
[quality] => 0
[session_id] => 100730eba6dfd59ed3
[post_body] => absolute frozen against references
[author_name] => holtjksl
[author_mail] => [email protected]
[author_url] => http://some-webaddress-we-don't-want-to-publicize-here.aspx
[author_ip] => 126.96.36.199
[spam] => 2
[profanity] => 0
[quality] => 0.014
[session_id] => 100730fd9aea5a7de0
Logged information is essential to finding out how Mollom treated a particular post. Unfortunately, not all content management systems have robust logging tools, and the information recorded in those logs (where they exist) may not be standardized, since the clients are written by different developers. Even within the Drupal community, only the last several iterations of the Mollom client have included this information.
If you have an issue with Mollom, contact Support.