Squash Spam On Your Drupal Site

No one likes spam. While most people think of it as being unwanted email, spam in the form of unwanted and bogus comments on a website is equally annoying. But on your Drupal site, you want users to comment and interact with your content, but you want to ensure that those comments are legit.

There are some Drupal modules that can help you automatically moderate the spam without having to manually delete hundreds or even thousands of comments daily.

Two modules in particular are AntiSpam and Mollom. Both of these modules help with the prevention and automatic deletion of spam in your Drupal site, however, they go about doing so in different ways. AntiSpam uses multiple services such as Akismet.

Mollom is a module that’s developed specifically for Mollom’s service. In addition to blocking spammy looking content, Mollom may block a known spammer based on information in their system. Mollom is free and also offers several different paid services for business and larger enterprise customers.

Those are two modules that I have used to control spam, which services do you use to prevent spam in Drupal? Be sure to let me know in the comments.

Check out the previous post in his Drupal series whereBrant talks about essential modules for developers. In his next post, Brant discusses the different pieces that you need to backup so you can restore Drupal. Find out more abouthosting your Drupal site at Rackspace.


  1. Hi Brandt,

    I was quite surprised to find Drupal posts here at Rackspace. Nice one. I actually came here looking at job opportunities. I wasn’t aware that Rackspace is a Drupal savvy company.

    I conquered the spam issue by using SpamBot module (http://drupal.org/project/spambot) which tests user registrations and posts against the stopforumspam service. I modified the module though to automatically ban the IP of failed attempts.

    Before using this, the site in question got up to about 900 users from spambots and new registrations were numbering about 20-30 a day. Which is strange because that site does not even allow comments. But the registrations and huge number of 404s and 403s were getting to be a problem.

    Finally I made the modifications to ban IPs and since then it has all been good. The module also allowed cron to filter out the 900 odd abusive accounts over a few hours.

    Great post & video. Thanks.

    john 🙂

    • Ooh, nice work John. Did you submit your updates to spambot back to the module owner? Sounds like a great approach and one we could do with, too.

  2. Hi Brant – nice post, thanks for the tips. We’re happy Rackspace customers running Drupal.

    Comment spam was so bad on our site it had pretty much the same effect as a DDOS attack. In the end, I ended up writing a script to check for comment posts in the Apache log, check the IPs against the StopForumSpam.com API and then add them to the firewall.

    This has solved our problem (so far) and as a happy consequence we’ve noticed a huge drop in page load times, CPU usage and I suspect we’ll see a big difference in bandwidth, too.

    I wrote it up here:


    and the code is available on Github:


    Hope it’s useful. A new coding adventure for me, so all feedback welcomed.


Please enter your comment!
Please enter your name here