Spam protection with Drupal 8 modules

Spam protection with Drupal 8 modules

Spam causes huge inconvenience to Internet users and headaches for site owners. Spam is one of the reasons why you don’t need a comment section on your web resource. However, allowing your site visitors to post comments and any other content means communication and feedback. Allowing them to express their opinions and share their ideas on your site has its good sides as well. So it would be not right to get rid of this option all together. Luckily, Drupal can offer you a solution — and not just one. Drupal's modules can help remedy spammers. We’ll explain them in order from the earliest solution to the latest in this article.

Spam blocking Drupal 8 modules:

For sure, the most known method to fight bots and distinguish them from human users is CAPTCHA. This is an abbreviation that stands for a completely automated public Turing test to tell computers and humans apart. The CAPTCHA module is most often used when building web forms. This challenge-response test, unsolvable by bots, prevent them from spreading spam. Every Internet user has been asked to type random letters.

However, CAPTCHA has its disadvantages. Sometimes it’s quite tough for humans to guess on the first try what’s depicted on the image. It’s especially challenging for users with visual impairments. Thus, if you want to meet web accessibility standards, proceed to the next solutions described below. CAPTCHA remains an effective way to fight spambots, but is a bit annoying for human users.

As a test offered by CAPTCHA module is usually puzzling to humans, Drupal sites are more often using reCAPTCHA module that executes reCAPTCHA service from Google. Users just have to click and tick and are no longer irritated by having to spend time guessing. This improves user experience. Despite becoming more easy for people to solve, this test still remains hard for robots.

By the way, reCAPTCHA is one of Drupal modules maintained by us, Internetdevels.

This anti-spam solution requires taking no action from human users at all. No typing, no ticking. The Honeypot module creates a hidden field which is invisible to humans but noticeable to bots. When spambots fill this hidden forms in, they are immediately detected and blocked by Honeypot.

Furthermore, this Drupal 8 module uses one more method called a timestamp. It looks at how long it takes for the web form to be submitted from the moment the page was loaded. Bots need much less time to cope with forms than humans.

No end user interaction at all is also possible with one more Drupal 8 module called Antibot. Its creators claim that it’s more reliable than Honeypot and is as lightweight as possible. This module allows caching on pages with protected forms.

Its principle is based on the assumption that bots don’t process JavaScript. The web form is hidden due to CSS, and users see a message on their screens telling that JavaScript is required for the form to be used. If the users have JavaScript enabled, then the message is moved out and the web form is revealed when the page is loaded.

In addition, for better safety, before allowing form submission, the Antibot module checks for mouse movement and keyboard pressing to identificate the human user. This feature provides better effectiveness.

The Antispam module was developed by CleanTalk web developers. Its effect is not noticeable to human users, as they see no tasks needed to be solved. If you have your own blacklist that contains emails or computers’ IP-addresses of spammers you have already detected, then Anti Spam can use this your blacklist to block registering or posting any comments. Service CleanTalk can store all records of filtered spam attacks up to 45 days. There is even an app, if you want to monitor your statistics more conveniently.

Important information for Mollom users!

Mollom was maintained by Acquia and have been successfully detecting and blocking not only spambots, but also human spammers for 8 years. The Mollom service could evaluate the quality of content, identify profanity and offensive language and compare data with its constantly emerging archive of profiles of user who have predisposition to submit spam.

However, there are bad news for those who have loved this module. On April 2017 Mollom announced its end-of-life is scheduled for April 2, 2018. After that time, the Mollom service will no longer be supported or available. If you are using the Mollom Drupal 8 module now, then it’s recommended to disable it in advance until that date and switch to some alternative option mentioned in this article above.

We hope you have no spam-related issues. If you have any questions about spam or security, contact our Drupal development specialists.

5 votes, Rating: 3.8

Read also


Creating unique content is a direct way both to Google’s and your customers’ hearts, and Drupal 8 is making the road much smoother and the journey more enjoyable! Today, let’s take a glimpse at...


In today’s blog post Drupal 8 will also be in focus, however from the angle of SEO. We’ll consider which modules and which other features of...


Hello, everyone! Summer moves on. It inspires us to grab a basket and gather some fresh, ripe, and tasty... Drupal news for you! ;) You’ll see that July 2017 has been very fruitful for Drupal. So...


Migration to Drupal 8 will save your time, effort and money in the future. It’s a fact! Discover the great news about easy upgrades and backwards compatibility. 


If you have decided to build a website in Drupal 8, we have some effective tips for devs describing how to create different useful things for D8 site. One of the first things to do, though, before...

Subscribe to our blog updates