By: Vasundhra
November 2 2018

Spam Management, Drupal and You

It begins very simple. A virus, just one, latches on to one of the cells and tricks that cell in making lots more. Lots, and lots more, like a million new viruses. And a healthy cell is fooled to join the dark side and play with the immunity of its own host body. These types of viruses can be witnessed everywhere, and by “everywhere” I am focusing on the machines.

48% of the email traffic worldwide, is accounted to be spam messages

Thus, spam content is one such virus which infects a particular platform and makes it unhealthy and malign. Spambots are uncalled for. They are annoying, affect the system’s health, compromise the security, and of course, tricks people into giving out more information. 

a computer throwing letters to the human sitting in front of it

These spams threats not only compromise with the accuracy of the search engine but also invite vulnerability to the website by providing a gateway for the hackers. So whom do you trust in such circumstances?   

How do you ensure that your website stays away from spambots? How does your CMS help you with it? Drupal, which is one of the most secure CMS, has anti-spam modules to protect your site. Read on to find more. 

But before that, it is important to know more about spam.

What is a Spam?

The use of an electronic messaging system to transmit unrequested or unwanted messages in bulk repeatedly on one site is termed as spam. 

Do you know?

The word spam actually acquired its name from canned meat brand known as “spam” and has eventually become more popular than the canned product itself.

A canned product which has burger picture in the front and the word “SPAM” has been written on top of the picture

Spam messages are irrelevant and unsolicited, they are sent over the internet, typically to a huge mass of audience for the sole purpose of promoting, phishing, or increasing malware. 

According to the statistics by Statista, some 48.16% of the email traffic worldwide, as of March 2018, is accounted to be spam messages. Quite huge, right?

But why has it become so popular that it is being used in marketing methods? Well, only because it works. The spammers collect a huge number of emails and blast them with an offer they have. Not once, but again and again. In earlier days the internet spam was usually limited to e-mails, but over the years internet spam has widened its horizons. Hence, here are some of the everyday spam which can be encountered on the web.

Types of Spam 

Spiteful messages remain one of the most significant and ongoing threats that people face. Here are 4 of the most common methods spammers use to deliver these malware and malicious data

Comment Spam 

The spammers use software to find potential targets and blast them with comments. Those comments are useless to the victim, but it creates backlinks to the spammer website. 

It might seem that removing the possibilities of adding links will discourage spammers to target the website. However, this is unusual. Spammers don’t spend to much time checking these things and blast with comments to everything which comes in their way. 

Blackhat SEO trick: Comment spam is used to create backlinks

These types of spams compromise with the speed of the server. Here is an example of how comment spam works. 

three comments where second comment is a link of a website

Trackback Spam 

I'll be honest here and acknowledge you with the fact that trackback was created with the intentions of being useful. Their purpose is to notify the website holder about the new backlinks by constructing a link back to the source of the backlinks. 

In other words, when someone links to the user, the website creates a link back to them. This way the user notices it and quickly establishes a connection with the website holder that is mentioned in the username. However, the spammers benefit a lot with this. They tend to create links from the user’s website from their website. The website will then respond with the trackback. After the trackback is live, they remove the links to the user’s website making it look as if the website holder has created them. 
This is how the spammers use trackback 

Bots attack 

Bots have an extensive variety of objectives, and not all of them are considered bad. Some of the bots, like the bots (alternatively popular as spiders) which are wielded by Google and Bing, they tend to crawl and index the pages. If the users were to block the Googlebot, the site will ultimately be removed and dismissed from the index, they would no longer be able to access it. Your content won’t show up in search results.

But there are bad types of bots, as well. These types of attack come to the website for various reasons. It is either a search engine crawler or a tool which is trying to get all the data from a particular website, such as what is the site being linked to. These types of attacks are harmful, people often use them, to overload the server’s bandwidth, firewall, and CPU. 

These attacks bring a very large amount of fake traffic in a very short time.

a robot divided into two halves, the left side is green in color showing all the good bots points, the right side is left in color showing all the bad bots points 

Negative SEO attack 

Negative SEO is considered as the practice of using the black hat and unscrupulous techniques to destroy a competitor's rankings in search engines. These techniques may involve the building of spammy, false links to the site, content scraping, and even hacking the site. It is the types of attack which can easily harm your website. 

The main purpose of these attacks is to make Google think that it is the website holder who is doing it. 

It can happen at any time at any point. Even after the company has been around for several years, or while you are a new company.

How to Manage Spam Attacks?

Spams need to be maintained and managed. Drupal is one such CMS platform which helps in the management of such spam messages. Despite the fact that Drupal is secure and consists of various security modules, it also consists of the best spam management tools which aim for 100 percent spam-proofed websites. How?
Let’s see!

How does Drupal Help in Spam Management?

Depending upon the “spam prevention Drupal approach” that the user would supercharge their website with. The website holder would be fighting spam via:

  • Filtering of real-time
  • Challenge-response interaction 
  • User intrusive methods

 Here are some of the antispam Drupal modules.

  1. Honeypot 

    Honeypot module is designed to deceive spammers into filling out the hidden fields that the human would not see. If these hidden fields are filled out then it would be evident that it is a spam submission. It is then disposed off in the spam bin.

    This module uses timestamp. If the web form on the Drupal site gets loaded in faster than that of a specific timeframe that the user has set, Honeypot will immediately block the submission. It will recognize the “submitter” as a spambot. 

    Pros: No extra user input is needed here 
  2. Captcha 

    CAPTCHA is integrated into the web forms. Considered as a challenge-response system which is meant to block any of automated spam posting. It provides with a variety of options which asks the users to verify if they are human or not. The main purpose of CAPTCHA is to block form submissions by spambots, which are automated scripts that post spam content 

    Pros: The module comes with its own default challenge-response testsa grey checkbox beside a line which states “I’m not a robot”
  3. http:BL

    http:BL is the type of module which blocks request coming from IPs which is included on the DNS blacklist (a blacklist put together by all the Drupal sites using this module from spam protection)

    • It helps in greylisting. It grants the user with session-based access if they pass a simple challenge.
    • The greylisting threat-level threshold is configurable in the admin settings.
    • All the blacklisting threat-level threshold are configurable in admin settings.
    • There is an option for controlling only for the comment submissions.
    • There is a basic statistics on the number of blocked visits.
  4. Simple AntiSpam 

    The main role of the Antispam module is to prevent the spam posting processes. It helps in blocking of the automatic spam coming from anonymous users. This type of module consists of two types of checkboxes. The two types are: 
    • It consists of an “I'm not a spammer” checkbox
    • and then there is an “I'm a spammer” hidden checkbox

      Once the second option gets checked, the module warns about the suspicious activity on the Drupal site. That is when the Anti-Spam reveals a warning message or directly blocks that particular form from being submitted to the Drupal site. 

      Pros: AntiSpam module is the successor of the Akismet module, providing with spam protection of the site. 
  5. HashCash

    Hashcash is a module which executes the Hashcash algorithm to assist and protect the sites from spam. The user’s devices are required to provide a hash value that is difficult to calculate, yet can be validated easily. The whole concept here is to make the act of submitting the form with a small competing cost.

    Spammers who're operations depend on this ability to make a number of submissions at once, and as cheaply as possible have fewer options to target the site that increases their cost.

    Pros: This module can work with caching. The administrator selects the roles and the forms which are to be passed.
  6. Botcha 

    The Botcha module is an “all-in-one spam-blocking” module for websites running on Drupal, this module doesn't involve any user interaction. There are three methods by which this module detects and block spammy form. 
    • It figures out the hidden fields and adds them to “spambots luring” field to the protected web forms on the website
    • It uses the source calculation-based method
    • It also uses the time-based method

      Pros: Once this module is enabled it prevents the attempts of re-submitting the same form by using its own “NoResubmit” formula. 
       Screenshot of the spam manager Botcha in Drupal



Just as antibiotics are needed for the human body to fight from the deadly viruses, spam management is like the medicines needed to ensure the safety and health of a website or web pages. 

Drupal is an open source CMS which comes out as one the most secure and reliable as compared to other CMS. At OpenSense Labs, we offer the best digital transformation and web development projects. Contact us at [email protected] for better security and spam-free websites.