I have a couple of dormant domains at the moment that I’m always threatening to do something with. For the moment though, they serve nicely as testing sandbox for various Drupal-y things I’m working on.
On one such domain, the other day, I installed the latest beta of Drupal 7. It was much fun, messing around and getting lost in (yet another) re-juggling of the interface and trying to find common menu options, etc, etc. But that’s not the point of this post.
My point is – in its default installation, Drupal allows visitors to sign up to the site and create an account. Administrator approval is required to activate the account, so there’s nothing technically malicious they can do. But the point is, spammers or spambots seem to very quickly find these sites and attempt to log in.
Only a handful of days later, the site was riddled with new accounts. I have a page full of them right now. The thing is, the domain’s not popular and is barely linked to from anywhere. Nothing in the content is inviting people to sign up or join the site. In fact, I have another completely obscure holding domain that has exactly the same problem, plus a couple of production sites where managing spammers has become a time consuming task.
Where I’m going with this is that Mollom, the anti-spam/moderation software from Acquia, only allows me to flag a spammer by flagging their content. I would dearly love to be able to flag some of these accounts as pure spam. I’d also like to know that by doing this, I was contributing to an automatic blacklist database – maintained by Mollom – that would ensure that the email and IP addresses of the submitter were marked as suspect.
Perhaps the “spam scores” for those accounts could be modified the more contributing sites flag them up? It seems silly that I have a ton of clearly spam-based accounts sitting on my site that I can’t contribute their details back to Mollom and flag them to save other users of the service the same trouble.
Also – and this is just a feature nit-pick! – I’d love to be able to block a user at the same time as I report spam content to Mollom. And perhaps a button that resets the user’s profile fields, because I get a lot of linkdropping on profiles on one of my sites. It would make fighting spam so much simpler, because currently it’s a multi-step process, involving:
- Ban/block the spam account.
- Remove any spam content they’ve posted, including comments and nodes.
- Empty out any user profile fields they’ve completed.
PS. Anybody else getting a lot of spam on their Drupal sites from Gmail accounts? It’s frustrating because there’s no way to block free mail providers like Hotmail, Yahoo and Gmail without killing off your community site!