To follow up on a recent post in which we were using ReCaptcha customizations to further prevent spam attacks on our websites, we wanted to include this additional method which will cause spam systems to have real trouble submitting valid forms on your drupal sites.
This drupal customization comes based on the details discussed on this drupal post preventing spam signups from anonomous users.
Basically, we used the sample module created on that forum post with some slight modifications to work with our more recent version of Drupal 6 installations.
function honeytrap_form_user_register_alter(&$form, &$form_state) { //add custom CSS to hide the additional textfield $module_path = drupal_get_path('module', 'honeytrap'); drupal_add_css($module_path.'/honeytrap.css'); //set our validation function - must be left empty $form['#validate'][] = 'honeytrap_user_register_validate'; //Add addition input field to the bottom of our form $form['honeytrap'] = array( '#type' => 'textfield', '#title' => 'Leave this field blank', '#weight' => 35, '#required' => false, '#default_value' => '' );}function honeytrap_user_register_validate($form, &$form_state) { if (!empty($form_state['values']['honeytrap'] ) ) { watchdog('notice', 'SPAM attempt at ' .$form['form_id']['#value'].' form', NULL, WATCHDOG_NOTICE); form_set_error('honeytrap', t('The field should be left blank')); } }
In essence, this modificiation will add a hidden field to the user registration form which regular users will not see and leave blank. A spambot will see this field and think it needs to be filled in as a requirement and thus cause our spam catcher to flag the attempt as spam. A simple idea that we did not create but simply modified to fit our version of Drupal’s needs.
As noted in the code, it is very easy to add additional modification to your drupal code to hook into any form that may be getting attacked. We have found that this process immediately eliminated the final spam attacks we were seeing on the implemented drupal websites.
Feel free to ask questions if this is in any way confusing.
Jeremy Oms
Jeremy is an entrepreneur and leading manager of New Blood, Inc. Excited about all things Internet related, Jeremy spends much of his time project managing custom web applications and directing advanced search engine optimization efforts.
Follow Me:
Thanks for this information. I have been searching for them from a very long time. This would help me a lot in executing it in my drupal site.
Comment by Drupal Customization — November 8, 2011 @ 3:31 am