How to block spam user registrations on drupal website

Before the user can post spam content, comment , he must be registered user. If you have not allowed anonymous posts on your drupal website,  then you must focus on reducing spam registrations on your drupal website. Following modules can be used effectively in drupal 7 to prevent Spam user Registrations.

  1. HoneyPot - Honeypot uses both the honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site (read more here). These methods are effective against many spam bots, and are not as intrusive as CAPTCHAs or other methods which punish the user [YouTube].

    The module currently supports enabling for all forms on the site, or particular forms like user registration or password reset forms, webforms, contact forms, node forms, and comment forms.

  2. Spambot module http://drupal.org/project/spambot is very effective and cuts down thousands of spam users by blocking their registrations. Spambot protects the user registration form from spammers and spambots by verifying registration attempts against the Stop Forum Spam (www.stopforumspam.com) online database. It also adds some useful features to help deal with spam account
  3. Another great module to use would be Spamicide. Spamicide adds an input field to each form then hides it with css, when spam bots fill in the field the form is discarded. The field, and matching .css file, are named in such a way as to not let on that it is a spam defeating device, and can be set by admins to almost anything they like(machine readable please). Another similar module is https://drupal.org/project/hidden_captcha. The idea is very simple: If you offer an input box in any form, 99% of the time, robots will fill it with something before posting the form. If you offer an input box that has to stay empty, then the CAPTCHA system will prevent posts by robots.
  4. Finally I am assuming you would have enabled Image Captcha module. This is an effective way to drive away bots.  You can also use https://drupal.org/project/recaptcha module. reCAPTCHA depends on the CAPTCHA module.
  5. If above methods are not Very effective then try two modules which will get you some great results. One is Bad Behaviour Module and Another is User Verification module.  Both modules have some strict modes which you can enable if you have too much of spam problem. 

Once you have installed and enabled above three modules, 90% of spam registrations will be cut down. For remaining use following

1.     When a spam user registers. Block his IP address and using user_restrictions module deny their email provider, eg" if email is name@netcourrier.com then deny %netcourrier.com 

2.     I also use comment_ip module This module displays a comments IP address in the comment overview page and allows you the option to "Delete the selected comments and block their IP's" from the comment overview dropdown list

Blocking spam registrations is an ongoing process. You will keep getting better as you find the patterns of your spammers. 

Edit 8th June 2014 - Another quick way to stop user registrations is to change the user path using the Rename Admin Paths module. After installing only renaming the user path and not the admin path (the second option) as that is really not required and it can create issues with other modules. 

Now after you rename the path of user, all user paths will point to this new path. Spambots will have 404s when accessing user confirmation pages, login and registration pages. You should make sure that these are all listed in your robots.txt file to be excluded from spidering.

Mollom Module - Initially i was under the impression that mollom is a paid module , however when I installed it for one my websites the free version was quite effective. If you cross spam submission limit it will get disabled for a day, but its still fine. Mollom worked when all other modules of spam prevention had failed, Including Captcha, Honeypot, Spambot etc. For one of my sites none of these would work. After installing Mollom, the spam registrations reduced to zero. However there was a good percentage of genuine users who were blocked, But I guess you need to gain something to lose something. 

References

Following modules will present some code or challenge to user to complete registration.

CAPTCHAs

Project

Notes

CAPTCHA

http://drupal.org/project/captcha

A challenge-response test.

CAPTCHA by IP

http://drupal.org/project/captcha_by_ip

Supplies challenge based on IP address on a form-by-form basis.

CAPTCHA Pack

http://drupal.org/project/captcha_pack

Contains several CAPTCHA types for use with the CAPTCHA module.

Captcha Riddler

http://drupal.org/project/riddler

Create custom riddles for the Captcha module.

Enmask Captcha

http://drupal.org/project/captcha_enmask

Encrypted text is paired with matching web fonts so user will clearly see the challenge text.

Gammu SMS Gateway

http://drupal.org/project/gammu

Block spam by sending SMS; user must enter code on registration and/or comment forms.

HappyCaptcha for Drupal 7

http://drupal.org/project/HappyCaptcha

A free service which is developed on the Hint-Challenge-Response approach.

Image CAPTCHA Refresh

http://drupal.org/project/image_captcha_refresh

Adds the link to refresh CAPTCHA image.

KeyCAPTCHA

http://drupal.org/project/keycaptcha

Requires visitors to complete an easy interactive task.

Mother May I

http://drupal.org/project/mothermayi

When requesting an account, user must enter a secret code.

reCAPTCHA

http://drupal.org/project/recaptcha

Uses the reCAPTCHA web service to improve the CAPTCHA system.

Secure Motion Captcha

http://drupal.org/project/secure_motion_captcha

Provides a secure implementation of the Motion Captcha jQuery plugin.

Text CAPTCHA

http://drupal.org/project/textcaptcha

Provides a CAPTCHA which uses logic questions.

Trick Question

http://drupal.org/project/trick_question

The idea is to have a really simple question with a very obvious answer.

User verification

http://drupal.org/project/user_verify

Leaves password choice to user but generates an additional verification code. I am using this on some sites

 

How-To: