How to deal with comment spam in Drupal
When you create a blog or website, without the user participation and comments its not really going to fly. Comments give more perpective to articles, questions asked by users expand the scope of the article. So user comments are absolutely needed to make a website successful. Question is how do you avoid spam bots and thousands of spammers waiting to bombard your site with useless comments and automatic posts. EDIT - 24th Mar 2014
Stick to basics
- Install CAPTCHA module http://drupal.org/project/captcha and use Image Challenge. Also check CAPTCHA Pack — and add-on for the CAPTCHA module that adds different methods.
- Spambot - Checks member details against the Stop Forum Spam system. An effective method but will not work for anonymous posts. So to use this you will have to stop anonymous posting and also be prepared
- Not So Fast module — This is a variation on CAPTCHA , it requires actual action from the user to prove that they are human. In this case, if the anonymous user enters an email address that has not yet been approved for posting, that user gets an email with a link he or she has to click on before the comment gets approved. The admin can see in the comment queue which comments are from people with verified emails and which are not. This works because Bots will never leave a valid email address, and should stop most of them.
- Akismet (created by Matt Mullenweg and Automattic, who are the original developer of WordPress) and Mollom (created by Dries Buytaert) are the most popular services available. They have their differences, but they work on the same basic methodology. Comments submitted to your site are sent to Akismet or Mollon servers, there they are analyzed and flagged as spam if they fail the analysis. For more details see How Mollom Works and How Akismet Works articles. Mollom however has some issues so better research the services before you buy.
- CloudFlare-powered websites are protected from many forms of malicious activity including: comment spam, email harvesting, SQL injection, cross-site scripting, and DDoS (denial of service) attacks. Using cloudflare module is optional to integrate with cloud flare services.
External Comments - Not using Drupal comments
You can disable Drupal Comments system if you are not able to control the spam andonly use third party comment services like Disqus, Facebook, LiveFyre, Google+. For a complete integrted experience you can use Quicktabs module and build a block with multiple comments services like Disqus, Google+, Drupal comments. Multiple comments system should be used only for High Traffic sites, else you will lose visitor interests.
The advantage of usind Disqus or similar services, is that user authentication and comment moderation can be done remotely on Disqus. Its very easy to install and use Disqus.
You will have to refer to other posts on this website http://mydrupal.com/prevent-spam-drupal-users-posts , http://mydrupal.com/how-block-spam-user-registrations-drupal-website, and then make an informed decision on what service you want to use. Free modules can always be used, but there is a risk of preventing legitimate users from posting. Keep trying different methods and read more about the methods I have highighted above. Over the period of time you will find the right match and would have prevented comment spam on your drupal website.