to prevent repeated submissions by spammers and save server resources it would be ideal if mollom could automatically add an entry which can be viewed at admin/config/people/ip-blocking.

CommentFileSizeAuthor
#6 auto-ban-spam-results.png59.17 KBDigitalFrontiersMedia
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

codekarate’s picture

I think this feature should also be added. In fact if there is no interest in developing it as part of Mollom, perhaps it could be an additional contrib module that just integrates with Mollom.

pverrier’s picture

spartlow’s picture

The goal is, as I see it, to reduce server load due to spammers. Mollom stops the actual spam (mostly) but what I want is to stop spammers from even viewing my site which hurts my server load.

likewhoa’s picture

@spartlow the load is not stopped because spammers even though their comments are flagged as SPAM can still continue to submit comments but of course they will again be flagged and removed as SPAM but the feature request here is to not only flag and remove the SPAM content but also ban the offending user's/bot's ip address.

Anonymous’s picture

I'm getting a spam attempt roughly once per minute. Mollom is letting through a few per day. If it IP-banned on the first unambiguous spamming attempt, that would probably drastically cut server load (and the amount of spam allowed) because probably each bot tries many times.

DigitalFrontiersMedia’s picture

FileSize
59.17 KB

I had a really bad time with this at one point (~1 spam attempt every 10 seconds) wasting lots of server resources. I put in a rule to auto-ban the spammers. Implementation depends on if it's a comment or some other form being protected by Mollom. Essential steps for a protected Webform form are:

  1. Create a new rule
  2. Set the event to be whenever the form is being validated
  3. Add a custom PHP condition with the following code in it:
  4. $result = $form_state['mollom']['response'];
    if (isset($result['spam']) && $result['spam'] == 2) {
      return $form_state['mollom']['discard'];
    } else {
      return FALSE;
    }
    
    
  5. Add the "Ban IP address of current user" action to the rule and save.

mollom auto-ban spam
Further details available at: http://drupalsrq.net/forum-topic/auto-ban-spam

sun’s picture

Title: Automated rule to ban spammer's IP at admin/config/people/ip-blocking » Automated rule to ban spammer's IP
Component: User interface » Code

Wow, quite a lot of input here... — Sorry for the silence, friends!

Before we move on to discuss the actual feature request, I'd like to clarify some fundamental data points:
(cf. my recent blog post)

  1. IP addresses are not reliable enough for any kind of static blocking mechanism. In almost all places across the globe, every (innocent) web user gets a new IP address assigned every 24 hours. By using a permanent/static IP blacklist, you will face plenty of false-positives.

  2. The Mollom service has an IP reputation system built-in and blocks spammers accordingly. Mollom's IP reputations are not static, but instead, it maintains a huge store of all IP addresses along with their scores + posts that have been seen in the Mollom network recently. Given that and a range of additional measures, the Mollom service is able to detect when an IP that was formerly (ab)used by a spammer is used by an innocent new party now.

  3. If we're going to do something like this in the Drupal module, then it has to be (1) 100% safe, (2) temporary, and (3) triggered and delivered by the Mollom service.

    For example, a new API response parameter that says blockAuthorIp: {ttl/timestamp}

    "Temporary" means a cache-alike key/value store, in which each item has an expiration date assigned to it.

I'm going to forward this issue to the Mollom engineering team to see what they think.

Thanks to everyone for your input!

DigitalFrontiersMedia’s picture

@sun -- Re: concern #1 in your list: True, and spammers rotate their IPs as well. To date I've been addressing this with a cron that clears out the banned IPs every so often. I think I address that in my "further details" link along with other potential concerns.

Thanks for looking into this further. Would be a greatly welcomed performance improvement on certain sites, indeed.

DigitalFrontiersMedia’s picture

And really, the more stuff that is blocked at the user's server, the less load on Mollom's system. So this is feature would benefit both the users and Mollom at the same time.

davemybes’s picture

Ideally I would like to check if the IP address has already sent a certain threshold of spam, and only then ban it. That would cut down/avoid instances where it thinks someone might be spam, but actually isn't. My only concern with this, is the extra load it would require to do a db lookup and count how many times the IP address has been logged.

saitanay’s picture

Issue summary: View changes

The goal is, as I see it, to reduce server load due to spammers. Mollom stops the actual spam (mostly) but what I want is to stop spammers from even viewing my site which hurts my server load.

Try https://www.drupal.org/project/fbip

eshta’s picture

This seems like not a fit for the request. If Mollom were to ban temporarily based on some threshhold, there would still be a check to the Mollom services for the submitted content, then it would return as spam due to the IP ban. This wouldn't necessarily reduce the load on a site due to spammers as they would still be submitting (at least once) prior to identification as a blocked spammer.

However - maybe it would be useful if there was some sort of rules-based integration that allowed actions to be taken based on the number of Mollom results from a single IP. Then other modules that are more suited towards traffic restriction could be triggered.

DigitalFrontiersMedia’s picture

@eshta that was exactly my point in #6 above. And the concept does work. After it's first identified as a spammer, the user gets 403'd by Drupal before they can even render a form let alone send the next wave of spam, thus never sending any further requests to Mollom.

It works especially well with spambots that send a wave of spam in batches of 20-30.

False positives can be dealt with by occasionally clearing the banned ips. Kind of like "if you mess up, you're at least banned temporarily."

DigitalFrontiersMedia’s picture

btw, I think the code in #2 may have changed due to some changes in Mollom over the last few years but I know I've updated it and it still works.

eshta’s picture

Status: Active » Closed (won't fix)

Closing this to refocus efforts on rules support: https://www.drupal.org/node/1893918