Configure Mollom on Drupal.org

Mollom protection on Forum topic comment form was enabled for the last 4 days. It seems to be doing ok. It did catch a few spam comments. It also did mark 2 or 3 valid comments as spam, I published those and gave their author 'trusted' role so they never will face this problem again. Based on the latest spam reports in Webmasters queue it seems that most of our spam currently are actually forum nodes. I enabled Mollom protection for Forum topic node form just now and will watch it closely through the day.

It is 'Unapproved comments' list on https://www.drupal.org/admin/content/comment/approval. Sure, webmasters are welcome to check it :)

That list is full of comments unpublished at different times (cleaning up those would be a good thing to do in itself, 77 pages of unpublished comments starting from 2005, those aren't helpful).

Yesterday we enabled permission for 'email unverified' users to create forum nodes. Let's see how it'll go. So far all the spammers which tried to post something had their emails verified.

Re: #9. Was that spam in forum posts or other content types? Honeypot is still here, no changes to it. Mollom was enabled in addition.

Looking at https://www.drupal.org/admin/reports/dblog?page=2 (filter by type=Mollom) it actually caught some of this spam, looks like at least half.

Seems Mollom is doing ok now at identifying as spam posts from this recent non-English spam attack. 'Reporting as spam' to Mollom definitely helped to teach it. Note that we run 'relaxed' settings, so often Mollom would mark form submission as spam, accept it, but keep unpublished. Only webmasters and admins can see those posts, so when you see a lot of unpublished spam posts - Mollom is actually doing its job.

It still regularly has a few false positives, when legitimate posts or comments are marked as spam and unpublished. So I would not recommend changing 'relaxed' settings to something more strict for now.

For the record, we haven't changed any permissions or settings, so the issue summary is still accurate.

Also, it is safe to delete spam forum posts right away. A copy of the post is saved with Mollom watchdog entry on post submission or edit, so we can always look at those if we want to do any sort of analysis.

When you do bulk deletion - those bypass Mollom report. If you go to admin-nodes and click 'delete' next to individual node in the list, you'll go through Mollom report.

I had a chat with Nick_vh from Mollom team about the ways we can make it more efficient on D.o considering the latest spam attack.

It sounds like we should try out a bit less relaxed settings, so that it would let less spam through, but to do that we'd need to have less false positives first. I opened a couple of issues:

Let's collect examples of false positives here so that Mollom team could take a look and analyze why they are marked as spam: #2529104: Collect Mollom false positives

Also I'll try to find examples of another weird behavior - when form submission is being identified as spam and rejected. Per our settings all submissions should be accepted now, but unpublished #2529112: Collect Mollom false negatives.

Lastly, we'll look into ways to whitelist certain urls for Mollom. Unfortunately that is not too easy, discussion is at #2529118: Whitelist certain urls for Mollom spam checks .

Another idea we could consider is enable Captcha on submissions where Mollom is not sure, and write some custom code to only show those when submission is in a specific language (e.g. Chinese).

In the last few days Mollom was successfully blocking attempts to post massive non-English spam on forums, so today spammers switched to issue queues. Luckily they started with webmasters queue, so we were able to notice it quickly. They even managed to edit a few issues back and forth with me, hilarious. I enabled Mollom on issue comments for the time being.

Actually, we don't use default comment form on issues, that is a modified node edit form itself. So we should protect that one instead. Seems like spammers went quiet for now, I'll wait a bit before turning Mollom on the issue edit form.

Okay fine, enabling Mollom on issue edit form too.

I've said this before, we just need to teach them to block themselves, and we'll be done.

It appears that Mollom does not actually check issue form submissions, potentially because we customized issue node form to also be edit form. We'll have to look into this #2535612: Check issue submissions / edits / comments for spam using Mollom.

Quick update: during DrupalCon Barcelona drumm and I had a chat with Nick_vh from Mollom, we looked through examples of false positives on Drupal.org, why Mollom flagged those posts as spam on their end, etc.

Nothing really new, we confirmed our previous plans: top priority right now is #2529118: Whitelist certain urls for Mollom spam checks . Most of the false positives were flagged as spam because they had valid urls in them. After that issue is done, we can change Mollom settings from relaxed to more strict. Additionally, Nick recommended we consider enabling captcha for the case when Mollom is unsure if a post is spam or not. Right now when unsure Mollom marks posts as spam.

Re: last two comments - we haven't talked about those examples. I'll set a few of them to Nick to see if he can give us any info.

Quick update on this:
We deployed a solution for whitelisting specific urls for Mollom. Drupal.org and stackexchange.org are now whitelisted, so hopefully there will be less false positives caused by this.
We also fixed the bug with Mollom not checking issue form submissions even when enabled for it.
Following that we changed protection settings to strict. And when text analysis unsure on forum posts we now display captcha.

After looking through the unpublished nodes and specifically after this issue #2592187: Request to republish project application I am under the impression the tightened Mollom rules we are using to fight the current mega spam wave are unpublishing already published nodes (sommetimes). Could that be?

I could imagine that happening if someone was editing already published node, Mollom could perhaps classify edits as spam, not sure if it would unpublish already published thing though. It could have also been an accident, I've done that too, like Brendan mentioned above. Can you give more examples if you see them.

Weird, that one doesn't even have any url. I'll check with Mollom people what was the reason there.

Checked on that node, it was pure confusion on Mollom's part. It did register our feedback that the node is not spam when you published it. So hopefully it'll learn..