Spam Finder

This module will find spam present on your site.
Work in progress...

X-Originating-IP email header

email header screenshot

Add the X-Originating-IP header to all outgoing emails to assist with investigation of the sources for spam and unsolicited bulk email.

A standard Drupal install sends email as if it was originating from the web server when in fact, the email originated with a person's web browser. Use this module to include information in the outgoing email header about the IP address of the person who submitted a request to a Drupal website.

Without this module, Drupal effectively becomes an anonymizing service because the standard email headers will have the email origin listed as the web server IP address instead of the user elsewhere on the Internet. By using the information from X-Originating-IP, you can track down individuals who send undesirable communications through contact or webforms.

X-Originating-IP: []

The originating IP is based on the ip_address() Drupal API function.

If Drupal is behind a reverse proxy, we use the X-Forwarded-For header instead of $_SERVER['REMOTE_ADDR'], which would be the IP address of the proxy server, and not the client's. The actual header name can be configured by the reverse_proxy_header variable.

Antispammer Bot

My main motivation to write this module was having thousands of comments and nodes published after a week off. What it is worst, a single spammer can affect your server, even force it down because of publishing some millions of comments/nodes in your site.

Said that, this is Not Just Another Spam Module which detects spam, but a bot itself which detects if the user is a possible spammer and take some actions, like:

Phone Captcha

With service, we use phone for CAPTCHA service.

It provides a unique way to authenticate user.


Phone CAPTCHA depends on the CAPTCHA module.
A patch is required for CAPTCHA 7.x-1.0


Statistics provide a quick overview

Prevent spam before it happens.

This module is currently able to enqueue IP addresses of your visitors. It automatically sends them, 15 at a time, as specified by the documentation of the API it uses, to the webservice of in cron.

The result it gets is then evaluated using configurable settings, such as frequency (amount of times a 'hit' is made) and confidence (how confident the webservice is this is a spammer). Whether it is a spammer or hammer, the result is stored/cached for a configurable amount of time in the database.

The IP addresses get automatically added to the blocklist if safe mode is disabled and they get auto-removed when the status has expired.

Planned features for now:

  • Report spammers to the webservice
  • From experience, the hook_cron is too slow
    • Implement own cron, e.g. run every 5 minutes, configurable
    • Send specifiable amount of requests per cron run

If you wish to become a co-maintainer please contact me using the form provided by


  • Safe mode - disable autoblocking/autounblocking
  • n% chance to be enqueued
  • Minimum frequency
  • Minimum confidence


The module allows you to use Yandex.CleanWeb to check for spam comments and posts in the forum, and also allows you to extend this functionality to other forms by using the Yandex.CleanWeb API.


Subscribe with RSS Subscribe to RSS - Spam Prevention