Menu

Responding to spam on Drupal.org

October 15th, 2015

With the recent release of Drupal 8 RC1, and the related increases in mentions on social media and tech news outlets, Drupal.org is seeing a modest bump in traffic. Along with that modest bump in real traffic, spammers have decided to increase their efforts to get content onto Drupal.org to boost their own SEO. Drupal.org is very attractive to these spammers.

Spam fighting is not fun, and certainly not glamorous, but it is a necessary part of keeping our community home clean and tidy. Community volunteers have helped report and block spam for many years, and Drupal Association staff are looking for ways to ease this burden.

Every spam fighting solution for a website as open as ours takes on spammers using two approaches: automated pattern matching and human review. I wanted to take a moment to walk through some of the approaches we use—though not in too much detail lest the spammers read this and adapt their methods to match.

On the automated front, we use tools like Mollom to do text analysis. Their system is constantly learning from the sites that use it. These services also have tools to help distinguish a robot from a human. Figuring out which spam is coming from bots helps us prevent certain types of spam from filling up the site. We also use tools like Honeypot to try and detect particularly fast submissions to the site. (Note: this is a tough one as many developers type as fast as a robot. You know who I’m talking about.)

Just as common as bot-based attacks are those that are run by humans. The advantage in using humans to place spam is they can get around bot-detection techniques such as captcha or submission speed check.

The most recent spam attacks are a combination of these techniques. We employed a combination of techniques to respond. These include some automated techniques and some that rely on humans.

The automated techniques will likely get a bit more strict for a time while we sort out the best ways to limit the rate of spam hitting Drupal.org. Most of the spam is submitted to our forum system.

As for the human-reliant techniques, we need your help. If you see something, report it. We switched the focus of our development team this week on building the tools to make reporting process much easier. Early next week confirmed users should be able to help us target spam and remove it from Drupal.org with minimal effort by simply flagging content as spam.

We really appreciate all of the amazing work our community does to help keep its home tidy and free of spam. Our community is phenomenal!