Drupal Forms and Spam
Closed this issue · 5 comments
Need to enhance our drupal forms to address spam. Currently we have the re-route module implemented.
This enhancement will look at updating what we use for spam filtering. The work involved is intended to include looking at re-route and honeypot for a possible solution to improve spam filtering.
looking at antibot-- some commenters on drupal support slack recommend it.
It has >50,000 sites using, has been around for 8 years but its most recent release was October 2022, and is covered by the security advisory policy.
more than one article recommends using honeypot and antibot together.
q: caching? honeypot doesn't allow form to be cached, whereas antibot does.
antibot requires user to have javascript enabled. do we have any use cases where that would block real users?
here is one article that walks through using both: https://ostraining.com/blog/drupal/control-spam-in-drupal-with-honeypot-and-or-antibot/
next step: try using recaptcha, honeypot, and antibot together and see how that works .
with PR #729, antibot and honeypot are now merged to main and deployed to dev. we still have reroute email enabled as well, and have to test on prod before we can disable it.
@CB987 - I am returning from vacation and wondering if there is something we need to test with this?
@lovinscari -- there's limited testing we can do until it gets to prod, where the actual "live" spam is coming in. @maxdmayhew and I have tested locally to ensure that submitting to the forms still works as expected. We will leave the reroute email settings (what is blocking the non-emory emails from coming in) in place until we see how the spam filters are working (because we can see on the backend how much is still coming through, to compare), so that the departments are not flooded with spam until we have assessed how the new modules are working. Let me know if that does not sound acceptable or make sense!