Home / Debunking Drupal myths - Part two: Community controls

Debunking Drupal myths - Part two: Community controls

In installment one of this Debunking Drupal Myths series, I mentioned that the proprietary software companies who are starting to see Drupal on their competitive screen are worried. They're using the classic FUD technique -- trying to raise Fear, Uncertainty, and Doubt about Drupal's capabilities. And so I started this series to start to debunk the FUD. Our first case dealt with Content Control.

The vendors raising the most FUD around Drupal sell "social" software - software to let organizations create, grow, and manage online communities. One of these vendors claimed that Drupal had no community control capabilities. They specifically raised the subject of "User Banning," saying:

Assuming things get out of hand and you have specific users abusing the system, Drupal doesn’t provide true means by which to ban a user from the system.

Just like in installment one, we have an answer: wrong.

There are two underlying problems that need solved here:

  • Handling people that you know about in your community who are causing community problems
  • Handling people you don't know -- also known as comment spam.

In the first instance - proactive management of specific, known (and "valid") community members - Drupal's got you covered.

Drupal has been used for years as a platform for pulling together communities. You can bet that if there's a community management problem to solve, some Drupal contributor has seen it, solved the problem, and contributed the solution back to the community source code base. Far from "(no) true means" to ban users, Drupal has many alternatives, letting you choose the enforcement policy and workflow method appropriate to resolving your specific issue:

  1. Within Drupal itself, basic user access rules can be set by administrators, setting access type (allow / deny) and rule type (username, email, host (DNS name or IP, where wildcards can be used)).

    deny email *@yahoo.com
    allow host *.gov
    deny host

  2. There are a variety of modules to deal with banning users / IP addresses at a more sophisticated level:
  3. The Drupal abuse module provides several features to help with abuse:
    • Allows any registered user to flag content as offensive, and request administrator review (a valuable precondition to banning users) (note that this can optionally require users to indicate a reason for flagging the content). Content can optionally be set to "hidden" between being flagged & administrator review.
    • Alternately, content can be set to be automatically flagged if content contains questionable content (as determined by a watchlist of words; pattern matching "regular expressions" can be used here)
    • Ban users who repeatedly post offensive content

    Note that there are other, similar modules with slightly different feature sets if desired.

    • Flag, which provides a variety of additional capabilities:
      • Create unlimited arbitrary flags or bookmarks to flag content
      • Extensive Views integration to make lists of popular flagged content
      • Execute actions when content is flagged past a certain threshhold
      • Javascript-based toggling of flags
      • Control flag display by content type and roles
      • and more

      Note that the Flag module can also be used for purposes besides "bad content" flagging - e.g. to provide social bookmarking, marking important content or friends, etc.

    • Flag Abuse, whose development was sponsored by, and is in use at Lifetime TV.
    • Flag Content, which is in use at the New York Observer and several other online properties.

When it comes to the second problem - comment spam - we have a great example of how Acquia takes care of enterprise customers. Acquia's Mollom service provides automated protection system, helping our subscribers:

  • Get rid of UGC (comment) spam, using a novel filtering technique based on the combination of linguistic content analysis and CAPTCHA challenges.
  • Gain strength from volume, since Mollom learns from all participating sites. If an unwanted message finds its way through your website, you can report it. This allows Mollom to learn from its mistakes, making our spam filters constantly better. Using this, Mollom can detect automated 'bot spam sources from a large number of sites, and automatically identify when a spam-bot is trying to post to your site.
  • Simplify moderation by drastically reducing the effort required to moderate your site’s content.
  • Focus on human content. Spambots are everywhere and many of their actions, such as automatic account or comment creation, can't be detected by text analysis techniques. Mollom's one-two punch backs up content analysis with a CAPTCHA challenge service.
  • Make sites more secure. Mollom-supported sites use both a public and a private key to authenticate with the Mollom servers, defending your account's internal reputation.
  • Increase website traffic and user participation. Mollom increases your site content quality, which attracts more users. By using Mollom, your site can grow faster while keeping your moderation tasks manageable.
  • Preserve accessibility. In the rare instance that Mollom decides to challenge a contribution, we provide both image and audio CAPTCHAs to maintain site accessibility for the visually impaired.
  • Improve your search engine ranking. Higher quality sites that stay on topic receive higher search engine rankings.
  • Increase advertising revenue. Advertisers prefer to advertise on websites with high quality content and better search engine rankings. Mollom can help you keep your site clean.

Mollom can crush your Spam problem.

This illustrates the power of open source: choice. To perform community management, Drupal gives you a choice of how to implement your policy: either use a commercial service like Acquia Mollom, or use already-existing Drupal modules, or if none of these do exactly what you want, implement a module yourself using the same Drupal hooks that these modules utilize. Unlike proprietary software, you need not wait for your software vendor to implement a different policy or implementation.

Bottom line: Drupal will always trump a proprietary community solution.

Next FUD-item on the list? Content publishing workflow. Look for it next week.


Posted on by Jamie (not verified).

Another module, which is newer, to help combat with spam is spambot:

http://drupal.org/project/spa mbot

I wrote a similar module last night using the same service that the bot does for crooksandliars.com. I installed it about 8 hours ago and already it caught 5 spammers trying to register, and that's with captcha on registration.

Oh let me add:

The version I came up with doesn't give the harsh "go away" message that the spambot module does. Instead if changes user's status to 0 on hook_user insert, so that the user is then informed that an administrator has to approve their account (versus typical email validation). Then I created an admin page that shows what the registration failed on and people with the proper permissions can either approve or deny an account. Approval works out really well since it just switches the user status to 1 then on user_save it sends out the email to the user. On deny it doesn't do anything, just removes them from the list of flagged registrations.

Posted on by Jay Batson.

Great to know, Jamie! Sorry I missed it.

But this is yet one more proof point showing that open source trumps proprietary every time. Proprietary software only provides the solution style that the vendor chooses to implement. Drupal gives you both many pre-existing choices, and the freedom to create a solution as you think best fits your situation.


Posted on by TUc (not verified).

Hi Jay,

You forgot to mention that Drupal Core also lets you just block users without deleting them. Blocked users will not be able to interact with you Drupal site anymore.


Krimson - Acquia Silver Member

Posted on by Jay Batson.


Sometimes you miss the obvious thing because you're looking for a sophisticated, overwhelmingly-effective counter-point. But you're totally right: Drupal core - with no add-on modules - provides exactly what you say.

Thanks a million for pointing out the simple and obvious!