Stop Spam on a Drupal 7 Website By Renaming User Path

Stop Spam on Drupal

This is a very basic recipe to stop Drupal 7 comment or node spam on your Drupal 7 website. This post assumes that you are not allowing anonymous comments and that you allow registrations to post node or comment content on your website. If you allow anonymous comments, that is an entirely different subject and will be explored separately in the future. This is just one method, there are alternative methods depending on what type of spam your site is getting. First of all, most spambots rely on the detection of your website as Drupal and then using what they know about Drupal to create a user account and post spam content. Unless your website has been targeted specifically, they will assume that the paths are stock Drupal paths such as the user registration path being located at /user/register. So one quick way to stop user registrations is to change the user path using the Rename Admin Paths module. Once you install this module, I would only recommend renaming the user path and not the admin path (the second option) as I have seen problems with other contrib modules such as Display Suite when changing the admin path. Once you change this, all of your links to the user paths should dynamically change to point to the new paths. You will probably notice lots of 404s from spambots trying to access your user confirmation pages, login and registration pages. You should make sure that these are all listed in your robots.txt file to be excluded from spidering. As a bonus, I would recommend looking at the Spambot and Honeypot modules as well. The Spambot modules will use Stop Forum Spam database to block new accounts and scan existing accounts for known spammers. The Honeypot module allows you to set minimum submission form times on specified forms. Because you know that a form filled in by a human will take at least a few seconds to do, anything less is most likely a spambot and can be blocked.