Page tree
Skip to end of metadata
Go to start of metadata

Your Rating: Results: 1 Star2 Star3 Star4 Star5 Star 132 rates

Draft for 5.x

Discussion on pluggable mechanism for user content verification.

Please see:  MGNLFORM-210 - Getting issue details... STATUS

We currently have at least 4 places where we need to handle/avoid spam:

  • public user registration
  • forum
  • comments
  • and, more generally, the forms of the form module.

We currently have a honeypot-based solution; it could be necessary to extract that logic and have a pluggable mechanism: some might want to actually use a captcha, others might need a stronger spam verification using services such as Mollom or Akismet

  • No labels


  1. - If we have a plug-able mechanism and if we decide to provide some out-of-the-box plugins -

    If you go for captcha, I would recommend to use re-captcha instead of integrated jcaptcha, although jcaptcha works but its fairly easy to break. re-captcha is free and available as a service which can be easily integrated (sites like twitter, facebook, wikipedia uses re-captcha).

    You can also use very simple HashCash spam protection, its simple but works since most of the spam bots wont dare to execute javascript - biggest problem here is that you need to have JavaScript enabled, so this might not be a viable solution for Magnolia.

    As a note: Akismet is very powerful but not free for commercial use.

    1. The form module has a honeypot, which works just fine without any pain for the end user or strain on the eyes. Captcha is a PITA and I am completely against using it on any website at all (don't even get me started...). There are better alternatives, some really smart and needing more work than a honeypot, but hey, Magnolia is about ease-of-use. Captcha is completely killing that.

  2. It does not work.  We are using the form module out of the box and tried to rely on the honeypot.  HOWEVER, we got spammed bad, so I am now implementing the Captcha.

  3. Same here: Our mail admins just blocked the app server because the mail infrastructure was flooded with mails coming from Magnolia mail forms. Honey pots might not be a PITA for users, but they do seem to be a PITA for administrators.

  4. For the heads up: found a couple of things that could lower the number of spams you receive (if you use this honeypot-based solution), see  MGNLFORM-178 - Getting issue details... STATUS