Our favourite spam bot prevention modules for Drupal 7

Drupal has a number of modules designed to help websites combat comment and contact form spam generated by automated systems known as “bots”, in this article we’re going to focus on using a few of the best modules available to combat this ever growing annoyance.


It’s best to think of the CAPTCHA module for Drupal as a framework or pathway to adding in different types of CAPTCHA checks – from simple mathematical problems for the user to sole to prove they’re a human (and not a spam bot!) to drag and drop puzzles and even riddles and questions, all with the same goal in mind but allowing for a CAPTCHA solution that fits your website or usage case to be selected.

From the developers:

The purpose of the CAPTCHA module is to block form submissions by spambots, which are automated scripts that post spam content everywhere they can. The CAPTCHA module provides this feature to virtually any user facing web form on a Drupal site.

If you want a quick and easy solution to combating spam on your Drupal website you’ll probably want to start with the CAPTCHA module, it’s easy to install and configure and will offer a great deal of protection with minimal effort on your part.



Spamicide is designed to stop contact form spam submissions from getting into your inbox by creating an additional field on your contact form that isn’t visible to normal web visitors but is visible to automated “bots” (who see the field and automatically enter something spammy into it.

From the developers:

The purpose of Spamicide is to prevent spam submission to any form on your Drupal web site. Spamicide adds an input field to each form then hides it with css, when spam bots fill in the field the form is discarded.

The form field being filled out is the key to Spamicide’s magic as this tells the module that this message is from a spam bot and it prevents it’s submission.  The only downside is in some cases spam messages are submitted by real people – paid by the spammers to send the messages – and Spamicide’s detection and prevention method can’t detect them.



We’ve left the best till last, BOTCHA (which standard for BOT Computerized Heuristic Analysis – among other things) is our favorite spam prevention measure for Drupal 7, it’s easy to use in it’s default form and is easy to configure – it’s also smart so as spam bots get smarter BOTCHA can be updated to tackle new spam threats.

From the developers:

The approach of BOTCHA is to add various elements to forms that need protection from bots. These elements do not present new fields to users, so BOTCHA is completely transparent to humans. Both humans and bots submit those forms and BOTCHA performs heuristic analysis on each submitted form. Bots are usually programs/scripts that are relatively dumb, and most of the time they fail BOTCHA tests and human users don’t.

Once BOTCHA proves the submission is by a bot, the form submission is blocked.


Our choice…

We use a combinations of the CAPTCHA module along with BOTCHA on the O’Brien Media website, CAPTCHA’s are used on user registration pages and BOTCHA is used to filter out automated contact form submissions (which cut down spam by over 99%) and to prevent automated logins to our website.

It’s a combination we’re very happy with but we’re always looking at new tools to keep spam under control, both on our own website and on customer websites, so it’s a subject I’m sure we’ll revisit in future articles!