Nofollow on homepage links?

Google dictates and the people follow ;). Personally I don't think implementing it will stop comment spam much as there will always be blogs and guestbooks that will not have this feature. Experience has shown that making a medium less effective for spam simply causes spammers to spam harder. It's only when the medium becomes 100% ineffective, that they stop.

Still, it's a tiny patch and a popular thing to have. Notes:

- The default value for the variable is 0 in one place, FALSE in the other. While it won't alter functionality, it's still iffy.

- Bad code style ;) (space in front of parameter)

- The title for the option could be clearer. Something like "Link spamming discouragement" ? The option's description already tells you about the rel="nofollow" attribute and what it is for.

For people with 4.5 / older / unwilling to patch, the module version of this is attached. Also see:

http://drupal.org/node/15848#comment-25909

Patch committed to HEAD.

Is there a reason this is marked active and not fixed?

How hard would it be to have this able to be on for comments but off for other types of entries? Can filters make that type of decision?

I don't think that makes sense. You want to tie this filter to a role, not a type of content. If an anonymous user can, say, submit both comments and stories, why would you allow spamming in one and not the other? The idea is to use the "nofollow" attribute on all links by untrusted users; registered users could have even their comments spidered, and that's fine.

Can this functionality be added to anonymous comments, in the form item "homepage" field also.

Please add this to users as well (see above), I had my first "userspam" recently

When the filter is linked to a user role (say anonymous), presumably that role should have access to only 1 input format. This forces site admin to use that format as default. Then all other users have to manually change the format for every content they want to create. Not convenient.

The whole "one format to rule them all" situation is not ideal, I agree. I would welcome a patch to change this, provided it addresses the following concerns:

- What UI do we use for the defaults per role? A matrix could be confusing.

- Do we simply allow every role to have a default? If so, does that mean that you could let e.g. some people use only "Restricted HTML" and others use only "Full HTML" (as they would never choose "restricted" if they can use "full")?.

- In that case, how do we handle formats for administrators, i.e. people who can edit other people's posts? For example, in the above situation, what happens if editor edits a post made by someone with a different format setup? Do we automatically switch to an allowed format? (*) Do we always present both the currently stored format and the available formats, for those with the right permissions?

- Using a per-role default means that every item that is filtered has to have a format stored with it. This is because the filter system does not know who posted a piece of data that is being filtered. All it knows is what format it is in. The input format is chosen/validated when the item is saved, not when it is loaded. When an item is filtered for output, the global $user will be the account of the person viewing the item, so it is not an option to use that.
On the other hand, we could just still use a global default format, but make it so that it won't appear as a conscious choice, but still can be used as a fallback for format-less text.

(*) This might not be a good idea as this could be abused: consider a user who posts something naughty at the very bottom of a post. Assume it gets by the XSS filter, but gets stripped out by the restrictive filtering. The user puts an obscene image at the top of the post.
An admin will see the post, edit it, and remove the image. If in doing so, the input format has been changed to Full HTML, the naughty exploit will now not be subject to filtering, and will appear, with possible nasty consequences.

I have to agree with capmexbiz that rel="nofollow" needs to added to the homepage links for anonymous user comments for this patch to make any difference. Adding rel="nofollow" to node entries does nothing if comment spammers can still put their spam URL in the homepage field when anonymous comments are enabled.

The help text for the "Spam link deterrent" on the ?q=admin/filters/1/configure page says:

"it is likely most effective when enabled for anonymous users."

OK, so how do you set it for anonymous users only? Is this possible? This is very confusing to me. Can someone modify this langauge, please?

changed back to cvs

Is there a way to add the nofollow tag to a poster's homepage link - in addition to links posted within the comment?

I've messed around with the comment module but can't get anything to work.

Thanks,
Alex