need more anti spam measures

the flag module will be deployed soonish and should help with this.

Perhaps mollom could help us better.

I think mollom is a relatively good idea, but not perfect.

Fasttoggle would also make the job of blocking a user faster.

Fasttoggle sounds good but my interest is to make the spam posts removal automated what you suggest is to ease the administrative task. I can't comment on mollom's performance because I haven't used it for any large sites. From what I know mollom is always improving - it will be a mutual win if d.o opts for mollom. I have always wondered why that didn't happen as yet. Perhaps a combination of fasttoggle and mollom can make things much better.

Mollom would be more than happy to help.

The issue has been discussed in the past already. (At least last time I heard about it) the intention was to limit it to new users only; i.e., limited to the first 24-48 hours, first X amount of posts, or whatever. That should be possible to do now, as I also just mentioned in the corresponding Mollom issue #706180: Fire a hook before Mollom adds its stuff in hook_form_alter()

@sivaji - currently removing spam comments requires 7 clicks. Installing fasttoggle would remove 3 of them and add 1 so a net reduction of 2.

1. Click edit
2. Click blocked
3. Click save
4. Click Administer comments
5. Click checkbox for all comments
6. Click delete
7. Click confirm

Fasttoggle removes 1-3 but adds a new one: Click fasttoggle link to block user. It also drastically reduces the scrolling required for step 2/3.

I understand that. In other words, it needs a human moderator to do this. Let's free him and mollom (or equivalent spam control program) do that job.

If we used flag, (which will probably be rolled out within the next few days), then we could have a "mark as spam" flag, as well as a "mark as redundant" flag, which might help clear up old subscribe comments as well (See #1303644: comment validation to prevent '+1 subscribe' comments)

There is also the spam module, which needs a lot of love, but is potentially useful here.

This was recently brought up here: #1293186: Spam - meta: better spam-combating suggestions

I suggest starting by installing http://drupal.org/project/hidden_captcha for spambot registrations

Flag would work, but I believe it works best for spam with flag_abuse. Then we work towards getting spam.module ready for D7

Delay email notifications. I have a feeling spammers dont care if you delete their posts because they know Drupal just sent out their spam to everyone on the mailing list. If we make it less likely that their spam will get to email then they will be less likely to post spam.

because they know Drupal just sent out their spam to everyone on the mailing list

You can be sure that spammers/spambots don't know any specifics about Drupal or drupal.org.

Also note that Flag module will be deployed very soon, but it will not be used for comments due to performance issues.

marked #226678: Add a "Report spam/abuse" link to forum/issue comments (next to the "edit" & "reply" links). as a duplicate.

Might be worth looking through https://drupal.org/project/issues/search?text=spam&projects=Drupal.org+w... for more...

Please also take a look at my proposal here: #1308176: [meta] Battle plan for stopping spam/"subscribe"/"+1"/"thank you" comments (and cleaning up old ones from the db too).. Thanx in advance.

@sun That's funny because it is already being done... I received this in my inbox as I am a member of the Consulting and Business group, so I don't believe you can say that the spammers have no idea what they are doing on Drupal.org web properties.

Please take a look here, http://groups.drupal.org/node/182814.

This qualifies as an event? http://groups.drupal.org/node/182549

Both of those posts were posted within 24 hours of each other and exactly 35 minutes apart. They were both posted by a user of about 2 weeks, http://groups.drupal.org/user/1192469, which links to their website in their profile and has no other information aside from a name really. In fact, that website is not even a Drupal website. It is a Wordpress website, which has no content and links to a Wordpress theme.

+1 for Mollom integration.

I am not sure the performance implications for such an install on Drupal.org, but it works great for all of the sites I have used it on so far. I used to spend hours each week dealing with spam comments, but now I don't even have to think twice about them.

It would at least do 1/2 the work of getting rid of the obvious spam. That is better than nothing when we are talking about volunteers and users doing moderating.

Hopefully Dries doesn't charge Drupal.org for usage :)

I want to point out that Mollom can be obtrusive as any CAPTCHA device. Especially when non-native writers make spelling errors or such. I don't know what Mollom can do now to avoid hassling legitimate users but I suspect not too much.

Perhaps if there is an treshold (e.g. only for users who are on d-org for less than a month; for users with less than 50 comments or something like this) and only new users get hassled...

I agree with #19- I'm sorry I don't have time to form a full and cogent argument, but I am strongly against using Mollom on Drupal.org, unless it can be configured EXTREMELY carefully to be almost 100% transparent to legitimate users. The workload and frustration that I have experienced as an end user trying to appease Mollom, imposed on thousands of legitimate users, would not nearly justify using it to prevent a few SPAM posts here and there.

Yeah, I too believe that we should not be bothering legitimate (long-time) members with CAPTCHA-like steps when they try to post comments. I agree that if such a measure is taken it should be implemented in a way that will only be in effect for new accounts with only a handful of comments/edits.

Changing tag to unify these under one tag.

I know this is an older issue, but I'm going to mark this as a duplicate of #1293186: Spam - meta: better spam-combating suggestions, as the other issue has more up to date, actionable information in it.