to prevent repeated submissions by spammers and save server resources it would be ideal if mollom could automatically add an entry which can be viewed at admin/config/people/ip-blocking.

Files: 
CommentFileSizeAuthor
#6 auto-ban-spam-results.png59.17 KBDigitalFrontier...

Comments

I think this feature should also be added. In fact if there is no interest in developing it as part of Mollom, perhaps it could be an additional contrib module that just integrates with Mollom.

The goal is, as I see it, to reduce server load due to spammers. Mollom stops the actual spam (mostly) but what I want is to stop spammers from even viewing my site which hurts my server load.

@spartlow the load is not stopped because spammers even though their comments are flagged as SPAM can still continue to submit comments but of course they will again be flagged and removed as SPAM but the feature request here is to not only flag and remove the SPAM content but also ban the offending user's/bot's ip address.

I'm getting a spam attempt roughly once per minute. Mollom is letting through a few per day. If it IP-banned on the first unambiguous spamming attempt, that would probably drastically cut server load (and the amount of spam allowed) because probably each bot tries many times.

StatusFileSize
new59.17 KB

I had a really bad time with this at one point (~1 spam attempt every 10 seconds) wasting lots of server resources. I put in a rule to auto-ban the spammers. Implementation depends on if it's a comment or some other form being protected by Mollom. Essential steps for a protected Webform form are:

  1. Create a new rule
  2. Set the event to be whenever the form is being validated
  3. Add a custom PHP condition with the following code in it:
  4. <?php
    $result
    = $form_state['mollom']['response'];
    if (isset(
    $result['spam']) && $result['spam'] == 2) {
      return
    $form_state['mollom']['discard'];
    } else {
      return
    FALSE;
    }
    ?>
  5. Add the "Ban IP address of current user" action to the rule and save.

mollom auto-ban spam
Further details available at: http://drupalsrq.net/forum-topic/auto-ban-spam

Title:Automated rule to ban spammer's IP at admin/config/people/ip-blockingAutomated rule to ban spammer's IP
Component:User interface» Code

Wow, quite a lot of input here... — Sorry for the silence, friends!

Before we move on to discuss the actual feature request, I'd like to clarify some fundamental data points:
(cf. my recent blog post)

  1. IP addresses are not reliable enough for any kind of static blocking mechanism. In almost all places across the globe, every (innocent) web user gets a new IP address assigned every 24 hours. By using a permanent/static IP blacklist, you will face plenty of false-positives.

  2. The Mollom service has an IP reputation system built-in and blocks spammers accordingly. Mollom's IP reputations are not static, but instead, it maintains a huge store of all IP addresses along with their scores + posts that have been seen in the Mollom network recently. Given that and a range of additional measures, the Mollom service is able to detect when an IP that was formerly (ab)used by a spammer is used by an innocent new party now.

  3. If we're going to do something like this in the Drupal module, then it has to be (1) 100% safe, (2) temporary, and (3) triggered and delivered by the Mollom service.

    For example, a new API response parameter that says blockAuthorIp: {ttl/timestamp}

    "Temporary" means a cache-alike key/value store, in which each item has an expiration date assigned to it.

I'm going to forward this issue to the Mollom engineering team to see what they think.

Thanks to everyone for your input!

@sun -- Re: concern #1 in your list: True, and spammers rotate their IPs as well. To date I've been addressing this with a cron that clears out the banned IPs every so often. I think I address that in my "further details" link along with other potential concerns.

Thanks for looking into this further. Would be a greatly welcomed performance improvement on certain sites, indeed.

And really, the more stuff that is blocked at the user's server, the less load on Mollom's system. So this is feature would benefit both the users and Mollom at the same time.

Ideally I would like to check if the IP address has already sent a certain threshold of spam, and only then ban it. That would cut down/avoid instances where it thinks someone might be spam, but actually isn't. My only concern with this, is the extra load it would require to do a db lookup and count how many times the IP address has been logged.