Mollom has a new release that says it can now support any form in the system. They don't seem to have much documentation on this but I am experiencing users registering on my site and spamming my users with private messages. Even though I have mollom activated on my registration form they are still able to get through. Please support mollom.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Berdir’s picture

Title: Please Support Mollom 6.x-1.12 on private messaging forms » Mollom integration
Status: Active » Needs review
FileSize
7.79 KB

Ok, attaching a first patch, seems to work fine for me.

Note that I had to remove the ['privatemsg'] fieldset part from the privatemsg_new form to have the mollom captcha show up at the right place (above the buttons). But I wanted to do this for quiet some time now anyway...

Berdir’s picture

#1: privatemsg_mollom.patch queued for re-testing.

deverman’s picture

We have applied the patch to this module and it seems to be working after some basic tests. The captacha showed up.

I suppose there is another part to this implementation in that users should be able to mark messages as spam when they get them? Is it possible to give a permission to users to report to mollom for each message?

Berdir’s picture

Yes, I thought about that too. But I don't think that you can give users permission to only report private messages as spam but I need to test it.

Berdir’s picture

FileSize
10.15 KB

Ok, I was wrong, it's possible to define a permissiond and a callback function for deleting content.

I've updated the patch to work with Mollom 6.x-1.13 and added the report to mollom callback.

Note that there are two open issues:
- Reporting always deletes the message for all users
- You are redirected back to the thread when reporting the last visible message and a 403 is displayed.

To nicely fix both of these issues, I've opened #771594: Add a permission to control access to report form where I also explained them better.

deverman’s picture

It is great to hear that the other end of this can be handled. Can you please rename the "report to Mollom" action to "Report Spam"? My users are not going to know what "Mollom" means and facebook uses "Report Spam" so I think they will understand that.

deverman’s picture

We have put this on our site and it seems to be working with the exception that when you use the report spam function it will take you to a 404 not found page.

Berdir’s picture

Are you using Mollom 1.13? Can you copy & paste the url when you see the 404 after clicking on the link?

You can always change the strings with http://drupal.org/project/stringoverrides, I'm using the same text as mollom uses for nodes and comments.

mdroste’s picture

I've applied the patch and it to work. I can add the form to the list of protected forms for mollom, I see a 'Report to mollom' link, but...
There is no captcha if I choose Captcha Only, and if I choose 'Text analysis and captcha fallback' Mollom doesn't work. I'm still able to send Spam Messages.

What's going wrong here?

Berdir’s picture

Mollom 1.13? Do you see anything in your dblog?

mdroste’s picture

Yes, Mollom 1.13 and no errors in logs.
The format of mollom messages is new:
Spam:
Array
(
[post_body] => ...

But I think that's a Mollom issue.

deverman’s picture

I have only tried with text analysis and captacha and I have been able to get the captcha to come up when submitting spam like text. (Make sure you are trying it from an account that can't bypass mollom.)

I did not try the module with the captcha only.

mdroste’s picture

I've also tried text analysis and captcha with an normal authenticated user account. Spam not blocked, captcha doesn't come up.

Berdir’s picture

FileSize
9.09 KB

@mdroste

Are you maybe testing this on a development site or something like that without mollom keys configured? Mollom won't do anything then... To be sure that it's not a mollom issue, does it work work nods/comments?

Anyway, here is a new approach thanks to a suggestion by sun. Instead of providing a report to mollom link, the feedback form is directly integrated into the delete form. I still need to figure out the permission stuff (currently all users with delete permission will be able to report to mollom)

mdroste’s picture

@berdir

No, it's not on a development site. It runs on a big German Community Site: http://community.beck.de/
And mollom works great with nodes and comments.

Berdir’s picture

#14: privatemsg_mollom3.patch queued for re-testing.

Berdir’s picture

FileSize
9.36 KB

Adding a new patch which uses the report permission feature I wrote as a patch for mollom.module: #771594: Add a permission to control access to report form

No clue why it doesn't work for mdroste, a few more tests from other people would be great, can someone reproduce that it does not work?

Berdir’s picture

#17: privatemsg_mollom4.patch queued for re-testing.

Status: Needs review » Needs work

The last submitted patch, privatemsg_mollom4.patch, failed testing.

Berdir’s picture

Status: Needs work » Needs review
FileSize
9.68 KB

Re-roll.

Status: Needs review » Needs work

The last submitted patch, privatemsg_mollom5.patch, failed testing.

Berdir’s picture

Status: Needs work » Needs review
FileSize
12.13 KB

Re-roll to fix the failing tests.

Unless there is some feedback on the mollom issue soon, I make a separate issue for the cleanup stuff in this patch (PHP 5.3 fix and form changes)

Berdir’s picture

Status: Needs review » Postponed
FileSize
1.57 KB

Updated the patch to work with the latest patch against mollom by sun. Note that the patch only contains the mollom specific things, I'm going to create an other issue for the other things.

Berdir’s picture

Status: Postponed » Needs review

The issue I talked about in #23 has been commited.

sun’s picture

Note that the Mollom patch wasn't committed yet.

+++ privatemsg.module	16 Aug 2010 13:35:34 -0000
@@ -2105,6 +2106,41 @@ function privatemsg_views_api() {
+ * Implements hook_mollom_form_info().
...
+ * Implements hook_mollom_form_list().

minor: Ideally, _list() should come before _info()

+++ privatemsg.module	16 Aug 2010 13:35:34 -0000
@@ -2105,6 +2106,41 @@ function privatemsg_views_api() {
+    'title' => t('Send new message form'),
...
+    'entity' => 'privatemsg_message',

You can skip the 'title' and 'entity' definition in _info().

And actually, thanks for working on this implementation. I just had the idea that Mollom perhaps should support modules to implement hook_mollom_form_list() only - if their form information happens to be static (i.e. not bound to a specific form id and whatnot).

Powered by Dreditor.

Berdir’s picture

FileSize
1.71 KB

Implemented suggestions from sun in #25.

langworthy’s picture

Version: » 6.x-2.x-dev
FileSize
1.5 KB

Re-rolled #26 to current 6.x-2.x branch.

Added callback to allow action when mollom text analysis identifies spam.

sun’s picture

Version: 6.x-2.x-dev » 7.x-2.x-dev

mmm, not sure where we're actually standing here. It looks like #26 wasn't committed to 7.x-2.x yet, but I think the corresponding Mollom patch was committed to 7.x already. However, it definitely wasn't committed to Mollom for D6 yet, so #27 won't work until #771594: Add a permission to control access to report form has been backported and committed.

langworthy’s picture

Version: 7.x-2.x-dev » 6.x-2.x-dev

Hmm... I don't think I quite understand the callback I added in #27 as I thought I did. Is it possible for spammy messages to go in a queue somewhere for moderation?

langworthy’s picture

Version: 6.x-2.x-dev » 7.x-2.x-dev

Sorry, I set the version back.

Berdir’s picture

@langworthy: You're welcome to port this patch to 7.x-2.x (I guess the main thing to update is the permission declaration).

Because right now, this can't be commited to 6.x-2.x, the linked mollom issue needs to be commited to 6.x first.

Also, private messages don't have a status, so what you're doing make no sense. You can't store private messages without displaying them to the recipients right now.

langworthy’s picture

I see now that what I was trying to do makes no sense. whoops.

Could someone clarify the need for the linked mollom issue. The patch in #26 re-rolled is successfully detecting spam for me so I seem to be missing something.

Berdir’s picture

Yes, it works fine. This is only about the 'report access' permission feature which allows to configure an permission that is required to have the report form elements show up on the delete confirmation form. Right now, all users wo can delete private messages can also report them to mollom.

On most sites, all users are able to delete private messages, but the form might be confusing and you probably don't allow them to do that directly (they might report messages wrong and similar).

langworthy’s picture

Thanks for the summary Berdir.

I provided a backport to #771594: Add a permission to control access to report form

I regret I don't have the resources at the moment to port this to 7.x. I'll post my latest 6.x patch as it contains a change from #26.

For me to get the reporting working properly (along with the patch in #771594) I had to move the report access property from hook_mollom_form_list() to hook_mollom_form_info().

EDIT: to be clear this is a 6.x-2.x patch

Status: Needs review » Needs work

The last submitted patch, mollom_integration-720038-34.patch, failed testing.

myha’s picture

Status: Needs work » Needs review

#34: mollom_integration-720038-34.patch queued for re-testing.

Status: Needs review » Needs work

The last submitted patch, mollom_integration-720038-34.patch, failed testing.

Berdir’s picture

Version: 7.x-2.x-dev » 6.x-2.x-dev
Status: Needs work » Needs review

When you upload a patch, you need to set the version field to the correct value. Thanks for working on this.

Berdir’s picture

#34: mollom_integration-720038-34.patch queued for re-testing.

Berdir’s picture

Version: 6.x-2.x-dev » 7.x-2.x-dev
Status: Needs review » Patch (to be ported)

Great, commited to 6.x-2.x. Now on to 7.x-2.x

Berdir’s picture

Status: Patch (to be ported) » Fixed

Also commited to 7.x-2.x

ufku’s picture

Version: 7.x-2.x-dev » 6.x-2.x-dev
Status: Fixed » Active

In 6.x-2.x, with the commit of #1034334: Refactor reply form out of privatemsg_new() validate and submit handlers were bound specifically to the submit button and this prevents execution of other handlers bound globally to the form. Mollom validators are affected by this.

Berdir’s picture

Version: 6.x-2.x-dev » 7.x-2.x-dev
Status: Active » Fixed

Please open a new bug report.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.