Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member
Drupal Gardens sites are pretty secure by default, but even if you don't give visitors additional access, as you learned how to do in the video on adjusting user permissions, there is one big way that they can cause problems: by leaving abusive or spam-filled comments. This video shows you how to manage them. Now we're going to look specifically at actions that are permitted for anonymous users since they're the ones who never sign in and therefore can't be tracked, but we'll also look at some things that authenticated users can do, since Drupal Gardens sites by default allow anyone to sign up.
There are actually programs out there that will go around and automatically sign up for web sites and then post spam. In other words, they become authenticated users first and never face restrictions you place on anonymous users. For ways to stop that sort of abuse, you could require administrative approval of all new memberships, as you learned in the video for managing users. But let's go through and look at some of these permissions, which is a more lightweight way to avoid such abuse. To do so, click on People and Permissions.
Now I am just going to scroll through and look at the things that anonymous users and authenticated users can do. The first one is this AddThis widget. We'll discuss this future in the video about taking advantage of social media, but in brief you don't really have to worry about people abusing your site with it; it only allows them to look at things. The other kinds of things that anonymous and authenticated users can do are broken into two categories. The first one is permission to view content, and you really don't have to worry about that.
The second one is permission to create and edit content. That's where the problems come in. So let's scroll through and see what those permissions are. In Aggregator, they can view news feeds. No problem there. View comments, ah! And then we come to Post comments. There are actually two kinds of category here: Post comments and Skip comment approval. We'll take a look at both of these later in the video and explain how you can moderate these comments as they come in. As we scroll down further, Subscribe to comment notifications, again, something that's not really a problem.
It has to do with people receiving information instead of putting it into your site. Use the site-wide contact form, we already removed the anonymous user permission from that in an earlier video. Use the Filtered HTML text format, that's actually not a problem. We can skip over that. View media, not a problem. And as we go down, the rest are all about viewing content. Using search, again about viewing content. Not really very much there except for the commenting problem, so let's talk a little bit about that.
You might remember that authenticated users can post comments and skip the approval process. Anonymous users, on the other hand, have to get approval for every comment that they post. I'll show you what both of those look like, and how you actually give that approval. First, I am going to create a test news post, something that will allow people to add their comments. So I click Add content and then go to News item, and just to how about "What do you think about California?" In the body, "Tell us your opinions." Go down, make sure that comments are allowed. Yup, they're opened, and save.
And there is our node with the Add new comment link there and the comment form beneath it. I'm just going to copy this URL and then go over to the Google Chrome browser where I am already logged in as an authenticated user, califanjoe. I'll go to that URL, and I'll post my comment. "I think it's great! I love to visit when I can!" And go down and save it.
And as you can see, there is the comment. It appears the immediately because an authenticated user doesn't have to go through the approval process. Now I'm going to sign out, and I'm going to add a comment as an anonymous user. I'll click on the link to go to the comments, and now I'm going to post a new comment myself. I'm going to say Hateful Joe, and that's at email@example.com. We could enter a Homepage if the person wants a subject.
"Why would you even ask such a question? That's dumb!!!111!!!" There. That's the kind of silly comment you might see, and then I'll save that. Now because I am an anonymous user, I get this message that the comment has been queued for review. Let's go back to our administrator site and see exactly how that works. We go up to Content and then click the Comments tab. The first thing you see is all of the comments that have actually been published.
Here is the one from califanjoe. It's published. Everything is fine. Then we see these unapproved comments right up here, and that's where you see the one from the anonymous user. You could then go in and take a look at it, or you could go in and edit it. While editing it, you could decide, oh I don't really want that, by clicking the administration tab here and just leave it on Not published. You can also change who it's authored by. You can change everything about it, quite honestly. But let's go back and take a look at this Unapproved comments list.
The easiest way to get rid of all of them is to simply check the boxes of the ones you want to get rid of, choose from the pop-up menu, Delete the selected comments, and update. Now you have a choice at this point to report these as low quality or obscene, and this all goes into a system called Mollom, which we'll discuss in a later video, but for us, I am just going to say, no, that's fine. You don't have to report this, just delete it, and it's done. The tough part about this system is you have to watch that unapproved comments list like a hawk, so come back here every once in while, click on, again, Content > Comments and Unapproved comments, and just look through and make sure that you haven't caught anything that should be released or should be deleted.
You can leave them there if they should be deleted because of course they won't appear on your site. Nobody will see them except for you. Now if that sounds like a lot of work, guess what? It is. You can offload some of it by giving the Administer comments and Comment settings permission to somebody else, perhaps by assigning it to a newly created community manager role or something like that. And if you want to learn how to do that, take a look at the video about adjusting user permissions. But I'm afraid that's just the way it is. Computers are easy. People are hard.
The most complete way to solve it is simply not to allow comments in your site, and you would do that by editing the content type and taking away the comment permission, as you learned in an earlier video about content types. Another partial solution is found in the Mollom module, which you'll learn about in the video, "Slowing spam."
Get unlimited access to all courses for just $25/month.Become a member
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.
Your file was successfully uploaded.