Drupal 6 Essential Training
Illustration by Don Barnett

Stopping spam using a CAPTCHA


Drupal 6 Essential Training

with Tom Geller

Start your free trial now, and begin learning software, business and creative skills—anytime, anywhere—with video instruction from recognized industry experts.

Start Your Free Trial Now

Video: Stopping spam using a CAPTCHA

Spam and site vandalism are a problem for anyone who runs a publicly accessible website. There are a several Drupal Modules that give you ways of combating such problems. We are going to examine one of the more popular, the CAPTCHA module. A CAPTCHA forces posters to prove they are human and not an automated posting box by challenging them with human readable questions. This module as with all modules will change as new versions are released. As a result the interface and features you see here might not match what is on your computer. We have already downloaded and installed this module. If you need help doing so, see the video in this series entitled 'Unpacking and Installing Modules'.
Expand all | Collapse all
  1. 4m 36s
    1. Welcome
    2. Using the example files
      3m 47s
  2. 28m 50s
    1. Drupal is a CMS
      7m 43s
    2. Choosing Drupal
      5m 31s
    3. Checking Drupal's requirements
      4m 26s
    4. Understanding the inner workings of Drupal
      4m 32s
    5. Meeting the Drupal community
      6m 38s
  3. 11m 26s
    1. Learning key terms in Drupal
      5m 19s
    2. Touring Drupal's interface
      6m 7s
  4. 34m 28s
    1. Installing WAMP and Drupal on Windows
      9m 41s
    2. Installing MAMP
      4m 34s
    3. Setting up the database on a Mac
      2m 1s
    4. Downloading and installing Drupal on a Mac
      6m 32s
    5. Troubleshooting installation problems
      3m 49s
    6. Automating updates with cron
      7m 51s
  5. 25m 34s
    1. Setting up clean URLs
      5m 51s
    2. Backing up your Drupal site
      3m 31s
    3. Restoring your Drupal site from backup
      4m 18s
    4. Wiping your Drupal installation clean
      2m 6s
    5. Updating Drupal
      9m 48s
  6. 15m 35s
    1. Using the Administration menu
      6m 20s
    2. Setting site information
      4m 50s
    3. Setting the theme
      4m 25s
  7. 35m 6s
    1. Understanding security and permissions
      7m 2s
    2. Controlling site access with user management
      3m 39s
    3. Creating users
      7m 57s
    4. Setting user profiles
      9m 40s
    5. Creating contact forms
      6m 48s
  8. 19m 18s
    1. Creating your site's basic info pages
      7m 12s
    2. Understanding page layout
      5m 40s
    3. Creating a flexible layout with blocks
      6m 26s
  9. 15m 34s
    1. Monitoring performance
      4m 51s
    2. Recovering from disasters
      7m 37s
    3. Improving administration skills
      3m 6s
  10. 41m 1s
    1. Understanding nodes
      6m 49s
    2. Creating basic content: Stories and pages
      7m 9s
    3. Enabling other content types
      9m 22s
    4. Adding blogs
      3m 48s
    5. Adding forums
      6m 56s
    6. Adding polls
      6m 57s
  11. 34m 48s
    1. Exploring content categories
      7m 44s
    2. Exchanging content via RSS
      9m 47s
    3. Using input filters
      7m 40s
    4. Managing comments
      9m 37s
  12. 38m 5s
    1. Configuring your theme
      11m 27s
    2. Changing your theme's graphics
      4m 59s
    3. Finding and installing a new theme
      8m 56s
    4. Understanding Cascading Style Sheets (CSS)
      5m 56s
    5. Deciphering CSS files
      6m 47s
  13. 22m 38s
    1. Finding modules
      6m 52s
    2. Unpacking and installing modules
      6m 29s
    3. Configuring modules
      3m 49s
    4. Implementing complex modules
      5m 28s
  14. 32m 10s
    1. Ensuring automated updates with poormanscron
      3m 10s
    2. Defining custom content types with CCK
      12m 53s
    3. Stopping spam using a CAPTCHA
      10m 43s
    4. Using a WYSIWYG text editor
      5m 24s
  15. 22m 18s
    1. Getting around with multilevel menus
      7m 26s
    2. Building custom menus
      5m 42s
    3. Creating easy-to-navigate books
      9m 10s
  16. 20m 18s
    1. Changing page templates with PHP
      8m 15s
    2. Using PHP in content
      5m 20s
    3. Implementing PHP snippets
      6m 43s
  17. 10m 14s
    1. Launching your site
      5m 51s
    2. Joining the Drupal community
      4m 23s
  18. 15s
    1. Goodbye

please wait ...
Watch the Online Video Course Drupal 6 Essential Training
6h 52m Beginner Aug 25, 2008

Viewers: in countries Watching now:

Drupal is a free, open-source content management system (CMS) for a variety of platforms. It has a robust user community and easy-to-use administration features. Drupal Essential Training covers all the important aspects of installing, configuring, customizing, and maintaining a Drupal-powered website. Instructor Tom Geller explores blogs, discussion forums, member profiles, and other features while demonstrating the steps required to make Drupal perform. He also teaches fundamental concepts and skills along the way, including installation, backups, and updates; security and permissions; flexible page layouts and CSS; menu navigation; and performance monitoring and disaster recovery. He also discusses how to select and install the community-supported modules that further expand Drupal's capabilities, and gives experienced PHP programmers tips on customizing page templates. Example files accompany the course.

Topics include:
  • Understanding the inner workings of Drupal
  • Creating stories, pages, blogs, forums, and polls
  • Managing users and comments
  • Setting and customizing themes
  • Exchanging content via RSS
  • Stopping comment spam with a CAPTCHA
  • Launching a site and joining the Drupal community
Tom Geller

Stopping spam using a CAPTCHA

Spam and site vandalism are a problem for anyone who runs a publicly accessible website. There are a several Drupal Modules that give you ways of combating such problems. We are going to examine one of the more popular, the CAPTCHA module. A CAPTCHA forces posters to prove they are human and not an automated posting box by challenging them with human readable questions. This module as with all modules will change as new versions are released. As a result the interface and features you see here might not match what is on your computer. We have already downloaded and installed this module. If you need help doing so, see the video in this series entitled 'Unpacking and Installing Modules'.

By the way CAPTCHA is a sloppy acronym for Completely Automated Public Touring Test to Tell Computers and Humans Apart and it is spelled CAPTCHA. The first we are going to do is go to Administer and Modules. To turn on CAPTCHA we will click to close the CCK and all of the other groups up here, so that we can get to the bottom of the page quickly and there is our CAPTCHA module. You need to enable the main CAPTCHA modules and then these other ones extended.

I am going to click on both of them. You can also download additional Extenders from the drupal.org website. Once we are done we click on Save Configuration. From here we would administer CAPTCHA, by going to Administer and by doing Command+F or Ctrl+F on PC and to find it easily I will search for 'capt' and there we are CAPTCHA and click on that. We will get back to the General settings in a little while but first we are going to tackle Image CAPTCHA, by clicking on Image CAPTCHA at the top of the screen. You will note this warning at the top, which tell us that a CAPTCHA module works best for the TrueType font file installed. You can get this on your computer. On the Mac that is in Library, Fonts from the top level and on Windows it is in Control Panel and then the Fonts folder.

We have already taken one and put it on our desktop. I am going to go to that, by going to the Finder and hiding everything else and there is our Font file. You put this inside the Captcha folder, which you have installed in to Modules and then inside image_captcha and fonts. So we will just drag that in and then go back to our Administrative interface. Now when we refresh the page you will see that this bitmap will change into something a little bit prettier using a font that we just installed which incidentally was Georgia.

The reason that it is done this way is that the makers of the CAPTCHA module are not permitted to distribute the fonts. You can use the ones that are installed on your computer and it is possible to download free TrueType fonts from throughout the internet, but they cannot distribute them so you need to make this small adjustment. We are going to reload this page. So we have taken care of the font issue. Now let us go through some of the options you have. You can choose what characters are in the code. If for example, you decide you do not want to use any capital letters, you can just knock those out of here. You will notice that some of the letters are missing that is because a capital I looks very much like a lower case l. I prefer to leave the settings in here and they are given.

You can choose how long you want to the code to be. If you want to make it easier for humans then you would make it two or three or four characters, if you want to make it harder obviously more characters. Of course the harder you make it for people, the harder it is also for spammers to use robots to read your CAPTCHA. Scrolling down further we've installed another font, so we are going to select it from Font. And Character Spacing we will leave on normal. You can play around with this once you are down, to see which works best for you. Color settings and Text color, we will leave all of this alone although again, what you will want to do is play with it to see which one works best for you to give you the best balance between difficulty and ease for a person to read.

Finally you can define several types of Distortion that will affect that CAPTCHA. I am going to leave it as it is, it is default just so that we can see what that looks like and then adjust from there. Click on Save Configuration. Now we see an example CAPTCHA. I will not say that is pretty good. For example I can read that, it is + ! t # F. Let us change a few of these settings just to see how it affects things. We will make the Code a little longer. We will make the Font size larger, Character spacing smaller. So we will have larger and more letters, but crushed together. This is going to make it harder for the CAPTCHA to be read by a computer, but also harder for people. Continuing on, we will leave the Background color and font color the same although of course if make them very similar that is going to lower the contrast between the two.

You can also change the amount that the text varies from letter to letter. You might have noticed up above that the letters do vary in color. This one is sort of a green brown and this one is sort of a purplish. You can change the amount of that variation. Finally Distortion, this one is really fun. Let us turn on Double vision just to see what it looks like and Smooth distortion. Leave the Noise level at normal and Save Configuration. There that is an example of slightly more difficult CAPTCHA, but I can still read it and I think this is a pretty good setting. So we are going to go back to Administer now and scroll down to CAPTCHA and let us take a look at the Text CAPTCHA by clicking on Text CAPTCHA at the top. Text CAPTCHA actually has far fewer options. It can generate nonsense words or you can define a list of words and again you can select how long the CAPTCHA should be.

I am just going to leave it in its default configuration, but you do not know what these are going to look like. Do you? At least in the Image CAPTCHA you saw an example. Well do not worry about it because back at the main CAPTCHA page we have an option of seeing examples. Let us click on that now. The main part of CAPTCHA includes a math option, which will ask you a question as you can see up here. Let us see some more examples of this challenge. And you can see there are simple math problems that most people would be able to do. Going back to Examples, we see another example of the Image CAPTCHA. If we want to make sure that they generally are readable and want to have a large enough sample size to tell that, we will click on 10 more examples of this challenge and there we have. That is what it would like. Of course each one will be different when the user sees it.

Going back to our Examples, let us take a look at some of the Text CAPTCHA challenges. These are all what is the nth word in a certain phrase and then you would type in whatever the nonsense word is. The problem with Text CAPTCHA of this sort of course is it may be difficult for people who do not read English because they would not be able to read this what is the third word in the phrase section of the sentence. So now you know about a few of the basic CAPTCHA options, but how does this get applied in your site. To find out go to General settings and you scroll down you have an option to put different types of CAPTCHA in different parts of your site. For example if you want to make sure everybody entering a comment is really a human you might say, oh! I think I want a difficult Image CAPTCHA. Let us say for contact_mail you do not expect vandals to really hit that page as much. Let us try an easier Math ( captcha) and so on. And then of course you would save the options at the bottom.

One option that you can add is to Add CAPTCHA administration links to forms. That lets anybody who has the permission that lets them administer CAPTCHA, change what is being shown in a certain area. That is good if you set these settings down here and then really want to see what they look like on the site and change them on the fly. Down towards the bottom you can change the description of a CAPTCHA by changing the text in here. That is good if for example, you think your users already what a CAPTCHA is and you do not feel this is needed or alternatively if you think they need more explanation or if they are using a different language.

Finally you can force a CAPTCHA every time the person visits the page or only at certain times. You can set it so somebody only have to answer the CAPTCHA challenge once and from then on they will also be able to enter comments and mail and so forth. And finally you can add Log entries whenever somebody has a wrong response. We will click on Save and we are done. We have set up our CAPTCHA. Now before this becomes useful to users in general we have to go back to Administer and as usual go down to Permissions. On the Permission page you will scroll down to the Captcha module and see that you have two settings. We already discussed administer CAPTCHA settings a little bit.

The other one is skip CAPTCHA. Let us say that you have a special level where somebody has already proven themselves how good user they are and you trust that they are not going to abuse your site. You could for example, give them permission to skip the CAPTCHA. I think we are just going to leave this the way it is for now though we will go down to the bottom and click Save permissions. Now let us see how this looks to an ordinary user by switching to our old friend fishyjoe. You might remember that fishyjoe has a penchant for adding abusive comments. Let us see if he can do so now. Click on seeking equity partner. Oh! I think this is stupid, I add a new comment and I say, oh! That is -- now he has to enter the CAPTCHA. If fishyjoe is actually a person he will still be able to get pass this. He will enter his subject. Let us say, "That's stupid! I do not like this subject at all" and enters the CAPTCHA and let us just say that he enters it incorrectly.

Click on Preview and he gets a warning. The answer you entered for the CAPTCHA was not correct. But generally speaking of course users will be able to read this. So this is not good for stopping abusive users. It is however good for stopping abusive robots who will not be able to this as easily. Well just leave this comment behind and go back home. Finally I should mention MOLAM. MOLAM is a system that takes submissions to your site passes them through an external server which then checks it against an algorithm to make sure that it is not spam. It is some what more effective then an anti-spam system on your own computer because it is aggregating information from many spammers on many different sites putting that all together and learning exactly what sort of spam hits Drupal sites. It is incidentally a company that was founded by the fonder of Drupal itself, Dries Buytaert.

CAPTCHA like other schemes to beat online vandalism is only a partial solution. Computers might be able to figure out your CAPTCHA especially if you have configured the module lightly for better human comprehension. So it is not a perfect system, but it will still catch a lot of troublemakers and help keep your site clean.

Find answers to the most frequently asked questions about Drupal 6 Essential Training .

Expand all | Collapse all
please wait ...
Q: While following along to the installation instructions in the “Installing WAMP and Drupal on Windows” chapter in the Drupal Essential Training title, an error occurs when attempting to open the local host page. Nothing appears except for an error reading “WAMPSERVER server offline.” What is causing this?
A: There is a known problem with some versions of WAMP that include a version of PHP (5.3) that some versions of Drupal is not compatible with. See http://tomgeller.com/content/tips-running-drupal-windows-using-wamp#comment-831 for more information.
If that is not causing the issue, reference the tips at http://tomgeller.com/content/tips-running-drupal-windows-using-wamp.
If you don't see the solution at either of those links, try using another AMP stack, such as XAMPP or the Acquia stack installer. See http://tomgeller.com/content/what-hells-wrong-drupal-wamp for discussion about these.
Q: After installing XAMPP and running Drupal for the first time, the Administration menu does not appear. What is the reason for this?
A: There are several possible problems. Here are some likely solutions. (These may also solve problems encountered with other AMP stacks.)
  1. Increase XAMPP's PHP allocation.
  2. Check to make sure all XAMPP's paths are correct and that permissions are correct. If the database information appears, but not Drupal's supporting files, and an included theme is being used, the supporting files will be in the /modules folder.
  3. Another solution is to not use WAMP or XAMPP. One option is to use Acquia's Drupal Stack Installer ("DAMP"), which can be found at http://www.acquia.com/downloads. However, that installs Acquia Drupal, which is a version of "normal" Drupal extended with additional modules. If  only core Drupal is desired, see the instructions at http://acquia.com/blog/kieran/try-drupal-7-alpha-your-laptop-or-desktop. (The instructions are for Drupal 7, but will work for Drupal 6 as well.)
Q: In the "Using the example files" movie, the method of importing information to the database is shown, using the backup in Chapter 10. When attempting to do this, the following error is shown: "No data was received to import. Either no file name was submitted, or the file size exceeded the maximum size permitted by your PHP configuration. See FAQ 1.16." The system is running the latest versions of Apache, PhP and MySQL, on Windows Vista. What could be causing the problem?
A: This is probably caused because your AMP stack allocates too little memory to PHP. 
That's especially true if you're using WAMP, which only gives PHP 2MB of memory, when it really needs at least 16MB. 
You'll see the issue if you go to the MySQL-controlling phpMyAdmin screen (probably at http://localhost/phpMyAdmin) and click "Import": The maximum file size allowed is 2,048K. That's only 2MB, and the databases for most Drupal sites are much larger than that. (The example site for Drupal Essential Training gets as big as 5MB.) The video "Installing WAMP and Drupal on Windows" shows (at around 3:30) where the php.ini file is, but here are some more-complete instructions to increase that memory limit. 

  1. Click the WAMP icon in your system tray.
  2. Select "PHP". In the side menu, select "php.ini" to open a file containing PHP's configuration options.
  3. Search for the line, "upload_max_filesize = 2M".
  4. Change it to "upload_max_filesize = 32M" (or whatever you like). 
  5. Save the file and restart WAMP. (Better yet, restart your computer entirely to be sure. I'm frankly not sure whether it makes a difference.)
  6. Now go back to that "Import" screen in phpMyAdmin: You should notice that the limit has changed.
Q: I don't remember the default username and password used demonstrate Drupal.
A: The default username used in the course is "admin"; the default password is "booth".
Q: How can I change Drupal's administrative username and password?
A: If for some reason the default exercise file username (admin) and password (booth) don't work, you can change them in the database itself using phpMyAdmin. (This technique is demonstrated in a video from Chapter 8, "Recovering from disasters".)

  1. Open your Drupal database with phpMyAdmin.
  2. Go to the "users" table. Click the Browse icon.
  3. For the row where uid = 1, click the Edit icon. (Note the value under the "Name" column: That's the administrator's username.)
  4. In the "pass" row, select "MD5" under the "Function" column
  5. In the same row, enter your new password under the "Value" column.
  6. At the bottom of the screen, click the "Go" button. You should now be able to log in with that username and new password.
Q: In Windows Vista, the WAMP icon disappears from the system tray after a certain amount of time. How do I get it to reappear?
A: To make the WAMP icon reappear (so that you can access localhost, phpmyadmin, php.ini, etc.), you have to activate the "start WAMP server" icon (from start menu, desktop or wherever). The system tray icon will reappear.
Q: My .htaccess file disappeared. What caused this?
A: A few times during the Drupal Essential Training video series, the instructor says to copy a Drupal installation by selecting all the files in the folder and then "dragging and dropping" them, either to a server or another location on your local computer. This is not the best way to do so, as the hidden file ".htaccess" will not be copied. 

There are two ways to get around that problem: 
  1. When installing Drupal for the first time: Instead of copying files from the Drupal folder, move the entire folder to its target location and rename it. This is the easiest solution for those without experience with Unix. 
  2. Use the command-line interface to copy the .htaccess file.
Sorry for the error.
Q: In the video, the instructor says the current version of Drupal is 6.3, but on the drupal.org site, the latest version is 6.17. Which is the newer version of Drupal?
A: Drupal 6.17 is newer than version 6.3. For some reason, the the version numbers go 6.3, 6.4... 6.9, 6.10... 6.17. It’s counter-intuitive, but that’s the order.
Q: My WAMP phpMyadmin will not allow me to upload the exercise files. It returns this message: "No data was received to import. Either no file name was submitted, or the file size exceeded the maximum size permitted by your PHP configuration. See FAQ 1.16." There was no previous database to drop, so what do I need to do to make this work?
A: This is a common problem, caused not by Drupal, but by WAMP. WAMP only allows you to upload files of 2MB or smaller, which is much too small. The solution is detailed at http://tomgeller.com/cant-import-a-drupal-site-in-windows.
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.

Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ .

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Join now Already a member? Log in

* Estimated file size

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.

Mark all as unwatched Cancel


You have completed Drupal 6 Essential Training.

Return to your organization's learning portal to continue training, or close this page.

Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member ?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferences from the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Learn more, save more. Upgrade today!

Get our Annual Premium Membership at our best savings yet.

Upgrade to our Annual Premium Membership today and get even more value from your lynda.com subscription:

“In a way, I feel like you are rooting for me. Like you are really invested in my experience, and want me to get as much out of these courses as possible this is the best place to start on your journey to learning new material.”— Nadine H.

Thanks for signing up.

We’ll send you a confirmation email shortly.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.