Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member
Spam and site vandalism are a problem for anyone who runs a publicly accessible website. There are a several Drupal Modules that give you ways of combating such problems. We are going to examine one of the more popular, the CAPTCHA module. A CAPTCHA forces posters to prove they are human and not an automated posting box by challenging them with human readable questions. This module as with all modules will change as new versions are released. As a result the interface and features you see here might not match what is on your computer. We have already downloaded and installed this module. If you need help doing so, see the video in this series entitled 'Unpacking and Installing Modules'.
By the way CAPTCHA is a sloppy acronym for Completely Automated Public Touring Test to Tell Computers and Humans Apart and it is spelled CAPTCHA. The first we are going to do is go to Administer and Modules. To turn on CAPTCHA we will click to close the CCK and all of the other groups up here, so that we can get to the bottom of the page quickly and there is our CAPTCHA module. You need to enable the main CAPTCHA modules and then these other ones extended.
I am going to click on both of them. You can also download additional Extenders from the drupal.org website. Once we are done we click on Save Configuration. From here we would administer CAPTCHA, by going to Administer and by doing Command+F or Ctrl+F on PC and to find it easily I will search for 'capt' and there we are CAPTCHA and click on that. We will get back to the General settings in a little while but first we are going to tackle Image CAPTCHA, by clicking on Image CAPTCHA at the top of the screen. You will note this warning at the top, which tell us that a CAPTCHA module works best for the TrueType font file installed. You can get this on your computer. On the Mac that is in Library, Fonts from the top level and on Windows it is in Control Panel and then the Fonts folder.
We have already taken one and put it on our desktop. I am going to go to that, by going to the Finder and hiding everything else and there is our Font file. You put this inside the Captcha folder, which you have installed in to Modules and then inside image_captcha and fonts. So we will just drag that in and then go back to our Administrative interface. Now when we refresh the page you will see that this bitmap will change into something a little bit prettier using a font that we just installed which incidentally was Georgia.
The reason that it is done this way is that the makers of the CAPTCHA module are not permitted to distribute the fonts. You can use the ones that are installed on your computer and it is possible to download free TrueType fonts from throughout the internet, but they cannot distribute them so you need to make this small adjustment. We are going to reload this page. So we have taken care of the font issue. Now let us go through some of the options you have. You can choose what characters are in the code. If for example, you decide you do not want to use any capital letters, you can just knock those out of here. You will notice that some of the letters are missing that is because a capital I looks very much like a lower case l. I prefer to leave the settings in here and they are given.
You can choose how long you want to the code to be. If you want to make it easier for humans then you would make it two or three or four characters, if you want to make it harder obviously more characters. Of course the harder you make it for people, the harder it is also for spammers to use robots to read your CAPTCHA. Scrolling down further we've installed another font, so we are going to select it from Font. And Character Spacing we will leave on normal. You can play around with this once you are down, to see which works best for you. Color settings and Text color, we will leave all of this alone although again, what you will want to do is play with it to see which one works best for you to give you the best balance between difficulty and ease for a person to read.
Finally you can define several types of Distortion that will affect that CAPTCHA. I am going to leave it as it is, it is default just so that we can see what that looks like and then adjust from there. Click on Save Configuration. Now we see an example CAPTCHA. I will not say that is pretty good. For example I can read that, it is + ! t # F. Let us change a few of these settings just to see how it affects things. We will make the Code a little longer. We will make the Font size larger, Character spacing smaller. So we will have larger and more letters, but crushed together. This is going to make it harder for the CAPTCHA to be read by a computer, but also harder for people. Continuing on, we will leave the Background color and font color the same although of course if make them very similar that is going to lower the contrast between the two.
You can also change the amount that the text varies from letter to letter. You might have noticed up above that the letters do vary in color. This one is sort of a green brown and this one is sort of a purplish. You can change the amount of that variation. Finally Distortion, this one is really fun. Let us turn on Double vision just to see what it looks like and Smooth distortion. Leave the Noise level at normal and Save Configuration. There that is an example of slightly more difficult CAPTCHA, but I can still read it and I think this is a pretty good setting. So we are going to go back to Administer now and scroll down to CAPTCHA and let us take a look at the Text CAPTCHA by clicking on Text CAPTCHA at the top. Text CAPTCHA actually has far fewer options. It can generate nonsense words or you can define a list of words and again you can select how long the CAPTCHA should be.
I am just going to leave it in its default configuration, but you do not know what these are going to look like. Do you? At least in the Image CAPTCHA you saw an example. Well do not worry about it because back at the main CAPTCHA page we have an option of seeing examples. Let us click on that now. The main part of CAPTCHA includes a math option, which will ask you a question as you can see up here. Let us see some more examples of this challenge. And you can see there are simple math problems that most people would be able to do. Going back to Examples, we see another example of the Image CAPTCHA. If we want to make sure that they generally are readable and want to have a large enough sample size to tell that, we will click on 10 more examples of this challenge and there we have. That is what it would like. Of course each one will be different when the user sees it.
Going back to our Examples, let us take a look at some of the Text CAPTCHA challenges. These are all what is the nth word in a certain phrase and then you would type in whatever the nonsense word is. The problem with Text CAPTCHA of this sort of course is it may be difficult for people who do not read English because they would not be able to read this what is the third word in the phrase section of the sentence. So now you know about a few of the basic CAPTCHA options, but how does this get applied in your site. To find out go to General settings and you scroll down you have an option to put different types of CAPTCHA in different parts of your site. For example if you want to make sure everybody entering a comment is really a human you might say, oh! I think I want a difficult Image CAPTCHA. Let us say for contact_mail you do not expect vandals to really hit that page as much. Let us try an easier Math ( captcha) and so on. And then of course you would save the options at the bottom.
One option that you can add is to Add CAPTCHA administration links to forms. That lets anybody who has the permission that lets them administer CAPTCHA, change what is being shown in a certain area. That is good if you set these settings down here and then really want to see what they look like on the site and change them on the fly. Down towards the bottom you can change the description of a CAPTCHA by changing the text in here. That is good if for example, you think your users already what a CAPTCHA is and you do not feel this is needed or alternatively if you think they need more explanation or if they are using a different language.
Finally you can force a CAPTCHA every time the person visits the page or only at certain times. You can set it so somebody only have to answer the CAPTCHA challenge once and from then on they will also be able to enter comments and mail and so forth. And finally you can add Log entries whenever somebody has a wrong response. We will click on Save and we are done. We have set up our CAPTCHA. Now before this becomes useful to users in general we have to go back to Administer and as usual go down to Permissions. On the Permission page you will scroll down to the Captcha module and see that you have two settings. We already discussed administer CAPTCHA settings a little bit.
The other one is skip CAPTCHA. Let us say that you have a special level where somebody has already proven themselves how good user they are and you trust that they are not going to abuse your site. You could for example, give them permission to skip the CAPTCHA. I think we are just going to leave this the way it is for now though we will go down to the bottom and click Save permissions. Now let us see how this looks to an ordinary user by switching to our old friend fishyjoe. You might remember that fishyjoe has a penchant for adding abusive comments. Let us see if he can do so now. Click on seeking equity partner. Oh! I think this is stupid, I add a new comment and I say, oh! That is -- now he has to enter the CAPTCHA. If fishyjoe is actually a person he will still be able to get pass this. He will enter his subject. Let us say, "That's stupid! I do not like this subject at all" and enters the CAPTCHA and let us just say that he enters it incorrectly.
Click on Preview and he gets a warning. The answer you entered for the CAPTCHA was not correct. But generally speaking of course users will be able to read this. So this is not good for stopping abusive users. It is however good for stopping abusive robots who will not be able to this as easily. Well just leave this comment behind and go back home. Finally I should mention MOLAM. MOLAM is a system that takes submissions to your site passes them through an external server which then checks it against an algorithm to make sure that it is not spam. It is some what more effective then an anti-spam system on your own computer because it is aggregating information from many spammers on many different sites putting that all together and learning exactly what sort of spam hits Drupal sites. It is incidentally a company that was founded by the fonder of Drupal itself, Dries Buytaert.
CAPTCHA like other schemes to beat online vandalism is only a partial solution. Computers might be able to figure out your CAPTCHA especially if you have configured the module lightly for better human comprehension. So it is not a perfect system, but it will still catch a lot of troublemakers and help keep your site clean.
Get unlimited access to all courses for just $25/month.Become a member
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.
Your file was successfully uploaded.