Contrib.social

Add a Simple Spambot control in Core

Open on Drupal.org β†’
Created on 30 January 2013, over 12 years ago
Updated 30 July 2023, almost 2 years ago

As the number of Drupal sites increases, the number of bots out there will target Drupal sites. There are many ways in contrib to minimize this. However, many of them have their downsides as well.

  • Add captchas and they disable your sites caching and your real users will hate you for making them fill out captchas every time
  • Add a hidden form validation fields and bots will ignore it.
  • Add a third party service to validate submissions and it will punish real users as these services tend to err on the side of spam.
  • Block their IPs and they will just use a proxy
  • Add time-based form submission control and this too will disable caching.

The list goes on...

What I am proposing is:

1. A simple setting in core where a site builder can define a new path for admin/* user/* and node/add/* and comment/reply/*. e.g. My new admin path is for managing users is now backend/people
2. Ensure redirects are not added from admin/* user/* and node/add/*. Kind of makes this approach pointless as were just sending them to the new alias.
3. A consistent solution in core that contrib modules need to use to define whatever pages they wish to add.

A proof of concept can be found in the contrib module Rename Admin Paths

This small module just implements hook_outbound_alter and hook_inbound_alter to rename paths.

Why does this need to be in core?

  1. I believe this is a simple solution that could easily minimize the amount of spam for many Drupal sites.
  2. The problem is with it being in contrib is that other contrib modules may not support the renaming of the paths. If a solution like this were in core then it would "guarantee" that every contrib module would support it.

Essentially, every drupal site out there would have different admin paths making drupal less of a target for bot writers. Why write a bot that can only hit a site or two?

✨ Feature request
Status

Postponed: needs info

Version

9.5

Component
OtherΒ  β†’

Last updated about 12 hours ago

Created by

πŸ‡¬πŸ‡§United Kingdom nigelw

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment almost 2 years ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Wonder if this is still a desired for D10?

  • Comment almost 2 years ago β†’
    πŸ‡¬πŸ‡§United Kingdom longwave UK

    The problem described in #2 should be solved in most cases if the routing system is used to generate URLs. In D7 we had to manually generate URLs by concatenating strings, but now we can specify a route name and arguments and the correct URL will be generated even if it is different to the default.

    Rename Admin Paths in contrib is available and widely used for those that do need this feature, but I'm not sure there is a good argument for merging it into core as it's not needed or wanted by many sites.

  • Status changed to Closed: works as designed 15 days ago
  • Comment 15 days ago β†’
    πŸ‡³πŸ‡ΏNew Zealand quietone

    Nearly two more years and no confirmation that there is interest in this. Therefore, closing this.

    If there is interest in this re-open the issue and add a comment. Or open a new issue and reference this one.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024