Almost every developer portal has API documentation, but many portals go a step further to build a community around their APIs by making the communication two way. This is done by allowing developers to use contact forms, post comments or create forum posts.

As any site administrator can attest, a problem with allowing your users to communicate is that you end up dealing with spam. If left unchecked, a site can be deemed worthless by your real customers and damage your brand.

Here are some ways you can reduce or prevent all spam from your developer portal:

Disable the ability for users to create content

If your users cannot create content, then you can remove spam from your site. This is the only way to guarantee you will not get any spam, and will reduce the time needed to maintain your site. However, it will also remove the ability for your developers to help you find out what documentation does not make sense, or get help from you or other developers through forums.

If you let users register on your site, you can still get fake accounts added to your system.

Moderate new user accounts

You can set user registration on your site to one of these three options, which is configurable under Configuration > People with the “Who can register accounts?” section:

1. Administrators only: There isn’t an option for anyone to register, the only way to add new users is by an administrator going under People on the admin bar and clicking the New user button.
2. Visitors: Anyone can register for an account and will be able to login immediately.
3. Visitors, but administrator approval is required: This option allows anyone to register, but the account will be blocked until an administrator goes to People on the admin bar, clicks edit on the account, and then changes the user’s status from blocked to active. When the account is switched to active, the user will be sent an email letting them know the account is unblocked.

Option #3 is good for preventing spam, but will take a lot of work. You will need someone that can constantly be reviewing each account. Also, if you are collecting a name and email address, how easily can you confirm that the account is valid?

Add CAPTCHA to your site

Easy to implement, but will annoy users especially if they have to keep filling out reCAPTCHA every time they log in. A downside is this will not stop real users from creating spam.

The easiest and most effective way to do this is to enable the reCAPTCHA module. You will then be able to use the preferences to add reCAPTCHA to any web form.

Moderate comments and forum posts

You can moderate all comments before they are published to the site by changing permissions. Go to People > Permissions, and under Comment is the Skip comment approval. Make sure that only the administrator role can skip approval. You can approve comments under Content > Comments.

Forum posts are actually nodes, so you will need to make sure those nodes are unpublished by default:

1. Go to Content Types > Forum Topic in the admin bar
2. Under publishing options, uncheck Published

You will then need to edit that node and go under Publishing options and click the checkbox next to Published.

Or, you can allow the content to be published, but send an email to administrators or a moderator role to make sure it is not spam. To create a rule to trigger when a new content is created so that an administrator knows to approve it:

1. Go to Modules in the admin bar, enable Rules and Rules UI modules
2. Go to Configuration > Workflow > Rules in the admin bar
3. Click Add a new rule
4. Enter Email Admin new forum topic for the Name field
5. Select After saving new content for the React on event field
6. Select Forum topic for Restrict for type field
7. Click Save
8. Under Actions click on Add action
9. Select Send email to all users of a role under System for the action to add
10. For subject field, enter New forum post on [site:url]
11. For message field, enter The form topic [node:title] has been added to the site: [node:edit-url]
12. Click save

Use a content moderation service

Content moderation services such as Mollom work by analysing content sent to your site for spam, and will automatically flag them for spam for you. See how Mollom works for more info.

In order to use Mollom, you will need to:

1. Download the Mollom Drupal module and add it to your site
2. Create an account on Mollom.com
3. Activate your website on Mollom.com

Summary

Protecting your site isn't something you can "set and forget" due to the ongoing arms race between spammers and site administrators. The ideas above have worked well for many of our customers, but there are plenty of other Drupal modules to help prevent Spam.

Have you found any other ways to reduce spam in your Dev Portal? Post a comment and let us know!