What's wrong with Mollom?

So Mollom absolutely stinks, as far as I'm concerned.

I just posted this comment on a site that is not mine, but is a Drupal site running Mollom: http://www.istos.it/blog/drupal-training/open-sourcing-drupal-training:

The Examples for Developers project is an open-source training initiative. I'm trying to get it used for developer training and to have books on Drupal development use it for examples instead of rolling their own (which invariably get out-of-date and can't be maintained.)

I encourage you in this (vast) initiative.

And what did I get?

Your submission has triggered the spam filter and will not be accepted.

That's about the fourth time I've taken the time to write a comment on a Drupal Mollom-enabled site, and gotten that kind of a response. How many comments are being rejected inappropriately on sites that use Mollom? Who will ever know?

At the same time, the only site that I have Mollom on, http://hobobiker.com, gets has spam comments approved daily. In fact, it never gets anything but spam comments, and Mollom seems OK with that.

What's up with Mollom? This is not good.

33 Comments

Thanks Randy

Hi, this is not the first time it has happened I am afraid :-( Falling back to jsut captcha for now - but you are right there is an issue to be dealt there with Mollom

Hi Randy, Check out this post

Hi Randy,

Check out this post by Chris Shattuck on how to solve basically the same issue: http://chrisshattuck.com/blog/how-increase-interaction-your-blog-right-c...

The premise is using something like Spamicide (http://drupal.org/project/spamicide) or Hidden CAPTCHA (http://drupal.org/project/hidden_captcha) to create a field on the form that users won't see but bots will fill out. If that field is filled out then the form is rejected. It also recommends flood control (don't let the form be submitted before a 10-second delay, since most people couldn't fill out a form that quickly after the page loading) and the Spam module (http://drupal.org/project/spam).

I don't personally use Mollom but I have not been happy on other sites with the number of times my posts get flagged as spam when they are not.

Do you have a Mollom session

Do you have a Mollom session ID that you could share? It should be in the watchdog. Given the session ID we can look into it, and correct the problem.

Can we help?

As Dries said, with some information (mainly Mollom-specific session ids on comments that were incorrectly classified) we can see what's gone wrong here. Be very certain that we want to fix this, make you a happy customer, and are willing to help you determine the cause of (what we hope) is only a momentary frustration with Mollom.

If you would prefer not to post any site specific information here, please open a trouble ticket at mollom.com/contact and reference this post, and we'll respond right away.

Keith Smith
Mollom Support

I'd be happy to give the session... if it were my website

Thanks, Keith:

I'm mostly speaking as a web user (who happens to know where the "flagged as spam" message comes from)

The worst and most annoying thing that's happened to me is my own submission being flagged as spam. In that case there is no recourse at all. And of course, it's somebody else's site. I don't have access to the system logs. And of course I can't post a comment asking for the site owner to do so. And I don't have a session ID for you. We might (in this case) be able to get Ronald at www.istos.it to find the session id.

I'd love to see Mollom handle this more gracefully, perhaps even offering a "report this as mistaken spam" to the posting user.

As things stand, there's a unilateral "this is spam", which is (obviously sometimes) wrong, and then nothing you can do about .

Ah!

I see. In that case, I'll email the administrator of the site, refer him to this thread and see if he can give us any session ids.

Thanks for the response!

Actually, I misunderstood you

Actually, I misunderstood you -- your issue was that this happened to you on another site, where you don't have access to the logs. My bad -- I was reading quickly and didn't catch your meaning.

I did open a trouble ticket

I did open a trouble ticket on mollom.com/contact, been 3 days and still hasn't been assigned to anyone "Awaiting assignment to a help desk operator"...

Since this issue has been dragged-on for more than 2 years I don't think there is a solution yet, so I am giving up on it and moving on with other options.

For myself, I take two

For myself, I take two general approaches to fighting spam depending on the cirsumstances:

  1. Small sites that will never be 'directly' targeted by spam-bots: Since spam-bots nearly never run JS, I've been using a little JS script to fill in a hidden form element with a predefined value. The other time-out and required-not-to-be-filled-out-field are tricks along similar lines. The good thing about these is that they are transparent to the users. The problem with these of course is that they can be easily defeated if your site is directly targeted.

  2. Sites that are big enough to be directly targeted: reCAPTCHA - its awsome.

I have yet to try mollom, but as an end user it has been a little frusterating. I was unable to comment on a blog post. I though
"no biggie, i'll just send them a message saying that mollom is broken". I go to the 'contact us' page, but of course, mollom doesn't let me submit the 'contact us' form. :-(.

Here's an idea for Dries: When your post gets rejected, provide a little link that says "Really, i'm not spam, honest!" that takes you to a form on mollom.com to report the issue (validate this form with recaptcha?) This way mollom can investigate false-positives reported directly from end-users.

Bad connection

Currently in the countryside with terrible connectivity so will get extra info if required on Monday to share with the Mollom guys - to be fair while there are issues and others have complained others have also gone trough and it is definitely blocking real spam as well.

Thanks!

Thanks, Ronald.

Of course it's easy to make a service that successfully blocks all spam. You just completely block all comments. What Mollom hopes to be is a service that blocks most spam and does NOT block real comments.

Pretty good

My current customer opened up anonymous comments a few months ago. Of course I recommended against it, but they did it any way.

Mollom is catching nearly all spam. The biggest question I have is what is "Not sure."

Links in a post are almost certain to get questioned, and rightly so. Since your post had a link, it questioned you. I think that was an appropriate action and had it happened to me, I wouldn't have gotten upset.

My link was not "questioned"

The link in my post was not "questioned". I didn't get a validation challenge. I got Your submission has triggered the spam filter and will not be accepted. No opportunity of appeal (and it made the wrong call).

Funny, I've had nothing but good results with Mollom...

I have it on a few moderately busy sites - e.g. one site had a topic from a couple of months ago that generated about 1500 comments. Prior to Mollom this site was getting constant spam posts - and now it gets none.

Cheers

Robert

Great results

That's great results of course. I don't know why my one site with Mollom still gets spam posts.

But the real issue is the first one: How many comments do you think were rejected as false positives on that topic? And what did the users do about it? What good opinions did you miss? What users did you annoy?

Good point - in the instance

Good point - in the instance I quoted the site is a blog by a fairly famous person in their field (who has many points of contact) and he has never been contacted by any disgruntled user who could not post a comment due to blocking by Mollom. By contrast, he has often been contacted through other modes by people who couldn't do other things on the site (usually not understanding how to upload images or set avatars etc.)

While monitoring ratios of spam to ham might help, I guess that ultimately there is no way to know what you don't know (you know?) - or if there is I'd be grateful to learn...

Cheers

Robert

I finally had to turn off

I finally had to turn off anonymous comments due to the over whelming number of spam posts. It seems like if Mollom gets the right input from it's validation field, it will let anything get posted. Is that what is supposed to happen? I actually had someone write me tell me they noticed my blogs were getting a lot of spam comments.

Sensitivity vs Specificity

Every detection system has to balance sensitivity vs specificity. Greater sensitivity increases false positives. Greater specificity increases false negatives. You cannot have 100% sensitivity AND 100% specificity. (It's like the uncertainty principle with regard to location vs velocity.)

To improve performance, you have to monitor both false positives and false negatives and take corrective actions. I think Randy Fay was making the case that Mollom only provides tools for monitoring false negatives and let's hapless users struggle with reporting false positives, if they are so inclined. Many are not inclined.

I've had problems with Mollom

I've had problems with Mollom too - posting on Acquia, my legitimate comment was blocked, while spam (displayed on the page I was posting) got through.

I don't like Mollom either

I've got that message too often as well :

Your submission has triggered the spam filter and will not be accepted.

So now when I know a website is running Mollom, I do not try to post any comment. In other words, Mollom means to me, you are not welcome to post comments.

Hit again by Mollom

Well, I was hit again by a site running Mollom.

Lost 15 minutes creating a nice commment and it was rejected automatically by the now famous: “Your submission has triggered the spam filter and will not be accepted.”

All sites running Mollom should tell so, so that I would not loose time creating comments.

Mollom suggestions

(I meant to find/create and link these ideas to issues in the Mollom queue, but this comment has been sitting here literally for weeks so...

  • Let site owners review submissions that fall into a broad, and ideally admin-definable, grey area.
  • I may be wrong, but I think the less than pleasant or useful submission rejected message only shows up when the Mollom service is unavailable? It would be great if Mollom allowed itself to fall back on some other captcha

Same issue here

I have the same issue with my site. Had several complaints from users who tried to post comments and got the same message: "Your submission has triggered the spam filter and will not be accepted."
I tried several times and finally got it as well. Along with that message I noticed another one: "The comment you are replying does not exist" which is not true of course but am not sure if that is related to Mollom or not.

For my site, it is happening sometimes, not every time. Will do some more research and let you know if I find a solution.
Meanwhile I will send my session ID to Dries as he had requested, since this is an old post I am surprised that the issue still exists...

Problem with any captcha: pages are not cached

Problem with any captcha: pages are not cached

Hello,

The main problem with ANY captcha from CAPTCHA module is that pages with a captcha are not CACHED, as incredible as it seems, it has been confirmed by the captcha coder.

And Mollom module doesn't work wwell if you really check...

So what to do ?

Thanks for help !

Real Mollom problem is with contact forms

Mollom had always worked well for me on comments. You log out put something hinky in the comment and it asks you to fill out a captcha form. I suspect some people ask it to block all comments when their servers are over-loaded --maybe a bad idea.

The main problem from my point of view is that it doesn't seem to block anything submitted through my contact forms. I thought it was supposed to work wit Contact Form 7?

Reply from Support

My comments were working fine and suddenly almost all entries got rejected. I contacted support, sent them all the logs requested (they were very slow to respond) and eventually they said the people who are posting are tagged as spammers.

I can't believe such a lame response would be provided by any respectable developer!!
How can they say that almost all of my visitors are spammers, including myself, specially that it started happening all of a sudden.

I'm back to using CAPTCHA....:(