Human Presence protects Drupal forms after Mollom

On April 2, 2018, Acquia retired Mollom, a spam fighting tool built by Drupal founder Dries Buytaert. As Dries tells the story, Mollom was both a technical and financial success but was ultimately shut down to enable Acquia to deploy its resources more strategically. At its peak, Mollom served over 60,000 websites, including many of ours!

Many sites are looking for alternatives now that Mollom is shut down. One such service Commerce Guys integrated earlier this year in anticipation of Mollom's closing is Human Presence, a fraud prevention and form protection service that uses multiple overlapping strategies to fight form spam. In the context of Drupal, this includes protecting user registration and login forms, content creation forms, contact forms, and more.

Similar to Mollom, Human Presence evaluates various parameters of a visitor's session to decide if the visitor is a human or a bot. When a protected form is submitted, the Drupal module requests a "human presence" confidence rating from the API (hence the name), and if the response does not meet a configurable confidence threshold, it will block form submission or let you configure additional validation steps if you choose. For example, out of the box, the module integrates the CAPTCHA module to rebuild the submitted form with a CAPTCHA that must be completed before the form will submit.

We believe Human Presence is a great tool to integrate on its own or in conjunction with other standalone modules like Honeypot. Furthermore, they're joining other companies like Authorize.Net, Avalara, and PayPal as Drupal Commerce Technology Partners. Their integration includes support for protecting shopping cart and checkout forms, and we are looking for other ways they can help us combat payment fraud in addition to spam.

Learn more about Human Presence or reach the company's support engineer through their project page on drupal.org.

President / CEO
Posted May 15, 2018

Comments

Submitted by vensires (not verified) on

Good catch Ryan! Congratulations for catching the opportunity of trying to fill the gap Mollom created.

I wasn't a heavy user of Mollom but I can still find two things that are negative in Human Presence, though, as a replacement for Mollom.

The first one is that Mollom was given for free, whereas Human Presence is a payed alternative. I very well know that for something to stay properly supported, sometimes it has to be payed, but it still is a con if compared with Mollom which had a free version.

The second is that Human Presence isn't - in my opinion - so advertised in the Drupal community. If someone read the Drupal Planet posts of months ago, he would find Antibot as a suggested alternative or at least the most common Honeypot, Captcha, reCaptcha and others. What I really liked about Antibot was that After the page is loaded, Antibot, using JavaScript, waits for a mouse to move or an enter or tab key to be pressed before the action of the form is switched back to the path that it was originally set to be. This indicates that the person behind the controls is a human and not a robot. If we have this functionality locally, what would we gain by going to Human Presence?

Submitted by Ryan on

Sounds like it's doing similar things, though bots could still spoof it if they were written to trigger those behaviors. I think the primary advantage of a third party service here, whether it's Human Presence, reCAPTCHA, (Mollom), etc., is the use of a central database to compare IP addresses and behavioral patterns against known bad actors. It's basically an additional layer of protection that improves over time.

Submitted by JvE (not verified) on

I suppose that depending on the level of anonymization applied by Human Presence you will have to provide either an opt-in or an opt-out option to visitors from the EU.
Or at the very least notify visitors that their behaviour is being monitored by a third party so they can make an informed decision on whether to continue using the site or not.

Submitted by John (not verified) on

Absolutely @JvE! Human Presence does provide opt-out links for any consumer of the service (ie the end user visiting the website where HP may be used) in their terms of service. Additionally, though the behavior monitoring collects mainly anonymized timing and movement data, cookies will need to be created to establish user sessions to analyze, track and map the data to and as such it is also recommended that the site owner provide their end users with sufficient notification of cookie usage and the opt-outs available to them on their site.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd> <p> <br>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.