drupal

Fighting spam is an ongoing arms race. There will always be nefarious attempts to post unwanted content onto websites, that's just the nature of the global internet nowadays, but can we keep ahead of it? Some techniques are complex, maybe using AI / natural language processing, but there are also quite simple opportunities to reject spam. 

We had a lot of contact requests come into our site that used the Cyrillic script - which is used for the Russian language. (привет!) Realistically we're very unlikely to treat any request that comes to us in Cyrillic as something worth responding to. We're a UK web agency with most of our clients based in the UK, and whilst we do work with clients outside the UK, and for projects using languages other than English, we can afford to ignore any requests made to us in a language we don't usually read. Given that, we can immediately block a large proportion of the spam requests by simply detecting what alphabet they look to have been written in. Most of this will be Russian, because so much spam comes through Russia.

Drupal makes it easy for us to add an extra validation handler to our contact form with a form alter hook. We could then get on with creating custom logic to check whether submissions contained too much Cyrillic text. We needed to account for a few things:

• How much Cyrillic content is there, in comparison to content from the Latin alphabet (a-z)?

  Although much of the unwanted content was using Cyrillic, we realised content in anything other than the Latin alphabet could probably be rejected in the same way. We're just not likely to do much business with people who can't contact us in English, let alone in an alphabet we can't read.

• How much is too much?

  We will happily accept some amount of Cyrillic text in a contact request - for example, if someone is explaining about spam they are receiving, or asking to add some translations to a site.

• Ignore links and HTML tags, since those are written using a-z characters from the Latin alphabet.

  We've also seen a lot of spam containing links formatted in an unusual format which we could strip: [url=http...]...[/url]

• Ignore whitespace and punctuation, to some extent.

  We're going to end up using some regular expressions from PHP, so we can make use of its support for matching character scripts. For example, /[^\p{Common}\p{Latin}]/u will match any character that is NOT in either of the 'common' (punctuation etc) or Latin sets of characters.

• We decided to ignore the potential for characters which are defined by multiple bytes (like emojis 👀) to interfere with calculating the proportion of non-Latin text. There are rarely that many of them in a message ... and pragmatically, do we really want to be doing business with people communicating using so many emojis?? (This is only for our website's contact form, they can always flood us with emojis later! 😄)

• How can we best guide genuine leads to contact us more appropriately?

  Drupal allows us to set the error message when failing form validation. We would quite like to advise real human beings who want to pay us money for our services, how best to do that!

All these things boiled down to a relatively simple form validation callback, that is just stuffed with a few bits of code that are relatively unusual, such as those regex script classes:

So now users see this error message if they attempt to contact us using too much Cyrillic: 

This stops the unwanted messages coming through, whilst helping real users understand how to contact us more appropriately, should they really need to. Thankfully we now get very little spam coming through our contact page!

Creating Product Bundles in Drupal Commerce

As we start developing mini-products to offer to our clients, we've found we actually need to group multiple products under one purchase.

As the long-standing powerhouse supporting numerous websites, Drupal 7 faces fresh challenges with its end-of-life (EOL). For developers and site owners committed to maintaining their investment, a strategic approach involving collaboration and proactive updates is crucial. Here’s an expanded guide on sustaining your Drupal 7 site effectively post-EOL.

There are several reasons why maintaining Drupal 7 might still be beneficial:

• Stability and Familiarity: For many organizations, Drupal 7 offers a stable and well-understood environment. Teams that have fine-tuned their processes around it may prefer to stick with what works.
• Resource Constraints: Transitioning to Drupal 10 or an alternative can require significant resources—including time, budget, and technical adjustments—that some organizations may not have readily available.

1. Security Vulnerabilities: With the cessation of official updates, potential security loopholes pose a higher risk. Proactively monitoring and patching these vulnerabilities becomes critical.
2. Module Compatibility: As web standards and technologies evolve, some Drupal 7 modules might fall out of sync with modern requirements, leading to functionality issues.
3. Reduced Community Support: With the community shifting focus to newer versions, accessing help and resources could become more difficult.

1. Engage with Community Initiatives:
   1. Find Dedicated Groups: Engage with forums and groups committed to Drupal 7 maintenance. Collaborating with like-minded individuals can provide new solutions and resources.
   2. Join Working Groups: Participate in specialized working groups focused on Drupal 7. Contribute your insights and leverage shared knowledge to solve common challenges.
2. Contribute to Module Maintenance:
   1. Adopt Key Modules: Identify key modules vital to your site’s operation and dedicate resources to their maintenance. Consider becoming a co-maintainer or collaborating with other developers.
   2. Develop Custom Patches: For modules with limited external support, develop and share custom patches that address critical issues or improve functionality.
3. Share Updates and Insights:
   1. Create Knowledge Networks: Build a network of professionals managing Drupal 7 sites. Regularly share updates, best practices, and insights on overcoming challenges.
   2. Host Webinars and Workshops: Organize webinars and workshops to disseminate knowledge and foster collaboration. These platforms can serve as valuable venues for sharing discoveries and learning from peers.

1. Monitor Emerging Trends:
   1. Stay informed about industry trends and find ways to integrate relevant advancements into your Drupal 7 environment. This proactive stance helps keep your site competitive and functional.
2. Upgrade Wisely:
   1. Plan gradual enhancements to the core and modules, ensuring they're aligned with evolving standards. This step-by-step approach can prevent sudden disruptions and maintain site reliability.
3. Evaluate Alternatives:
   1. Regularly assess other platforms and updates. Even if sticking with Drupal 7 for now, knowing your options keeps you prepared for future transitions when resources permit.

Sustaining Drupal 7 post-EOL requires a strategic blend of collaboration, innovation, and vigilance. By actively engaging with the community, committing to module maintenance, and adapting to ecosystem changes, you can extend the life of your Drupal 7 site while planning for the future. This commitment to proactive management ensures your site remains secure, efficient, and ready to meet current demands.

Add new comment

Ask Freelock: ECA vs Rules

Yesterday a client asked us to install Rules module (again, repeating an earlier request, when he had missed my answer that we had installed ECA instead).

Starting January 2025, the Drupal Security team will no longer review reported issues or release security updates for Drupal 7 core or contrib modules. To address this, the Drupal Association has authorized Tag1 to be a D7 Extended Support Partner, ensuring your D7 sites stay protected with Tag1's Drupal 7 Extended Support (D7ES). We will continue to monitor for security vulnerabilities and provide updates and support to ensure your site remains safe and secure beyond January 2025.

MidCamp 2025: Shape the Future of Drupal with Your Ideas!

The countdown is on: there are only two days left to submit your session proposal for MidCamp 2025! This premier event for the Drupal community will take place in Chicago from March 20-23, 2025, bringing together enthusiasts, developers, and innovators for a celebration of knowledge-sharing and collaboration.

Since its inception in 2014, MidCamp has hosted over 300 incredible sessions, and this year promises to continue the tradition of excellence. With a lineup that includes Drupal Founder Dries Buytaert as a guest speaker, organizers are eager to round out the schedule with diverse and engaging presentations from the community.

Final Call for Submissions

The deadline to submit session proposals is Sunday, January 12, 2025. Whether you're a seasoned expert or a newcomer with fresh ideas, there's a place for your voice at MidCamp. Tracks include topics for all skill levels, ranging from beginner-friendly workshops to advanced technical deep dives.

For inspiration, potential speakers can explore past sessions or visit the session tracks page to align their ideas with event themes.

Key Dates to Remember:

• Proposal Deadline: January 12, 2025

Submit your session now!

• Speakers Notified: Week of February 17, 2025
• Speaker Workshop: March 2025 (Date TBD)
  This workshop will focus on preparing your session for presentation. It will be primarily for MidCamp presenters, but we will also welcome folks who would like assistance with their DrupalCon presentations.
• MidCamp Sessions: May 20-21, 2025
  Sessions will be presented Tuesday, May 20, 2025, or Wednesday, May 21, 2025.

The workshop will focus on preparing speakers for their presentations and will also welcome individuals preparing for DrupalCon.

Sponsorship Opportunities

MidCamp wouldn’t be possible without the generous support of sponsors. Sponsoring MidCamp 2025 is a great way to showcase your organization to a highly engaged and technical audience. Sponsorship packages are designed to fit a variety of budgets and goals, with opportunities starting at just $600. Whether you’re looking to recruit new talent, promote your brand, or simply support the community, there’s a package for you. The earlier you sign up, the greater the exposure your organization will receive.

Learn more about sponsorship opportunities

Stay Connected

Stay in the loop with all things MidCamp by joining the community on Slack, following us on social media, and subscribing to our newsletter:

• Slack: Join the conversation and connect with fellow attendees on the MidCamp Slack.
• Social Media: Follow us on Twitter, Bluesky, Mastodon, and LinkedIn.
• Newsletter: Subscribe to our email updates to get the latest news on sessions, venues, and more.

With only days remaining, don’t miss the chance to share your expertise and join an exceptional lineup of speakers at MidCamp 2025. Submit your session today at midcamp.org/2025/submit-session.

Drupal is a powerful tool that gives you many possibilities to create robust web applications. One of the popular modules for this system is Webform, which allows you to work with advanced online forms. In this blog post, I'll show you how to build a multi-step form in just a few easy steps - perfect for registering for events or collecting other submissions. I invite you to read the article or watch the episode of the "Nowoczesny Drupal" series.

Drupal core version 7 has reached end of life, and is no longer community supported on Drupal.org. This means that new releases of Drupal 7 core and contributed projects will no longer happen on Drupal.org and community support is no longer provided.

What this means for you:

1. Any vulnerabilities that impact Drupal 7 may be released and made public without Security Advisories or warnings. Please continue to follow the process outlined in: Report a security issue
2. Drupal 7 will no longer be supported. There will be no more core commits on Drupal 7.x to the official repository. The community will no longer be creating new Drupal 7 releases, fixing bugs in existing projects, writing documentation, etc. around Drupal 7.
3. The Drupal Security Team will no longer provide support or Security Advisories for Drupal 7 and Drupal-7-compatible contributed projects.
4. All Drupal 7 releases on project pages will be flagged as not supported.
   At some point in the future, update status and packages.drupal.org/7 will stop working for Drupal 7 sites.

Solution:
You can learn about upgrading Drupal and migrations or read about other options.