Site has moved

This site has moved to a new location. Visit the new site at

Recent Blog Posts

Blocking spammers with SFS

By Ronald van Belzen | May 13, 2018

Let's focus our attention on nodes. Core functionality does not save the IP address of the user together with the node when it is created, so we need to introduce that to our module. The most straightforward approach would be to save the IP address in our own database table. For that I need to introduce a database table (sfs_hostname) by defining a new entity called SfsHostname.

/* /src/Entity/SfsHostname.php */

namespace Drupal\sfs\Entity;

use Drupal\Core\Entity\ContentEntityBase;
use Drupal\Core\Entity\ContentEntityInterface;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\Field\BaseFieldDefinition;

 * Defines the sfs hostname entity.
 * @ContentEntityType(
 *   id = "sfs_hostname",
 *   label = @Translation("SFS Hostname"),
 *   base_table = "sfs_hostname",
 *   entity_keys = {
 *     "id" = "id",
 *     "uuid" = "uuid",
 *     "label" = "hostname",
 *   },
 *   handlers = {
 *     "storage_schema" = "Drupal\sfs\SfsHostnameStorageSchema",
 *   },
 *   admin_permission = "administer sfs",
 * )
class SfsHostname extends ContentEntityBase implements ContentEntityInterface {

   * @param \Drupal\Core\Entity\EntityTypeInterface $entity_type
   * @return array|\Drupal\Core\Field\FieldDefinitionInterface[]|mixed
  public static function baseFieldDefinitions(EntityTypeInterface $entity_type) {

    $fields['id'] = BaseFieldDefinition::create('integer')

    $fields['uuid'] = BaseFieldDefinition::create('uuid')

    $fields['hostname'] = BaseFieldDefinition::create('string')
      ->setLabel(t('Host name'));
    $fields['uid'] = BaseFieldDefinition::create('integer')
    ->setLabel(t('User ID')); //index

    $fields['entity_id'] = BaseFieldDefinition::create('integer')
    ->setLabel(t('Entity ID'));

    $fields['entity_type'] = BaseFieldDefinition::create('string')
    ->setLabel(t('Entity type'));

    $fields['created'] = BaseFieldDefinition::create('created')
    ->setLabel(t('Creation date'));

    return $fields;

Just in case in the future we might be interested in saving IP addresses for other entity types than nodes, I included the field "entity_type" to make that possible. I also included indexes to speed up the lookup of IP addresses. These are defined in the storage handler SfsHostnameStorageSchema to wich is reffered in the annotation of SfsHostname.

Writing the client for the Stop Forum Spam API

By Ronald van Belzen | May 10, 2018

Reading the description of the Stop Forum Spam api usage made me decide to use what is called "Multiple queries", which means checking the existence of a username, e-mail address and the IP address of a potential spammer in their database in a single call.

The number of response formats is large enough when it contains json. So I will use json and since I will use https over http when there is a choice, I picked https.

In the response I will concentrate on the "success", "appears" and "frequency" values and ignore the "confidence" score for now. It seems to me that just as many low as high confidence spammer are knocking at my door lately. So, it needs some more investigating before I can use that value in discriminating spammers from IP addresses formerly owned by spammers

The Client itself will be implemented as a service, allowing me to let Drupal do the heavy lifting with dependency injections. I will also add the modules very own cache bin with the name "sfs", because I plan to cache the api calls to For this purpose I added the configuration parameter "sfs_cache_duration" to the module to allow administrators to set the cache time to their needs.

    class: Drupal\sfs\SfsRequest
    arguments: ['@config.factory', '@current_user', '@logger.factory', '@http_client', '@database', '@cache.sfs']
    class: Drupal\Core\Cache\CacheBackendInterface
      - { name: cache.bin }
    factory: cache_factory:get
    arguments: [sfs]

The heart of the service will be the isSpammer() method that will the determination whether a user is a spammer or not.

Making a contributing module for fighting spam

By Ronald van Belzen | May 9, 2018

Making a new module starts with an idea for the module. In this case it was trying to make a module that can replace Mollow to some extend (see previous blog post).

Finding a name for your module can be a challenge, but whatever name you pick, be sure that the machine name of your module is available. Try whether the project exist by visiting{my_module_name}. A page not found (404) response is a good enough indicator to confirm that your module name is still available.

Next step is to read the documentation. The best starting point seems to be Contribute to development. To gather all the information you need to follow half a dozen links, but as far as I can tell all the information is there.

I had a look at the Mods & Plugins that make use of the service provided by Stop Forum Spam, and the concensus seems to be to name the mod after the service it makes use of. So I went for the name Stop Forum Spam Client. Don't go there before I finish this series of articles. I will release a fully functional and tested version soon after that.

name: 'Stop Forum Spam Client'
type: module
description: 'Client that makes use of the api services for blocking spam, spammers and spambots.'
configure: sfs.settings_form
package: 'Spam control'
version: '1.0'
core: '8.x'

As you can see in the above info file the module has no dependencies, while the module may depend on the presence of some modules, but must be able to be installed in their absence. The configuration setting form will imediately show a way to solve this dilemma. And what these modules are will become clear when looking at the configuration install parameters.

Fighting Spam

By Ronald van Belzen | May 7, 2018

I was a satisfied user of the Mollom module, but unfortunately nothing lasts forever, and about a year ago it was announced that the service would be discontinued. Not long ago the moment arrived and my site was hit by spam. It was time to look for an alternative for Mollom.

Jeff Geerling wrote quite a good article in which he found his replacement for Mollom: CleanTalk. It is not free, but relative cheap. According to Jeff it has some restrictions but it fulfills his requirements and works like a charm.

Personally, I have been a years long follower of the StopForumSpam site and did remember the existence of the SpamBot module for Drupal 7, that has been ported to Drupal 8 (and is still in beta, but it works). The only restriction of the SpamBot module is that it is designed to stop spammers from registering  and nothing more. The drupal 7 version can also report spammers (the port to Drupal 8 is missing the latter functionality), but it certainly is not a full replacement for Mollom. However, something is better than nothing, so I gave it a try.

Together with the Honeypot module and the Captcha module it is quite effective, so I cannot complain. But, as is so often the case, I want more. Like: being able to block spammers/spambots from posting content and comments (and the ability to report the spammers that get through to StopForumSpam). Maybe I can develop that myself. If I would manage to include blocking spam to Webform I think that would be a decent alternative for Mollom. Maybe it is not even that hard to do.

So, I decided to find out, and keep you posted of my progress.

Turn Drupal 8 into an Identity Provider (continued)

By Ronald van Belzen | December 13, 2017

In a previous blog post I described how to turn a Drupal 8 installation into a Identity Provider (IdP) by configuring SimpleSAMLphp. The configuration files where placed in a subdirectory of the vendor map, which is something you really should not do when you are using Composer to install and update your Drupal installation.

Move the configuration files

When you move these configuration files to another location SimpleSAMLphp should be told about it. For this purpose the environment variable SIMPLESAMLPHP_CONFIG_DIR exists. To my experience the best way to set this variable is in the Apache vhost.conf file. In my case I moved the configuration files to /var/www/drupalvm/drupal/web/sites/default/simplesamlphp:

<VirtualHost *:80>
  DocumentRoot "/var/www/drupalvm/drupal/web"
  Alias /simplesaml "/var/www/drupalvm/drupal/vendor/simplesamlphp/simplesamlphp/www"
  SetEnv SIMPLESAMLPHP_CONFIG_DIR "/var/www/drupalvm/drupal/web/sites/default/simplesamlphp"
  <Directory "/var/www/drupalvm/drupal/web">
    AllowOverride All
    Options -Indexes +FollowSymLinks
    Require all granted
  <FilesMatch \.php$>
    SetHandler "proxy:fcgi://"

The files 'config.php' and 'authsources.php' are placed in this subdirectory (not is a subdirectory ./config of this subdirectory).

In this subdirectory the subdirectories ./cert, ./metadata and ./modules are created. The ./cert subdirectory contains the certificates we created in the previous blog post. The ./metadata subdirectory contains the files 'saml20-idp-hosted.php' and 'saml20-sp-remote.php' that were also created in the previous blog post. The ./modules directory just contains the ./modules/drupalauth subdirectory with the empty file 'default-enable'.

Next we need to tell SimpleSAMLphp where to find the certificates and the metadata in the 'config.php':