In this video, we'll take a look at how to protect forms using the common "CAPTCHA" approach. We'll also take a look at what happens when someone completes the CAPTCHA correctly and incorrectly.

Protecting the user registration form with a CAPTCHA

In order to start protecting forms, we need to tell Mollom which ones we want protected.
* Click on the "Forms" tab (admin/config/content/mollom)
* Click "Add form"
* From the select list I'll choose: "User: User registration form"
* Click "Next"

Here we can choose the protection mode. The way this particular form is currently set up, the best option would be “CAPTCHA”. This is because there aren’t really any text fields to analyze. The only fields are “Username” and “E-mail address”. If we were to add an additional field like “Bio”, then using “Text analysis” would be more appropriate.

  • (Save)

Test the form

Let’s test this out.

  • In Safari, I’ll go to “”

You’ll notice the message at the top that says Mollom is in testing mode, as well as the text in the “Word verification” box that tells us to enter either “correct” or “Incorrect”. This is because we’ve set Mollom to testing mode so that we can see what happens when someone enters an incorrect value without running the risk of flagging ourselves as spam to the Mollom servers.

Let’s try to create an account, but enter “incorrect” into the “Word verification” field.

  • Username: bjlewis2
  • E-mail address:
  • Word verification: incorrect
  • (Create new account)

Because we incorrectly entered the captcha, we get a notice that we need to try again with a new word. (This would supply a new captcha image if we were in production mode.) We can also view our recent log messages and see that there was an incorrect captcha attempt.

  • Go to “Reports => Recent log messages” (admin/reports/dblog)
  • Click “Incorrect CAPTCHA

Here we can get more information about the attempt, like the ip address (authorIp). In this case it’s my local machine ip, but it would display the ip address that the attempt came from.

Now, let’s go ahead and complete the captcha correctly.

  • Go to Safari
  • Word verification: correct
  • (Create new account)

This time, we get a notice that our account is pending approval, so it’s worked as expected!

The last thing I’ll show you before we move on to the Text Analysis option, is the email that the site administrator receives.

  • Check site admin email

We have two links in this email, the first is the standard link to edit the new account. We can click that and change the user’s Status from “Blocked” to “Active”, and they would receive the standard email that approved users get. The other option has been added by Mollom, that is to cancel the account and report it as spam.

  • Click the link next to “Report as inappropriate”

The first section here is “When cancelling the account”, and these are the standard options that come with Drupal. The second section, “Report as inappropriate” is added by Mollom, and we have a few choices.

  • Do not report (This will not report the account, and you’d typically use this when deleting an old, legitimate, user that just doesn’t need to access the site anymore.)
  • The rest of the options are to classify the type of inappropriate content to help improve Mollom’s automated moderation of new submissions.
    • Spam, unsolicited
    • Obscene, violent, profane
    • Low-quality
    • Unwanted, taunting, off-topic

These options will also be available when we delete content, comments, etc.

I’m actually going to go ahead and approve this account and set a password now, so that we can use it in later videos.