Spam Master
Real-time firewall and anti-spam protection module that blocks malicious user registrations, comments, and form submissions using RBL (Real-time Blacklist) servers provided by spammaster.org as SaaS.
spammaster
Install
composer require 'drupal/spammaster:8.x-2.68'
Overview
Spam Master is a comprehensive spam protection and real-time firewall module for Drupal that blocks new user registrations, comments, contact forms, and other webform submissions from known spam sources. The module operates by querying Spam Master's Real-time Blacklist (RBL) servers, checking IPs, IP ranges, email addresses, domains, and even text patterns via heuristics.
The module includes a High Availability Firewall (HAF) that scans all incoming requests and blocks known threats before they can interact with your site. It maintains a local threat buffer to reduce server load and prevent repeated attacks from known spam sources. Hidden honeypot fields are automatically added to forms to detect and block automated bot submissions.
Spam Master offers both free and PRO (paid) license tiers. The free tier connects to community servers while PRO licenses provide access to business-class servers with faster response times and additional features like CDN/WAF integration, customizable firewall rules, and detailed logging. The module replaces the need for multiple spam protection modules such as CAPTCHA, reCAPTCHA, Honeypot, Antibot, and others, providing a unified solution that reduces server resource usage.
Features
- Real-time IP, email, and domain blocking via RBL (Real-time Blacklist) server queries
- High Availability Firewall (HAF) that scans all incoming requests before page processing
- Local threat buffer to cache blocked threats and reduce server resource usage
- Honeypot V2 & Antibot hidden form fields to detect and block automated bots
- White Empath automatic whitelisting mechanism using advanced heuristics
- Manual IP and Form ID whitelisting to exclude trusted sources from scans
- CDN/WAF integration for Cloudflare and Fastly (PRO license required)
- Protected by Spam Master signature display on forms to deter human spammers
- Alert Level 3 warning emails when high spam levels are detected
- Daily and weekly email reports with spam statistics
- Configurable log retention and automatic cleanup via cron
- Detailed statistics and logging showing firewall blocks, honeypot triggers, and system events
- Protection against over 400+ million threats and exploits (count varies)
- Replaces multiple spam protection modules: CAPTCHA, reCAPTCHA, Honeypot, Antibot, Cleantalk, Akismet, and 30+ others
Use Cases
Protecting User Registration
When a new user attempts to register, Spam Master's firewall subscriber intercepts the request. The visitor's IP is checked against the local threat buffer and the RBL servers. Hidden honeypot fields detect automated bot submissions. If any check fails, the user sees a customizable block message and the IP is added to the local buffer for faster future blocking.
Preventing Comment Spam
Comment forms automatically receive honeypot fields that are hidden from human users but visible to bots. Bots that fill in these fields are immediately blocked. The submission is logged, reported to RBL servers, and the IP is buffered to prevent further attempts.
Blocking Contact Form Abuse
Contact forms, webforms, and custom forms all receive protection automatically. The firewall checks the submitter's IP against known threat databases before the form is even displayed, reducing server load from repeat offenders.
Corporate/Government Website Configuration
Large organizations with many internal users can set firewall rules to 'Relaxed' or 'Super Relaxed' mode to reduce false positives. Internal IP ranges can be whitelisted to exempt corporate network users from all scanning.
Development and Staging Environments
Set website type to 'Test - Development' to disable active blocking during development. This allows testing form submissions without triggering spam protection while still logging would-be blocks for verification.
High-Traffic E-commerce Sites
PRO license users benefit from business-class RBL servers with faster response times. CDN/WAF mode ensures proper IP detection when using services like Cloudflare. The local buffer prevents repeated API calls for known threats, reducing latency.
Tips
- The local threat buffer significantly reduces server load by caching blocked IPs locally. Buffer entries are automatically cleaned after 6 months.
- Whitelist trusted partner IPs, VPN ranges, or office networks to prevent false positives for legitimate users.
- Enable weekly email reports to monitor your site's spam levels without manually checking the admin interface.
- For sites receiving heavy bot traffic, the Normal firewall rules provide the strictest protection.
- The module adds a meta generator tag to pages - this is normal and helps identify protected sites.
- Clean-up retention settings affect statistics accuracy. Lower values save database space but reduce historical data visibility.
- PRO licenses unlock detailed logging visible directly in Drupal, CDN/WAF support, signature removal, and faster RBL server responses.
- Form IDs can be whitelisted to exempt specific forms (like internal tools) from spam scanning.
Technical Details
Admin Pages 5
/admin/config/system/spammaster
Main configuration page for managing your Spam Master license key and connection settings. Displays license status (VALID, INACTIVE, EXPIRED, or various MALFUNCTION states), license type (FREE or PRO), alert level, spam probability percentage, and protection count. Also shows improvement recommendations such as modules that can be disabled when using Spam Master.
/admin/config/system/spammaster/protection
Configure all protection features including firewall settings, honeypot fields, signatures, email alerts, and log cleanup retention periods.
/admin/config/system/spammaster/buffer
View the local threat buffer containing blocked IP addresses and emails. The buffer provides fast local checks to reduce server resources and prevent flood/DoS attacks.
/admin/config/system/spammaster/white
Manage whitelisted IPs and Form IDs that are exempt from spam scanning. Useful for trusted corporate IPs or specific forms that should bypass protection.
/admin/config/system/spammaster/log
View spam blocking statistics and detailed activity logs. PRO users see full logging details; FREE users see summary statistics with upgrade prompts.
Permissions 1
Hooks 7
hook_help
Provides help text for the module's help page, including version information, documentation links, and social media links.
hook_cron
Implements daily and weekly cron tasks for license synchronization, cleanup operations, and report sending.
hook_theme
Defines the firewall template theme for the 403 block page.
hook_mail
Defines email message subjects for various notification types.
hook_page_top
Displays admin status messages about license status, malfunctions, expiration, and promotional discount codes on special dates.
hook_form_alter
Adds honeypot fields and protection signatures to frontend forms. Skips admin forms, maintenance mode forms, system forms, and search forms.
hook_page_attachments_alter
Adds a meta generator tag to all pages indicating Spam Master protection.
Troubleshooting 9
Navigate to Spam Master settings and click 'RE-SYNCHRONIZE CONNECTION'. Ensure your server can make outbound HTTPS connections to spammaster.org. The module will automatically generate a free license key using your site's admin email.
Your Spam Master version is older than the current release. Update the module to the latest version using Composer: composer update drupal/spammaster, then clear caches.
The same license key is being used on multiple websites. Log in to spammaster.org, detach other sites using this key, and generate unique keys for each website.
Your site's admin email is already associated with an existing key. Log in to spammaster.org with your admin email to retrieve your existing license key.
The entered license key is already in use on another website. Generate a new key at spammaster.org or use a different key.
Your site is behind a CDN or WAF that masks real visitor IPs. If you have a PRO license, enable the CDN/WAF integration option in Protection Tools. See online documentation for configuration details.
Free tier servers are experiencing high demand. Wait 4-24 hours for stability to return, or upgrade to a PRO license for guaranteed uptime on business-class servers.
Add their IP address to the Whitelist page at /admin/config/system/spammaster/white. For recurring issues with specific forms, whitelist the form ID instead.
Contact info@spammaster.org with the URL of the affected page. PRO users can disable signatures entirely in Protection Tools.
Security Notes 7
- Spam Master connects to external spammaster.org servers to verify threats and submit spam data. Ensure your security policy allows outbound HTTPS connections.
- The module stores blocked IP addresses and form submission metadata in custom database tables. This data is used for local caching and logging.
- Honeypot field names and the Protection signature can potentially identify the module to sophisticated attackers, though this also serves as a deterrent.
- The license key should be kept confidential. It is transmitted to Spam Master servers for validation but not stored in public configuration.
- When CDN/WAF mode is disabled, the module uses the direct client IP. When enabled, it trusts forwarded headers which could be spoofed if not properly configured.
- The /spam-master/v1 endpoint accepts POST requests for spam check actions. It requires 'access content' permission which is typically granted to anonymous users.
- Regularly review the Spam Buffer and Statistics pages to monitor for any unusual blocking patterns that might indicate configuration issues.