CampaignFoundations.com

Security is a concern whenever you share your data and web applications over the internet. The user privilege system for the drupal content management system and our other applications is a part of the answer.

But these days one does not have to have political opponents to attract 'graffiti artists' who will vandalize your website. Spammers, those same folks who fill your inbox with unsolicited and unwanted email also write scripts which create user login accounts on content management systems, authenticate those user accounts by email and then use them to post commercial advertising with links to their clients' sites. Its all designed to boost their rankings in the search engines.

But you can stop these robots from spamming your site. And your hosting package includes all the tools you need to do so.

Start by logging in to your site as a user with administrative privileges. Next navigate to: /admin/build/modules using the Administer -> Site_Building -> Modules menu. Enable Captcha (listed under spam control), and TextImage (listed under other modules). Then use the 'Save Configuration' button to save your changes.

When the page reloads, use the 'administration by module' link to access all the controls to set up your captchas. On the /admin/by-modules page, scroll down to the bottom and use the links under Text Image labeled 'Configure permissions' to enable every user role to 'Access text images'. Save your changes and return to the /admin/by-modules page again.

Next follow the Text Image link, and on this page set the font path to: /home/hesco/fonts, and the images path to: /home/hesco/fonts/images. Use the 'Save Configuration' button to do just that.

Next click on the 'Captcha display' tab. On this page set the font and image paths to same values as before. The default values should work fine for the other options. When you are through, 'Save configuration'.

One more step.

Return to the /admin/by-modules page. From there use the Captcha link to get to the /admin/settings/captcha form. For 'Type of captcha to use:', choose textimage. Next, for each user role you have defined, open up the form and configure the webforms you want to require a captcha validation as a condition of submission of that form by a user in that role.

For the annonymous users and authenticated users, I'd recommend that every checkbox be marked. Remember, depending on the controls you configure for your users, a spam robot can create an acocunt, authenticate it, log in using it and assume authenticated user privileges. Make sure your authenticated users are real human beings with captcha.

That should do it. That should keep the grafitti off your site.

Now using a distinct browser, (or the same browser, after logging out) navigate to your website and create a new account. Check to see if you encounter a captcha validation when you try to submit the form. If so all is right with the world, or at least with your configuration of the textimage and captcha modules. We welcome calls from clients who need support on this or other site configuration questions.