I’ve been using Drupal for this blog for most of its life. However, I’m starting to be quite annoyed by several things:
- The Captcha module is seriously broken and opens up the door for various security problems
- The Spam module is there, and works mostly, but is not effective enough to keep spam down
- The badbehavior module is over-aggressive and doesn’t work well anyway
- Spam becomes a serious drag on load of the server
So I’m planning to switch to something else. Something where blogging will be fun again, without all the hassle of tracking down spam. It looks like either WordPress or Serendipity, and I’m leaning towards Serendipity for now.
I’m a big Drupal fan, but I also use WordPress for one of my blog sites. WordPress is fun, though I find it runs a little on the slow side compared to how many features Drupal has. I’ve heard some good things about NucleusCMS too and you may want to consider that site also.
Besides Drupal and WordPress, I also run a forum to discuss and compare various CMS and blog applications. The site is very young, but it might be worth giving a try. The site is
“The Captcha module is seriously broken and opens up the door for various security problems”
I was wondering what exactly is broken about it, and what security problems it has.
I am not a developer on the project, but I am a longtime Drupal user who has been using Captcha on some community sites. If there are security problems, I’d really appreciate some details as to what they are.
Hi Sam,
Take a look at this link:
[url]http://changelog.complete.org/node/281[/url]
That’s where I described my gripes with captchas. I also wrote about my spam gripes here: [url]http://changelog.complete.org/posts/354.html[/url]
have you taken a look at the new betas? the new version has quite a few enhancements
No, I haven’t. But frankly I’ve been hearing that for awhile from Drupal. I’ve stuck with it for quite awhile.
And I think the core package and developers are fine. They aren’t really focusing on this problem domain, though. And those that are don’t really seem to care (or even notice?) that some of their plugins cause *serious* damage to a Drupal installation