Disqus: A little less disqusion, a little more action please

By Ben Moss Posted Aug. 23, 2012 Reading time: 3 minutes

In May this year, our editor suffered an unfortunate accident.

Having booted up his machine and fetched his morning coffee he sat down at his desk to review the overnight comments: we’re lucky enough to have a global readership and it’s always a pleasure to read the opinions of subscribers from Arizona to Azerbaijan.

It was when his gaze settled on the number of pending comments that he fell from his chair, hot coffee sprayed liberally about his person. There were more than 500,000 posts awaiting approval. We pride ourselves on engaging with our audience, but half a million responses in an eight hour period is unprecedented at WDD.

What had happened? Had we gone viral? Had we been name-checked by Barack Obama? Had we included a cute picture of a kitten skateboarding in the previous day’s article?

Well, not quite…

 

The Disqus bug

Like many of the blogs you’ll find online, we use Disqus to allow our readers to comment on posts. Generally speaking it’s an excellent, easy to use solution. However, it turns out that it has a rather unfortunate bug. Around 0.00004% of the comments were actually for us, the other 99.99996% belonged to sites ranging from neo-Nazi political parties to the Miami Herald.

This presented us with two problems: firstly, we weren’t going to be able to review 500,000 comments without skipping lunch; and secondly, if we can moderate other sites’ comments, can they moderate ours?

We jumped straight onto Disqus’ support channel to ask for help. Their reply was “We’ve received a few other scattered reports of this happening and are currently investigating what might be the cause.”

Almost as quickly as it appeared, the bug vanished. Problem solved.

 

The Disqus bug 2: this time it’s personal

At the end of July, the bug reappeared. Perplexed and concerned we contacted Disqus via their support channel and again via Twitter.

This time we nailed it, we worked out exactly how to replicate the problem. Then we sent screenshots and instructions for reproducing the issue to Disqus to help them solve it.

We never heard back.

 

Reproducing the Disqus bug

So, for the benefit of other site owners that rely on Disqus, and in the hope that we’ll see some action on the issue, here are the six simple steps required to gain moderator status at any number of publications.

Step 1: Log into your Disqus account

 Log in

 

Step 2: wait for your site’s comments to load

Review comments

 

Step 3: open one of your articles in a new tab

 Open article

 

Step 4: scroll down to your comments and log out

Log out

 

Step 5: return to your moderation window and click any of the filter tabs 

Click filter

 

Step 6: gaze in wonder at the Disqus bug in all its splendor

Step 6

With the Disqus bug in effect, we can choose to approve, mark as spam, or delete any article. By selecting the comment we can edit it. Clicking on the article title in the comment allows us to visit the article that is being commented on. Fortunately, as you can see from the above screen shot, user email and IP addresses aren’t distributed.

 

What damage can the Disqus bug do?

The short answer is: a lot.

Disqus’ website says “Millions use Disqus! From niche blogs to global brands, interesting conversations are everywhere.” And they’re right, CNN, Time Magazine, Rolling Stone, Wired and PC Magazine all utilize Disqus for their comments.

Of course the bug doesn’t allow us to edit articles, only the comments are handled by Disqus. What it does allow us to do is approve comments, mark legitimate posts as spam (reducing users’ reputations), delete comments and even edit comments.

Needless to say, we haven’t done any of these things, but every few weeks when we see zero comments on our site we do wonder if someone else has them.

And if our comments go missing, who else has had their comments hijacked?

The United States Marine Corps

Does the official blog for the U.S. Marine Corps know other Disqus users can moderate their comments?

Marines comment
Marines site

 

CNN

How would the executives at CNN feel if they knew comments on their site were out of their control?

CNN comment
CNN article

 

The Independent

The Independent is a national broadsheet newspaper in the U.K.

Independent comment
Independent article

 

Fox Nation

Amongst several Fox websites affected is Fox Nation.

Fox comment
Fox article

 

Harvard

It isn’t just news media that’s affected, comments on Harvard Grad. School’s website are vulnerable.

Harvard comment
Harvard article

 

The Washington Examiner

The Washington Examiner is one of many print publications whose online presence has been affected.

Washington Examiner comment
Washington Examiner article

 

Toronto Sun

It isn’t just pending comments that can be moderated. This comment on the Toronto Sun website had already been approved by their editors, we could have unapproved it, marked it as spam or rewritten it entirely.

Toronto Sun comment
Toronto Sun article

 

Nelson Mandela

How would the Nelson Mandela Foundation feel if it realized its comments could potentially be moderated by one of the far-right groups that also use Disqus?

Nelson Mandela comment
Nelson Mandela article

 

What next?

We sincerely hope Disqus are on top of this issue. We hope a bug fix is just around the corner. We hope that by the time this article goes live Disqus will have rectified their service and the problem will be resolved for good. If not, our editor won’t be the last person sprawled on the office floor, in a puddle of hot coffee, first thing on a Thursday morning.

 

[ Update: we’re delighted to report that the team at Disqus are working hard to resolve this issue and that they don’t believe that the bug is as bad as it appears. For more details, check out their comments below. ]

Thumbnail includes an image via Shutterstock.

Aa