Disqus: A little less disqusion, a little more action please

In May this year, our editor suffered an unfortunate accident.

Having booted up his machine and fetched his morning coffee he sat down at his desk to review the overnight comments: we’re lucky enough to have a global readership and it’s always a pleasure to read the opinions of subscribers from Arizona to Azerbaijan.

It was when his gaze settled on the number of pending comments that he fell from his chair, hot coffee sprayed liberally about his person. There were more than 500,000 posts awaiting approval. We pride ourselves on engaging with our audience, but half a million responses in an eight hour period is unprecedented at WDD.

What had happened? Had we gone viral? Had we been name-checked by Barack Obama? Had we included a cute picture of a kitten skateboarding in the previous day’s article?

Well, not quite…


The Disqus bug

Like many of the blogs you’ll find online, we use Disqus to allow our readers to comment on posts. Generally speaking it’s an excellent, easy to use solution. However, it turns out that it has a rather unfortunate bug. Around 0.00004% of the comments were actually for us, the other 99.99996% belonged to sites ranging from neo-Nazi political parties to the Miami Herald.

This presented us with two problems: firstly, we weren’t going to be able to review 500,000 comments without skipping lunch; and secondly, if we can moderate other sites’ comments, can they moderate ours?

We jumped straight onto Disqus’ support channel to ask for help. Their reply was “We’ve received a few other scattered reports of this happening and are currently investigating what might be the cause.”

Almost as quickly as it appeared, the bug vanished. Problem solved.


The Disqus bug 2: this time it’s personal

At the end of July, the bug reappeared. Perplexed and concerned we contacted Disqus via their support channel and again via Twitter.

This time we nailed it, we worked out exactly how to replicate the problem. Then we sent screenshots and instructions for reproducing the issue to Disqus to help them solve it.

We never heard back.


Reproducing the Disqus bug

So, for the benefit of other site owners that rely on Disqus, and in the hope that we’ll see some action on the issue, here are the six simple steps required to gain moderator status at any number of publications.

Step 1: Log into your Disqus account

 Log in


Step 2: wait for your site’s comments to load

Review comments


Step 3: open one of your articles in a new tab

 Open article


Step 4: scroll down to your comments and log out

Log out


Step 5: return to your moderation window and click any of the filter tabs 

Click filter


Step 6: gaze in wonder at the Disqus bug in all its splendor

Step 6

With the Disqus bug in effect, we can choose to approve, mark as spam, or delete any article. By selecting the comment we can edit it. Clicking on the article title in the comment allows us to visit the article that is being commented on. Fortunately, as you can see from the above screen shot, user email and IP addresses aren’t distributed.


What damage can the Disqus bug do?

The short answer is: a lot.

Disqus’ website says “Millions use Disqus! From niche blogs to global brands, interesting conversations are everywhere.” And they’re right, CNN, Time Magazine, Rolling Stone, Wired and PC Magazine all utilize Disqus for their comments.

Of course the bug doesn’t allow us to edit articles, only the comments are handled by Disqus. What it does allow us to do is approve comments, mark legitimate posts as spam (reducing users’ reputations), delete comments and even edit comments.

Needless to say, we haven’t done any of these things, but every few weeks when we see zero comments on our site we do wonder if someone else has them.

And if our comments go missing, who else has had their comments hijacked?

The United States Marine Corps

Does the official blog for the U.S. Marine Corps know other Disqus users can moderate their comments?

Marines comment
Marines site



How would the executives at CNN feel if they knew comments on their site were out of their control?

CNN comment
CNN article


The Independent

The Independent is a national broadsheet newspaper in the U.K.

Independent comment
Independent article


Fox Nation

Amongst several Fox websites affected is Fox Nation.

Fox comment
Fox article



It isn’t just news media that’s affected, comments on Harvard Grad. School’s website are vulnerable.

Harvard comment
Harvard article


The Washington Examiner

The Washington Examiner is one of many print publications whose online presence has been affected.

Washington Examiner comment
Washington Examiner article


Toronto Sun

It isn’t just pending comments that can be moderated. This comment on the Toronto Sun website had already been approved by their editors, we could have unapproved it, marked it as spam or rewritten it entirely.

Toronto Sun comment
Toronto Sun article


Nelson Mandela

How would the Nelson Mandela Foundation feel if it realized its comments could potentially be moderated by one of the far-right groups that also use Disqus?

Nelson Mandela comment
Nelson Mandela article


What next?

We sincerely hope Disqus are on top of this issue. We hope a bug fix is just around the corner. We hope that by the time this article goes live Disqus will have rectified their service and the problem will be resolved for good. If not, our editor won’t be the last person sprawled on the office floor, in a puddle of hot coffee, first thing on a Thursday morning.


[ Update: we’re delighted to report that the team at Disqus are working hard to resolve this issue and that they don’t believe that the bug is as bad as it appears. For more details, check out their comments below. ]

Thumbnail includes an image via Shutterstock.

  • http://www.designrshub.com/ Manuel Garcia

    I used disqus on my blog too. So far, haven’t experience the same. But, I hope Disqus is working on this issue because it will surely ruin their great image.

  • http://giannipolito.fr/ Gianni Polito

    Hope it will fixed soon…

  • http://www.mynameisjay.com/ Jay

    A little dramatic, wouldn’t you say? Disqus is a great service. I’d be surprised if they ignored this bug. Yeah they should have responded, but just because they didn’t, doesn’t mean they aren’t going to fix it.

    • http://www.lazyprogrammers.com Eugene Kim

      No, I certainly wouldn’t say. The bug was reported in May, re-reported at the end of July with complete steps to reproduce the issue and still not fixed? A bug of this magnitude should have been a highest priority one day fix, not a couple months and still no answer issue.

    • http://www.lazyprogrammers.com Eugene Kim

      Unless you meant to say “This is totally BS, wouldn’t you say?” but some devious moderator of another website decided to completely edit your comment. Then I totally agree.

    • Walter

      Not at all, community is the lifeblood of blogs.

  • 1076

    Did..uh..you just tell your readers how to manipulate your comments?


    • Walter

      No, not really. There are thousands of comments per-hour. So you’d have to be a pretty dedicated user to find our comments amongst the higher profile sites.

      • 1076

        But, assuming what you say is true – that you can actually moderate comments, and what you showed in an email wasn’t a misinterpretation – the users of your site now have a guide on how to moderate your comments? Assuming, of course, that they have that intent and are dedicated enough to carry it out?
        I’m just curious about the possibility, not necessarily the probability. And, moreover, the illumination of that possibility by one who could potentially be burned for it.


      • http://benv.ca Ben Vinegar

        It’s not possible. See @ryanvalentin:disqus’s comments.

      • http://benv.ca Ben Vinegar

        Disqus’ moderation page has a search feature (it’s in your screenshots). So it would be easy to find a comment here and edit it using the purported bug.

        But as @ryanvalentin:disqus explained, it’s not actually possible to edit a comment.

    • http://twitter.com/jimhirshfield JimHirshfield

      No he didn’t actually. See Ryan’s comment below…

      • 1076

        Apparently that’s up for debate…


  • erykko

    I have woke up to find thousands of comments on my blog. They should fix it.

  • http://www.robertswebdesign.com Robert Vining

    This bug is there! I just verified it following the process above. And yes, you can edit the comments of any comment, not just unapproved comments. This is nuts. I’m tempted to shut off Disqus or switch to FB comments. Wow. Thanks for the heads up!

    • http://twitter.com/jimhirshfield JimHirshfield

      See Ryan’s comment below…

  • http://www.newsloops.net/ Mark Rogers

    I notice you’re using the new Disqus 2012. Have you tried switching back to the old system? I’m still using it and was not able to replicate the bug using the steps you described.

    • Walter

      That’s a good idea, although we’re hoping for a solution to this version because everything else about it is awesome.

  • http://seafoodie.me/ Ryan

    Hey all – I just wanted to clear a couple of things up:

    1. This is a bug where you can see the public feed of comments in the moderation panel and we intend to fix this

    2. To be clear, this is the public feed and you’ll notice that you can’t see sensitive information like the IP address or email address. You also can’t moderate the comments.

    However, this second point is confusing because it looks like you can moderate them. We show the changes on the front-end while the moderation action occurs on the backend. So while it looks like you can delete a comment, the action is ultimately not authorized.

    Again, this is a bug that we’re fixing, we just want to be clear that nobody can mess with your sites’ comments!

    • http://www.geeksquad.co.uk/ Matt Stephens

      Great comment and cleared that up. You have also just put loads of Devs minds at rest :P

    • Walter

      That’s great news Ryan!

      We really hope that is the case, although you may recall the email conversation in which we showed you that we could indeed moderate comments.

      In any case, we hope that the fact that we still use Disqus is seen as the endorsement the product deserves.

      • http://seafoodie.me/ Ryan

        We appreciate that, Walter! With editing the comments it would have been the UI making it seem like the comment can be edited.

        We did try this ourselves several times and it does definitely look like the comment was edited – but ultimately when we visit the site the changes weren’t reflected.

  • Walter

    We’re not blasting anybody. We love Disqus, which is why we still use them despite this problem.

  • http://obscurelyfamous.com Daniel Ha

    I’m Daniel from Disqus. Ryan’s comment explains the situation well: this is a fluky interface bug, but there’s nothing sensitive nor critical at stake.

    We’ve had some questions come in from users about this. Could you update the article with our comments? We’re happy to hear about display bugs like this, but I’d appreciate your help letting new readers fully understand what’s going on.


  • Guest

    couldnt mimick the bug here though (but I don’t have a “ten thousand hits a day” website either) Either way, make sure you can’t change the comments of the disqus team below, that … would be completely hilarious, lol. Next to that, disqus has been (for now) the best commenting system I have used that doesn’t rely on ugly things such as…. facebook ;)

  • http://www.blackbookoperations.com/ Black Book Operations

    couldnt mimick the bug here though (but I don’t have a “ten thousand
    hits a day” website either) Either way, make sure you can’t change the
    comments of the disqus team below, that … would be completely
    hilarious, lol. Next to that, disqus has been (for now) the best
    commenting system I have used that doesn’t rely on ugly things such
    as…. facebook ;)

  • http://techmansworld.blogspot.com/ncr Michael Hazell

    Oh wow. I didn’t know of this bug. Good thing that you can’t actually moderate comments from the back end.

  • http://www.tinywall.info/ Arun David

    Ha ha… Just yesterday I thought of integrating disqus comments in my blog ratherthan IntenseDebate which I am using now…Hope the’ll fix it soon.

  • http://abdallahalhakim.tumblr.com/ Abdallah Al-Hakim

    It is a very good sign for a company when you have three people @danielha:disqus @JimHirshfield:disqus @ryanvalentin:disqus all participating in this discussion to try and explain the situation. It shows their dedication to providing excellent service and acknowledging when they have a problem

  • http://www.facebook.com/swagato.bhatta Swagato Bhatta

    So is this problem solved now?

  • hlindset

    You should probably update the article. You’re just spreading disinformation.

  • http://about.me/evanjacobs Evan Jacobs

    They don’t exist.

  • http://www.animhut.com Sri Ganesh.M

    Just Ask users/force them to comment Via any social network sites or Disqus account. Spam is reduced mostly.

    I think these bugs are removed ! and use new Disqus System! it will not give homepage direct link in the comment section. so spammers won’t take time to post there. 

  • http://cowandsheep.co.za/ theamoeba

    The bug still seems to be out there… seems like their javascript is not checking to see which user is logged properly.

  • http://www.audiomind.us/blog AUDIOMIND

    Has this bug been fixed and patched?

  • http://issuu.com/dentonmerritt/docs/zen-cart_development_company finnbrady

    i always like to comment on disqus. in disqus there is les chance to for comment pending.