In May this year, our editor suffered an unfortunate accident.
Having booted up his machine and fetched his morning coffee he sat down at his desk to review the overnight comments: we’re lucky enough to have a global readership and it’s always a pleasure to read the opinions of subscribers from Arizona to Azerbaijan.
It was when his gaze settled on the number of pending comments that he fell from his chair, hot coffee sprayed liberally about his person. There were more than 500,000 posts awaiting approval. We pride ourselves on engaging with our audience, but half a million responses in an eight hour period is unprecedented at WDD.
What had happened? Had we gone viral? Had we been name-checked by Barack Obama? Had we included a cute picture of a kitten skateboarding in the previous day’s article?
Well, not quite…
The Disqus bug
Like many of the blogs you’ll find online, we use Disqus to allow our readers to comment on posts. Generally speaking it’s an excellent, easy to use solution. However, it turns out that it has a rather unfortunate bug. Around 0.00004% of the comments were actually for us, the other 99.99996% belonged to sites ranging from neo-Nazi political parties to the Miami Herald.
This presented us with two problems: firstly, we weren’t going to be able to review 500,000 comments without skipping lunch; and secondly, if we can moderate other sites’ comments, can they moderate ours?
We jumped straight onto Disqus’ support channel to ask for help. Their reply was “We’ve received a few other scattered reports of this happening and are currently investigating what might be the cause.”
Almost as quickly as it appeared, the bug vanished. Problem solved.
The Disqus bug 2: this time it’s personal
At the end of July, the bug reappeared. Perplexed and concerned we contacted Disqus via their support channel and again via Twitter.
This time we nailed it, we worked out exactly how to replicate the problem. Then we sent screenshots and instructions for reproducing the issue to Disqus to help them solve it.
We never heard back.
Reproducing the Disqus bug
So, for the benefit of other site owners that rely on Disqus, and in the hope that we’ll see some action on the issue, here are the six simple steps required to gain moderator status at any number of publications.
Step 1: Log into your Disqus account
Step 2: wait for your site’s comments to load
Step 3: open one of your articles in a new tab
Step 4: scroll down to your comments and log out
Step 5: return to your moderation window and click any of the filter tabs
Step 6: gaze in wonder at the Disqus bug in all its splendor
With the Disqus bug in effect, we can choose to approve, mark as spam, or delete any article. By selecting the comment we can edit it. Clicking on the article title in the comment allows us to visit the article that is being commented on. Fortunately, as you can see from the above screen shot, user email and IP addresses aren’t distributed.
What damage can the Disqus bug do?
The short answer is: a lot.
Disqus’ website says “Millions use Disqus! From niche blogs to global brands, interesting conversations are everywhere.” And they’re right, CNN, Time Magazine, Rolling Stone, Wired and PC Magazine all utilize Disqus for their comments.
Of course the bug doesn’t allow us to edit articles, only the comments are handled by Disqus. What it does allow us to do is approve comments, mark legitimate posts as spam (reducing users’ reputations), delete comments and even edit comments.
Needless to say, we haven’t done any of these things, but every few weeks when we see zero comments on our site we do wonder if someone else has them.
And if our comments go missing, who else has had their comments hijacked?
The United States Marine Corps
Does the official blog for the U.S. Marine Corps know other Disqus users can moderate their comments?
How would the executives at CNN feel if they knew comments on their site were out of their control?
The Independent is a national broadsheet newspaper in the U.K.
It isn’t just news media that’s affected, comments on Harvard Grad. School’s website are vulnerable.
The Washington Examiner
The Washington Examiner is one of many print publications whose online presence has been affected.
It isn’t just pending comments that can be moderated. This comment on the Toronto Sun website had already been approved by their editors, we could have unapproved it, marked it as spam or rewritten it entirely.
How would the Nelson Mandela Foundation feel if it realized its comments could potentially be moderated by one of the far-right groups that also use Disqus?
We sincerely hope Disqus are on top of this issue. We hope a bug fix is just around the corner. We hope that by the time this article goes live Disqus will have rectified their service and the problem will be resolved for good. If not, our editor won’t be the last person sprawled on the office floor, in a puddle of hot coffee, first thing on a Thursday morning.
[ Update: we’re delighted to report that the team at Disqus are working hard to resolve this issue and that they don’t believe that the bug is as bad as it appears. For more details, check out their comments below. ]
Thumbnail includes an image via Shutterstock.