Friday, August 16, 2013

Disqus LOOPHOLE for SPAM Comments in WordPress

Are you running Disqus on WordPress blog? You've probably seen plenty of SPAM and removed them with Disqus. Well, those comments are not really gone...



Are you running Disqus Comments on your WordPress blog?


Have you received comments that you've marked as spam or deleted?


You have, right? We all have.


Standard business, we get spam comments or comments not compliant with our comment policy, we mark them as spam and remove the comment...


spam comment in disqus wordpress Disqus LOOPHOLE for SPAM Comments in WordPress

Here's an usual lame-ass SPAM comment in Disqus, marked as spam...



Stay with me...


When comment is left to WordPress blog with Disqus comments, the comment is also added to WordPress database, like a normal comment would.


This is good in case you would remove Disqus one day, you'd still have the comments.


OK - cool


BUT


After the comment is received, Disqus picks up the comment, so the comment going to WordPress database it is not caught by SPAM filters or anything...


Not a problem, we just manually marked the comment as spam...


RIGHT?


well...


No.


Disqus doesn't think it needs to "communicate back" to the WordPress database and remove the comment there as well...


Check your normal comments (click 'Dashboard > Comments > Comments' to see comments in WordPress database), and you will find comments there that you've deleted or marked as spam in Disqus, safely in the WordPress database.


spam comment in wordpress database Disqus LOOPHOLE for SPAM Comments in WordPress

The same SPAM comment, marked as SPAM in Disqus, is in the WordPress comment, approved like any good comment...



LOVELY!


And if Disqus being slow as hell wasn't enough...


:sigh:


BUT


IT GETS WORSE


Spot a comment from "normal" comments that was spam, removed from Disqus, but still in WordPress database etc...


Not a problem, Disqus wouldn't show a comment removed from its own system and only existing in WP database, would it?


YOU BET YOUR SORRY ASS IT WOULD!


Go to the blog post in question...


You can't see the comment there...


OK - good...


Open the page source.


Search for the spam comment.


spam comment in page source Disqus LOOPHOLE for SPAM Comments in WordPress

The same SPAM comment is now HIDDEN in the page source by Disqus Comments. Not visible on the page, but there it is...



WTF?


Looks like Disqus Comments on WordPress, at least with the Disqus Comments -plugin, help SPAM comments to turn our blogs into black hat SEO shit, hiding spammy comments and links in our page source.


Please tell me that this is just some oddity in my blog.




Original post from Zemalf's Website optimization blog:

Disqus LOOPHOLE for SPAM Comments in WordPress








via Make Your Own Website Tools Tips Tricks http://feedproxy.google.com/~r/Zemalf/~3/bvElTOZSL8U/ Best WordPress Hosting

No comments:

Post a Comment