Why I am moving away from Disqus (totally)

TL;DR: because their spam detection strategy is horrible.

Disqus is a comment service provider that gives free services to website owners to setup comment systems. I have started using Disqus a few years ago when I first setting up websites and blogs, because of its effortless way to add a comment box to seemingly any website, and the social log in feature. All seemed so good and peaceful until a day last year.

In an afternoon on the day, I got an email from Disqus suggesting my account is compromised and I need to reset my password.

Hi Eana,

Your Disqus account appears to have been used by an unauthorized 3rd party to post spam comments. We removed any newly posted spam comments and restored any previous posts that may have been edited.

To prevent further unauthorized access, we have disabled the password for your account. To set a new password, please follow the link below:

[link goes here]

We recommend that you change your password on other services that share the same password and use strong unique passwords for each. Having a shared password across multiple services is likely how the third party was able to access your account.  A password manager like LastPass or 1Password can help prevent this type of access.

The Disqus Team

The email from Disqus

At the moment when I saw the email, just a few minutes after it arrived, I logged in and changed my password. By the time there are already tons of spams sent with my account.

At that time things have already started to become weird. I tried to delete all the spam messages that the hacker sent, but all I got was the fake visual effect clicking on the delete button. Everything was back after refreshing the page. Back then I didn’t care much about that, since I thought I have recovered my account back, and they know that these spams were unauthorized, I should be safe.

But not soon after, when I started to comment on some of the websites using Disqus, I saw the problem. All comments, I mean all comments, no matter how harmless they are (or they may look like), all got the “detected as spam” label next to them. I had to manually contact the site admin through other methods to get an approval. I still didn’t care much about that at the time, as I don’t really comment on blogs that much anyway.

Then after a few months I started to feel like this should be a problem to be solved. I tried to look for channels to contact their support, but all I got is their community forum, which uncoincidentally happened to be yet another Disqus Channel. (Their customer support is only dedicated to enterprise users, which makes sense in someway. Surely nobody wants to waste manpower on users never gonna pay.) I tried to post my question there, and this time there are no marks about spam on the post (that mark usually appears next to the comment I send in blogs). I had my post there and hopefully looking forward to a reply from them.

Months later until recently I encountered another blog using Disqus, which reminded me about its spam disaster. I went back to my profile page, and saw that forum post itself is also “marked as spam”.


Leave a Reply

Your email address will not be published. Required fields are marked *