First of all, apologies if this is covered elsewhere. I searched the category and didn’t see it mentioned, but may have missed it if it was worded differently.
Users on a board I mod have brought a bug to our attention. They are able to circumvent the 3-reply limit by deleting and restoring posts. Steps to recreate:
Make 3 consecutive posts.
Delete the 3rd post, add a 4th.
Restore the 3rd post.
This can be repeated as many times as the user wants as long as only 3 posts are live before restoring the deleted posts, e.g. with posts 1, 2 and 15 live the user can restore deleted posts 3 through 14.
The three reply limit is more of a guard rail than anything else.
There might be a better behavior here, but if your users are doing it to deliberately bypass these kinds of features it’s totally appropriate to issue a warning or even temporarily suspend their participation.
There are also ways to bypass the minimum post limit- I usually advise clients that when users abuse these loopholes they first get a warning, then a timeout.
Thank you for your reply. It has not become an issue and to the best of my knowledge no one on the board has exploited it it, but I thought it best to run it up the line to the devs in case it was previously unreported and patchable.
ETA: Leaders/Mods—please feel free to unlist this topic at your discretion so the exploit won’t be easily searchable.
I think a different type of limit should address this griefing:
You can set max_post_deletions_per_day a lot lower. It is already set to 10 so this can only happen 10 times?
Also agree with @Stephen that in this specific case, if it pops up it should just fall into … member is acting in an abusive way and handle by banning.
We deliberately allow this pattern in the code for extreme edge cases.