Circumventing the 3-reply limit

First of all, apologies if this is covered elsewhere. I searched the category and didn’t see it mentioned, but may have missed it if it was worded differently.

Users on a board I mod have brought a bug to our attention. They are able to circumvent the 3-reply limit by deleting and restoring posts. Steps to recreate:

  1. Make 3 consecutive posts.
  2. Delete the 3rd post, add a 4th.
  3. Restore the 3rd post.

This can be repeated as many times as the user wants as long as only 3 posts are live before restoring the deleted posts, e.g. with posts 1, 2 and 15 live the user can restore deleted posts 3 through 14.

1 Like

The three reply limit is more of a guard rail than anything else.

There might be a better behavior here, but if your users are doing it to deliberately bypass these kinds of features it’s totally appropriate to issue a warning or even temporarily suspend their participation.

There are also ways to bypass the minimum post limit- I usually advise clients that when users abuse these loopholes they first get a warning, then a timeout.

4 Likes

Thank you for your reply. It has not become an issue and to the best of my knowledge no one on the board has exploited it it, but I thought it best to run it up the line to the devs in case it was previously unreported and patchable.

ETA: Leaders/Mods—please feel free to unlist this topic at your discretion so the exploit won’t be easily searchable.

I think a different type of limit should address this griefing:

You can set max_post_deletions_per_day a lot lower. It is already set to 10 so this can only happen 10 times?

Also agree with @Stephen that in this specific case, if it pops up it should just fall into … member is acting in an abusive way and handle by banning.

We deliberately allow this pattern in the code for extreme edge cases.

2 Likes