Editing Old Posts and Adding Links Doesn't Alert Anybody


(Lowell Heddings) #1

Situation:

Users can edit old posts, adding links to whatever they want, and there’s no way that a forum administrator would know about it.

As far as I know based on a bunch of testing, editing a post inside a topic doesn’t push it up to the top or make it unread even for people that read the topic or were replied to by that post. And you don’t need to have special privileges to do it (I edited a couple of my own old posts here on Meta while testing).

Why this is bad:

Any user that happens to reply to a topic that ends up being popular in Google can go back and add all the spammy affiliate links or SEO links that they want. Nobody is going to check the links in old forum posts, especially if they are integrated into the paragraphs well. Or if the good links are just swapped out with bad ones.

Why this could be really bad:

Users that achieve Leader status get all their links followed for the search engines.

This means that all you need to do is consistently be a part of a forum, or many forums, for 100 days or whatever the time limit is. And then you can go back and edit all your old posts that have been strategically placed on topics that are likely to be popular. SEO links? Sure thing! Affiliate links? Check!

Look at that, we’ve created new jobs. Take that, politicians!

And if you don’t think there’s good money in spammy SEO linking, you clearly haven’t run a website that has a lot of search engine juice.

How this can be fixed?

This is where I’m not entirely certain and would love to see ideas from others. (Obviously disabling the search engine follow link feature would be a good start)

Perhaps there should be a setting to notify moderators when somebody adds a link to an old post via an edit? I imagine that could be a pain. Bumping the post to the top would probably be really annoying for everybody.


And Yes, I’m aware of the post edit time limit setting, which I’ve set to 14 days on my forum to at least try and deal with this problem. I think the default is one year for new forums though.

That change is not really a solution as much as an annoyance for the regular forum users though, and for a really busy forum, topics from 14 days ago will be long forgotten.

I would much rather allow people to edit posts for longer than 14 days. I’d also love to see affiliate links dealt with.


(Mittineague) #2

There is Admin -> Logs -> Screened URLs

Wouldn’t this in time prevent a lot of the URLs from being able to be added?


(Lowell Heddings) #3

That log is only for URLs from people that have spammed and then been deleted as spammers using the spam delete feature. That’s not at all what I was talking about.


(Michael - DiscourseHosting.com) #4

“All you need to do” … :smile:
This takes a lot of time and effort, and if it is apparently not noticed… I don’t think this is a big problem.
Users that achieve Leader status are pretty trusted.


(Mittineague) #5

The requirements are - from What do user trust levels do?

They can get to trust level 3 by…

This is time and activity based, unlike the previous levels. In the last 100 days…

must have visited at least 50% of days
must have replied to at least 10 different topics
of topics created in the last 100 days, must have viewed 25%
of posts created in the last 100 days, must have read 25%
must have received 20 likes, and given 30 likes.

must not have received more than 5 spam or offensive flags (with unique posts and unique users for each, confirmed by a moderator)

So I guess unless the percent ones are scaled somehow, a lot would depend on how active the forum is
But I doubt many SPAMmers would have the patience nor put in the effort just for followed links.

For example, right now meta has only 28 TL3 Leaders (counting Staff and System) Regular badge on Discourse Meta


(cpradio) #6

Why? Not wanting to get off topic, but why do users need to go back more than a couple of days and edit their post? As you stated, anything beyond 14 days is usually forgotten about, so why such a long time frame? I’m fairly certain we only permit 1-2 days on ours.

Back on topic:
I too think it would be a good idea to deal with affiliate links. I’m not sure it is “core” material, but the plugin looked promising and you could add new URLs as you saw fit (granted, it would be nice if those URLs could be added in the admin area).


#7

No. Users achieve Leader status automatically. The only trust signal there is is the number of “likes” received, and you can get those with some sock puppets (which you would have anyway, why only build up only one user to “Leader” when you can have several).

They wouldn’t have to do it themselves. I’m pretty sure you can rent worker bees in China or whereever for such tasks (it’s done with mmorpgs afaik).

And high-quality back links attract top money. AFAIK sums paid can reach 4-digit numbers if only the page rank of the page where the link is placed is high enough.


(Lowell Heddings) #8

That is exactly right. I have been offered up to 5 digits for a single link before. But most of them want to pay for lots of links across different sites for 3-4 digits each, so anybody that has a lot of links to sell would be able to get some serious cash.

And considering what you can get people to do for pennies on Mechanical Turk or eLance or any of those sites… You could easily outsource the visiting the site part.

The big problem besides detection would be cleanup once you figured out that something was wrong. Almost impossible to figure out where all the links would be.


(Sam Saffron) #9

an admin report that lists all necro edits would be fairly simple to build.


(Kevin P. Fleming) #10

Wow… one year is far, far too long. I’m going to set this to 2 days on my site, and even that seems longer than necessary. If any post really needs editing beyond that point, a moderator or admin can do it on the poster’s behalf.


(Mittineague) #11

What’s the worse that could happen even if, say, edit ability was closed after 15 minutes?

A lot of “Oops, my earlier post should have been …” type of posts.

IMHO the only reason to have an extended edit time is to give members that have had posts hidden due to community flagging an opportunity correct their error,


(Bill Ayakatubby) #12

…in which case there should be special handling for those posts anyway. It’s possible for a post to be flagged at any time, so the author should be given the opportunity to revise the flagged post no matter how old it is.


(Lowell Heddings) #13

Well, there is one reason to allow people to edit posts longer: Community style how-to or wiki posts that get updated frequently (check any tech forum) But… I just learned that there is a little-known wiki post feature. I haven’t tested to see whether that is affected by the edit window, but that problem could be fixed separately.

I’m going to change my edit window to be even shorter, because you guys are right.

But… that doesn’t change the fact that the default settings are to allow editing for a year, nobody knows when those edits happen or contain links, and those links can be given SEO follow as well. It’s not a good situation and that part still needs to be tackled.


(cpradio) #14

From my testing (very brief testing), it isn’t affected by the edit window restrictions.

Very true.


(Mittineague) #15

I think this would work well enough, though it might be better as a Mod thing instead of Admin-only.

I think @HAWK might appreciate that.


#16

[quote=“Mittineague, post:11, topic:19373, full:true”]
IMHO the only reason to have an extended edit time is to give members that have had posts hidden due to community flagging an opportunity correct their error,[/quote]
Simple enough to fix. Instead of

canEdit = (delta(creationTime, now) < 15mins)

make it

canEdit = ((delta(creationTime, now) < 15mins) || (postIsHidden))


Posts hidden via flagging cannot be edited if beyond the maximum edit time limit
(Jeff Atwood) #17

One thing that is on our list is to enhance this a bit to:

  • Likes must be received on (n) different days, where (n) is 1/3 the number, e.g. 20 likes across 7 different days

  • Likes must be from (n) different users, where (n) is 1/4 the number, e.g. 20 likes from 5 different users.

@neil can you make sure this gets done before 1.01 release?

The idea is to give users agency over their posts and allow them to control and revise them. But I am open to shortening the default a bit in the name of safety, so I’ll cut this to 6 months. Done!

It’s going to be very, very hard to get leader (and thus SEO follow) in an exploitative way with the Like requirement changes I described above. Remember you also lose leader status if you don’t keep this behavior up for every last 100 day period!

Edits-per-day is already rate limited to prevent ragequitting – someone who gets angry and decides to edit all their posts to :poop::poop::poop:

Anyway, just changing the global edit interval is easy enough and I think that’s your best fix at the moment @geek.

But there’s nothing stopping a user from drip-feeding changes one per day, these kinds of slow, methodical “attacks” from within are very hard to stop… if you want to attack a system, and you are the world’s most patient person, that’s a tough combo to beat.


(Rikki Tooley) #18

How hard is it going to be to get TL4? :stuck_out_tongue:


(c-i-p-h-e-r-1) #19

Not really. All you have to do is have

Then you set up a PM between your main account and your puppets. Each account posts to the PM each day, and likes the posts made by each of your other accounts every day. Assuming someone really wanted to manipulate the system to get SEO following, they set up 6 accounts, and now each of those 6 accounts is getting likes from 5 different users each day. Those 6 accounts now reach the likes limit for TL3 within 4 days, and can maintain it without any help from anyone else indefinitely.

And let’s say that you block likes from PMs. Then you just make an on-topic post from each of those accounts in some random topic, and make sure to like those posts with your 5 other accounts.


(Jeff Atwood) #20

Good point about PM likes. I had not considered that.

Still, that’s a lot of work and it has to go on forever, for every 100 day period from this point until eternity.

What spammers are going to jump through all those hoops?


Reply to topic without bumping it to the top