There is bunch of spam users posting spam amazon links on our forum. I have set up watched words to catch those amazon links, however, it didn’t work. Then I did a deeper research, and I realized how they got away: first, these spam users post a normal reply, and the after a few minutes, they edit the reply and add a spam amazon link! The editing didn’t trigger watched words! I believe this is a bug in Discourse. Can you fix it?
2 Likes
I tried adding a watched word to an existing post on my local but it correctly replaces the word.
Can you give us a concrete example with a link that should have been removed and a screenshot of your watched words settings?
3 Likes
Thank you! See this spam post for example: 分期付款对信用分的影响 - #3,来自 briane - 信用分数 - 美卡论坛
And this is our watched words setting:
Your watched word is t.co/ and the link in the spam post is https://t.co/rX42eIcsjD so it should trigger watched word. But one thing that could probably be causing it not to trigger is that the link is visibly looking like the following, so probably the watched word setting is applying to it instead of the t.co/ one.
Will look into this further.
1 Like
Thanks. The following is the exact reply copied by our admin account, and i hope this can help your study:
谢谢分享~ 说到apple,apple airpods pro耳机在30% off,link: www.amazon.com/dp/B09JQMJHXY ,
这种价格怎样?
I’ve changed the title to reflect the issue better. Nothing in the UI suggests you can’t use a URL as a watched word, but it doesn’t work currently. We’re looking into the this and will get back once we have an update.
Also I’m not 100% sure this is a bug. What say @JammyDodger ?
2 Likes
It’s a tough one to call. Is it a long-standing oversight, or asking something of the code that was never intended? I think it would certainly be a useful anti-spam tool if it could catch the link text as well, but obviously I lack the technical skill to know if that’s asking too much. 
1 Like
Hi, the title that you edited does not reflect the problem. I have verified again today: if the user post the link directly, the watched word works on url. The problem only occurs when the user post something first, and then he edits the reply. The editing and saving process won’t trigger the watched word feature.
See above. The problem is not about whether the watched word works on url. The problem is when user edits his reply the watched word feature is not working.
Here’s how to repeat the bug:
Add “thisisjustatest” to the list of watched word.
Use a non-admin user, post a reply with “thisisjustatest”, then the watched word is triggered.
Use a non-admin user, post a reply with other words first, and then edit the reply to add the word “thisisjustatest”, then the watched word will NOT be triggered and the user will be able to add this word to the reply successfully.
1 Like
I have given it a go. 
- Added
thisisjustatestto Blocked watched words - Used TL2 test user to post
This is a reply - Opened post in edit mode still with TL2 test user
- Pasted in
thisisjustatestalong with the existingThis is a replytext - Edit
- The watched words successfully blocked the edit
- Repeated test with
editing grace periodset to 1. Same outcome
However, when I tried to put (I forgot to add the wildcards t.co/ in the Blocked watched words and use the TL2 test user to post the spam 谢谢分享~ 说到apple,apple airpods pro耳机在30% off,link: [www.amazon.com/dp/B09JQMJHXY](https://t.co/rX42eIcsjD) , 这种价格怎样? message it would let me post it first time, with no need to go back in for an edit. 
)
Have you tried to post that link yourself on your own site? And did the thisisjustatest test work for you? If so, have you any other details you can give so I can get the same result on my test site?
1 Like
I did the same test and a trust level 1 user can add “thisisjustatest” without any problem by editing. Specifically, I have put “thisisjustatest” in the “require approval” type in the watched word. Maybe this is a difference between our tests?
Yes, this is the difference. I tried to add “thisisjustatest” to the “block” type in the watched word list, and editing will be blocked if the new reply contains the watched word. However, “require approval” type watched word does not work on editing.
1 Like
When the trust level 1 user post this message directly, the watched word works correctly and send the message to the admin to approve first: " 谢谢分享~ 说到apple,apple airpods pro耳机在30% off,link: [www.amazon.com/dp/B09JQMJHXY](https://t.co/rX42eIcsjD) , 这种价格怎样?"
It only becomes a problem when the user edit an existing post.
I think for my own specific problem, I can just move the watched word *t.co/* from “require approval” to “block” in the watched word list.
However, I still think it is a bug that editing can bypass the “require approval” type of watched word. It depends on you whether you want to treat it as a bug and fix it, or leave it as is.
1 Like
It appears I forgot to put in the wildcards for the t.co/ test. Running it again with *t.co/* does indeed block the spam link first time as intended.
But I think you’ve found the difference. Approval is different to Blocking, though I appreciate there’s a case for some kind of supervision of the edits as well as the initial posting. I’m not sure that’s a bug as such, as I think it works the same as the other topic/post approval methods? It would be a good addition though.
1 Like