Opened 4 years ago
Closed 4 years ago
#5497 closed defect (bug) (fixed)
Flag threads with 'dofollow' link attributes for spam review
Reported by: | jonoaldersonwp | Owned by: | dd32 |
---|---|---|---|
Milestone: | Priority: | high | |
Component: | Support Forums | Keywords: | seo spam |
Cc: |
Description
Forum threads where links have been added which contain a dofollow
value in the rel
attribute - like https://wordpress.org/support/topic/clash-of-magic/ and https://wordpress.org/support/topic/clash-of-clans-mod-apk/ - should be flagged as spam, and temporarily hidden/archived, pending moderating review.
Despite us procedurally adding a nofollow
attribute, these types of threads are being created as a crude type of SEO tactic on behalf of the linked-to sites.
NB, https://wordpress.org/support/topic/clash-of-clans-mod-apk/ alone received ~4.4k visits from Google in the last month.
Change History (8)
This ticket was mentioned in Slack in #forums by carike. View the logs.
4 years ago
#3
@
4 years ago
The Akismet folks are investigating. It sounds like they'll have a solution shortly.
We should still strip out those links. Searching the forum for other examples would probably be fruitful.
#4
@
4 years ago
- Owner set to dd32
- Status changed from new to accepted
I went digging and found several examples, many flagged by the moderation team.
We run a variant of wp_rel_ugc() on the forums but that doesn't remove the dofollow
flag that's in there.. The variant we run was because wp_rel_ugc()
didn't yet exist.
It looks like the core wp_rel_nofollow()
& wp_rel_ugc()
needs to be enhanced to remove dofollow
.
Both core and the forums variant relies upon wp_rel_callback() which doesn't have the ability to remove rel pieces, so I guess we'll probably have to end up inlining that function into our custom one to remove the dofollow item.
All in all, this is not a WordPress.org-specific problem, and a core ticket should be made. We can workaround this on W.org through akismet spam protections, but we might as well also write the code and submit it to core.
#5
@
4 years ago
Actually, I'm tempted to suggest this can be closed as invalid if Akismet treats it as spam.
The HTML spec doesn't support a dofollow
rel attribute, even if one is present, we add a nofollow ugc
value to it as well. I can't find any references to it being supported by any major search engine either.
This has lead me to think that those who specify it in spam are attempting to bypass bad link filters that skip adding a nofollow when there's already a rel
attribute, the presence of the value doesn't actually affect anything.
#6
@
4 years ago
We're at risk of getting a little off track here.
The issue isn't that rel 'dofollow' is present, or harmful. The issue is that we've failed to identify these example threads as spam, when the presence of this attribute is an extremely strong spam signal.
Agreed that the assumption by the attackers here is that "dofollow + nofollow" cancel each other out in some sense. This obviously isn't the case.
I'm nervous about us removing arbitrary rel properties when there might be valid use cases for them.
#7
@
4 years ago
Akismet should catch these for us in future. It's not a 100% black & white issue, since someone might innocently paste some code asking for help.
#8
@
4 years ago
- Resolution set to fixed
- Status changed from accepted to closed
I'm nervous about us removing arbitrary rel properties when there might be valid use cases for them.
I can't see that being the case in user-submitted content :)
I've reviewed most of the rel=dofollow
threads and over half of them were detected as spam, I've reported another bunch of recent ones as spam so I think we can consider this fixed.
Did the
dofollow
attribute remain in the final output? We should certainly be stripping that.Flagging these seems like Akismet's job.