Beware of Disqus!

Disqus will continuously load garbage requests in the background of any page its on!

Update 9/7/2017 — Response from Disqus:

Hi there, I’m Danny from Disqus. Thanks for surfacing this issue and we sincerely apologize for the poor experience. This is not a normal experience on Disqus and is certainly not the experience that we strive to provide for our users. The excessive requests were a result of abnormal and errant behavior from one of our advertising partners and were absolutely not an attempt to sell fake ad impressions. We have paused that partner across our network and are actively working on ways of pro-actively stopping this type of behavior.

Prompt response from Disqus. What I don’t get is how a rogue advertiser was able to either inject some code or initiate some kind of redirect to a server that did this. Highly disconcerting nevertheless. Read the rest of their reply here.


My coworker first noticed that one of our WordPress sites would continuously load stuff in the background for no apparent reason. The network tab in chrome would keep going, and the request counter would keep going up and up. Pretty soon, the browser has hitting over 1,000 requests and megabytes of useless data. Other pages didn’t exhibit this issue, namely archive pages or our home page.

We reduced the problem to Disqus, the plugin that provided additional features in the comment section. The free version of Disqus would show several forms of advertising on one page, but it also continuously loads requests in the background as long as the page is open. This is insane. Within a minute of opening a page, the client exceeds 1,000 requests with megabytes of useless garbage.

Here’s a video of it in action:

Some URLs that Disqus is hitting:

These look suspiciously like domains that belong to affiliate marketers / ad networks.

Sample of one of the headers:

Update 9/7/2017 — According to Disqus’ rep, one of their advertisers went rogue and initiated this.

Ah, ha. So it looks like Disqus is selling garbage ad impressions on some ad networks or maybe through their own advertising solution? I don’t know, but it’s really shady. I imagine they’re mixing in actual banner traffic with this bot traffic and selling it like it’s 100% bona fide legitimate traffic, but who knows? I sure as hell wouldn’t touch their ad network with a 1,000 foot stick after seeing this.

“most engaged users”

Make what you will with this. I’d advise you look at your own site to make sure your users are not being flooded by ads on pages that have Disqus enabled, even if you have the paid subscription. For me and the sites I work on, I’m advising everybody to get rid of Disqus and we’re currently in search of a more honest commenting solution.

After ten minutes of the page being being opened, 5,504 request, 31.5MB loaded. This is insane.

Addendum:

Here are some comments from around the net about Disqus’ shady practices. I can’t substantiate these claims, take them how you will.

  1. Disqus appends their own affiliate link to your comments.(Comment by Kieloo) https://wordpress.org/plugins/disqus-comment-system/#reviews
  2. Link hijacking on by default. https://disqus.com/home/discussion/channel-discussdisqus/disqus_reveal_affiliate_links_on_by_default_bad_for_seo/