Question

Recent Spam Attacks on the Community



Show first post
This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

337 replies

A fool's errand, in the western hemisphere at least. :8
Badge +3
Folks,

I understand that there’s a lot of frustration over continuing state of spam attacks and that we’re overdue for an update on how we’re responding to this recent spike.

Quick recap - following the implementation of the site-wide content filter this last year, the amount of spam directed here dropped considerably. We’ve had some one-offs and small runs that made it through the content filter via dictionary attacks (throwing unlearned words at the filter to falsely identify as a legitimate post) but the learning component of the filter is working well enough to shut down the majority of new spam.

Beginning last week, we’ve been targeted by a new group of spammers based out of South Korea, a similar situation to what we saw this last fall. The spam attack is a coordinated effort by a group of people that are adapting their tactics in response to ours. Over the weekend Sonos and InSided worked together as a crisis response team in order to stymie the flow of spam but unfortunately, they’ve adapted in response each time. I’m not going to discuss all the details openly, since as before we believe the spammers read our posts, but feel free to PM me if you’re curious.

A note: One particularly clever tactic these spammers are using is to copy text from real posts to sneak the spam content through, like a mask that throws off the filter. It’s had the short-term effect of making the filter overly aggressive towards legitimate content and we’re working to correct it now.

For the end-game, we’re not out of ideas by any means but we’re at the point where we need to weigh heavy-handed options against the effect it’s going to have on the usability of this forum (with the acknowledgement we must take more drastic action quite soon). In the mean time, we have increased the number of eyes on the community to make sure that spam is quickly deleted and doesn’t overwhelm our space here.

Thank you for your patience and please rest assured, we’re just as unhappy with the current state of spam here as you are. We’re working on it.
We’re working on it.
For 6 months, with no useful outcome? Something is rotten in the state of Denmark, the bard would say.

Even a simple thing like having all new posters go for moderation would stop this right away. Instead, what you have done is have people with thousands of posts go there, while the latest invasion runs rampant and unchecked on your website.

If this is Sonos version 2.0 under Patrick Spence, the fate of RIM awaits.
I'd just make the observation that cloning text from legitimate posts is far from new. The spammers did this back in the vBulletin days, to build post count with a view to squeezing past the auto-moderator.
Userlevel 7
Badge +17
All I know is, that no other forum I have ever used has let attackers through like this one.
Whatever one may think of Apple, I can't see someone like Tim Cook tolerating this state of affairs in his company for 10% of the time that Spence has. It isn't even necessary to give the example of someone like Jobs. Heads may have rolled, but the problem would have been fixed in weeks if not days.
And now the next stage, see:
https://en.community.sonos.com/setting-up-sonos-228990/i-have-6786642
Why are they spending so much thinking and effort on this? What's to gain? Surely it isn't Samsung?!
Sonos, just send all posts to moderation until poster count goes to double digits.
Userlevel 6
Badge +3
And now the next stage, see:
https://en.community.sonos.com/setting-up-sonos-228990/i-have-6786642
Why are they spending so much thinking and effort on this? What's to gain? Surely it isn't Samsung?!
Sonos, just send all posts to moderation until poster count goes to double digits.


Hi Kumar, thanks for pointing this one out. I've removed the post.
@John M. However the Korean spammers may adapt their tactics, clone legitimate posts, use new English words etc, every spam post contains Korean characters. It should be possible to detect the presence of Korean characters anywhere in a post and auto delete it. I believe @ratty even provided a line of code to do this.

I appreciate you have to be careful about showing Sonos' hand, but it seems puzzling that this is so difficult to stop. Do you happen to know of any other tech forum of similar standing that has failed to deal with these attacks?
I believe @ratty even provided a line of code to do this.
That was a suggested regex for thinly disguised phone numbers (which would have needed to be tweaked a bit to take account of later changes).

But, as I've said elsewhere, if the spammers have the objective of conveying a specific piece of information there's a limit to how much they can mangle it before the search engines fail to pick it up.
Userlevel 7
Badge +19
And here they come again. Tiresome!
Badge +3
@John M. However the Korean spammers may adapt their tactics, clone legitimate posts, use new English words etc, every spam post contains Korean characters. It should be possible to detect the presence of Korean characters anywhere in a post and auto delete it. I believe @ratty even provided a line of code to do this.

This is one of the more drastic options I alluded to in my last post. While blocking an entire character set isn't ideal, this is an English language forum so the legitimate need for posting in other character sets should be minimal. We made the decision to implement the block today and InSided pushed the fix a few hours ago.

So far so good, we haven't seen any new spam since the change went into effect. We're monitoring closely.