Question

Recent Spam Attacks on the Community


Userlevel 7
Badge +26
  • Community Manager
  • 12079 replies
Our apologies everyone, the Community is currently under attack by a group of very dedicated spammers creating new accounts and posting about technical support.

We’re working with our partners to prevent this in the future and are watching to remove them as quickly as we can. We recommend not calling any of the numbers or visiting any website linked from any of these posts.

Please pardon the clutter.

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

337 replies

Badge +3
@John M. However the Korean spammers may adapt their tactics, clone legitimate posts, use new English words etc, every spam post contains Korean characters. It should be possible to detect the presence of Korean characters anywhere in a post and auto delete it. I believe @ratty even provided a line of code to do this.

This is one of the more drastic options I alluded to in my last post. While blocking an entire character set isn't ideal, this is an English language forum so the legitimate need for posting in other character sets should be minimal. We made the decision to implement the block today and InSided pushed the fix a few hours ago.

So far so good, we haven't seen any new spam since the change went into effect. We're monitoring closely.
Userlevel 7
Badge +19
And here they come again. Tiresome!
I believe @ratty even provided a line of code to do this.
That was a suggested regex for thinly disguised phone numbers (which would have needed to be tweaked a bit to take account of later changes).

But, as I've said elsewhere, if the spammers have the objective of conveying a specific piece of information there's a limit to how much they can mangle it before the search engines fail to pick it up.
@John M. However the Korean spammers may adapt their tactics, clone legitimate posts, use new English words etc, every spam post contains Korean characters. It should be possible to detect the presence of Korean characters anywhere in a post and auto delete it. I believe @ratty even provided a line of code to do this.

I appreciate you have to be careful about showing Sonos' hand, but it seems puzzling that this is so difficult to stop. Do you happen to know of any other tech forum of similar standing that has failed to deal with these attacks?
Userlevel 6
Badge +3
And now the next stage, see:
https://en.community.sonos.com/setting-up-sonos-228990/i-have-6786642
Why are they spending so much thinking and effort on this? What's to gain? Surely it isn't Samsung?!
Sonos, just send all posts to moderation until poster count goes to double digits.


Hi Kumar, thanks for pointing this one out. I've removed the post.
And now the next stage, see:
https://en.community.sonos.com/setting-up-sonos-228990/i-have-6786642
Why are they spending so much thinking and effort on this? What's to gain? Surely it isn't Samsung?!
Sonos, just send all posts to moderation until poster count goes to double digits.
Whatever one may think of Apple, I can't see someone like Tim Cook tolerating this state of affairs in his company for 10% of the time that Spence has. It isn't even necessary to give the example of someone like Jobs. Heads may have rolled, but the problem would have been fixed in weeks if not days.
Userlevel 7
Badge +17
All I know is, that no other forum I have ever used has let attackers through like this one.
I'd just make the observation that cloning text from legitimate posts is far from new. The spammers did this back in the vBulletin days, to build post count with a view to squeezing past the auto-moderator.
We’re working on it.
For 6 months, with no useful outcome? Something is rotten in the state of Denmark, the bard would say.

Even a simple thing like having all new posters go for moderation would stop this right away. Instead, what you have done is have people with thousands of posts go there, while the latest invasion runs rampant and unchecked on your website.

If this is Sonos version 2.0 under Patrick Spence, the fate of RIM awaits.
Badge +3
Folks,

I understand that there’s a lot of frustration over continuing state of spam attacks and that we’re overdue for an update on how we’re responding to this recent spike.

Quick recap - following the implementation of the site-wide content filter this last year, the amount of spam directed here dropped considerably. We’ve had some one-offs and small runs that made it through the content filter via dictionary attacks (throwing unlearned words at the filter to falsely identify as a legitimate post) but the learning component of the filter is working well enough to shut down the majority of new spam.

Beginning last week, we’ve been targeted by a new group of spammers based out of South Korea, a similar situation to what we saw this last fall. The spam attack is a coordinated effort by a group of people that are adapting their tactics in response to ours. Over the weekend Sonos and InSided worked together as a crisis response team in order to stymie the flow of spam but unfortunately, they’ve adapted in response each time. I’m not going to discuss all the details openly, since as before we believe the spammers read our posts, but feel free to PM me if you’re curious.

A note: One particularly clever tactic these spammers are using is to copy text from real posts to sneak the spam content through, like a mask that throws off the filter. It’s had the short-term effect of making the filter overly aggressive towards legitimate content and we’re working to correct it now.

For the end-game, we’re not out of ideas by any means but we’re at the point where we need to weigh heavy-handed options against the effect it’s going to have on the usability of this forum (with the acknowledgement we must take more drastic action quite soon). In the mean time, we have increased the number of eyes on the community to make sure that spam is quickly deleted and doesn’t overwhelm our space here.

Thank you for your patience and please rest assured, we’re just as unhappy with the current state of spam here as you are. We’re working on it.
A fool's errand, in the western hemisphere at least. :8
Clearly the spammers get paid for their doing. Therefore the question arises why this forum is continuously under attack.
Possibly because, as a bespoke offering, it lacks the defences baked into off-the-shelf packages. The spammers will just look for the weakest place to lodge their search engine fodder.
Clearly the spammers get paid for their doing. Therefore the question arises why this forum is continuously under attack.
The superiority referred was driven by much higher engagement levels of the earlier moderators compared to that of the current lot, and its leadership.

Absolutely - but as I understand it the forum software was more capable, as well...
I found the old (very ably modded, IMHO) forum to be vastly superior to this current mess.
I doubt that anyone except the guns hired by Sonos Inc. thinks different and even if they agree with you, they have to abide by the party line as long as they are on the Sonos payroll. The superiority referred was driven by much higher engagement levels of the earlier moderators compared to that of the current lot, and its leadership.
And they seem to be back again...
And all from the same user this time, an easy target though it could trigger whack-a-mole. Someone's asleep at the wheel....

EDIT: Ah, the mole just popped up elsewhere. And the whacker is on the case.
And they seem to be back again...

Sonos - Isn't it about time you bit the bullet, accepted that you've made a mistake, and move to a decent conferencing system? This amateurish approach really does nothing whatsoever to enhance your reputation.

You also seem to be pushing your support load towards the 'community'. If that's the case, surely a reliable, well-run system is absolutely essential as a base.

I accept that only Sonos staff have access to diagnostic software tools and the diagnostics themselves, but to be honest I found the old (very ably modded, IMHO) forum to be vastly superior to this current mess.

Because Insided sucks at software development.

Does it take any skill at software development to set up a rule where every poster with less than say 10 posts, must be sent into moderation until the post count crosses 10? Seeing how even a stupid non techie like I can set up rules to manage my email, I don't think so. What is lacking is Sonos will and intent, pure and simple.
Why is it that every one of my posts goes to moderation, but the spam gets through? Why aren't the spam posts being moderated? Makes no sense...

Because Insided sucks at software development. Anyone with thousands of posts like you guys should get right through, while the spammers stopped at the border. Two pages of crap and counting as of this post. Unreal.
Userlevel 6
Badge +8
This spam situation is now past ridiculous. Sonos really needs to get different forum software.
No, nothing as devious or clever as that. Sonos management does not care because it cannot be bothered to, is all I am saying. [...]
Why do you believe the management (any management for that matter) would talk to strangers about domestic issues?
Why is it that every one of my posts goes to moderation, but the spam gets through? Why aren't the spam posts being moderated? Makes no sense...
No, nothing as devious or clever as that. Sonos management does not care because it cannot be bothered to, is all I am saying. This is well past being an Insided problem,
Are you suggesting that it's in the interests of certain individuals to allow the forums to be snowed under to such a degree that the 'problem reports per day' support metric is improved, by would-be posters taking one look and giving up?