Question

Recent Spam Attacks on the Community


Userlevel 7
Badge +26
  • Retired Community Manager
  • 12372 replies
Our apologies everyone, the Community is currently under attack by a group of very dedicated spammers creating new accounts and posting about technical support.

We’re working with our partners to prevent this in the future and are watching to remove them as quickly as we can. We recommend not calling any of the numbers or visiting any website linked from any of these posts.

Please pardon the clutter.

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

337 replies

Userlevel 7
Badge +26
By now, many of you will have noticed an extended weekend without seeing a single spam message. As of last Thursday, the most effective of the tools we’ve had in development was put into place. This is a learning filter which checks each post before it goes live and will put it in waiting if it’s flagged as spam. Then a moderator will check it in person and see if it’s good or not.

This has been a long process and I want to thank everyone for sticking with us. I know it has been frustrating. The biggest issue here is that we’ve been targeted by people who actively were creating accounts, posting spam, and even changing IP addresses as we banned them. Never before as any of our other communities been subjected to an attack of this sort, so we haven’t seen how those platforms could have stood up against this one. The same group has also targeted other communities as well and will likely move on to focus on others now.

We’ve worked with InSided and put a number of solutions in place. I wanted to let you all know the work that went on behind the scenes here as we fought off the attack.

First off, there was a regex filter for sweeping posts that had phone numbers in them. This was effective until ways were found to circumvent the filter.

We also built in an email verification step where each account had to be confirmed through email before it could post on the community. Along with that, InSided built a blacklist of the temporary domains that the spammer’s favored. This worked well, but some domains couldn’t be blocked as they could create accounts on legitimate websites too; we’ve banned several gmail accounts for example.

With these measures in place, the spam was slowed but not stopped. We had moderators working around the clock, including some outside help provided by InSided for during hours we weren’t available. It only took a few minutes sometimes for the spam to fill up the most active threads pages so we were constantly trying to be on top of it.

Finally, InSided helped us build and implement the spam filter I mentioned. This was a big undertaking for them and we are thankful they were able to put aside other development and assist in getting it live. So far, it’s been very effective, but we’ll continue to monitor the community and have a few other solutions as well on the back burner just in case.

Again, our apologies for the mess and the delay. We believe this saga is now behind us but will remain vigilant. Thanks for sticking with us and if you have any questions or concerns please let us know.
Sonos, please replace InSided with a competent company! After a month of their complete inability to resolve one of the most basic issues that any other forum software can fix in minutes, you surely can't still believe their slick marketing! They are pathetic. I hope you haven't signed a multi year contract with them...
I believe that it is here to enhance their customer support, and at the same time reduce their support costs. ie. by harnessing the unpaid labour of customer volunteers.

It's a brilliant system - disgruntled customer posts about their dissatisfaction and the fanboys jump all over them... No need for Sonos to defend their decisions - it's all done for them, and much more aggressively than Sonos would do themselves. When it gets too nasty, Sonos step in and delete a few posts, etc, but never have to actually defend themselves against the original criticism.
Userlevel 5
Badge +7
I believe that it is here to enhance their customer support, and at the same time reduce their support costs. ie. by harnessing the unpaid labour of customer volunteers.

It's a brilliant system - disgruntled customer posts about their dissatisfaction and the fanboys jump all over them... No need for Sonos to defend their decisions - it's all done for them, and much more aggressively than Sonos would do themselves. When it gets too nasty, Sonos step in and delete a few posts, etc, but never have to actually defend themselves against the original criticism.


Well I have been a victim of the fanboys on this forum myself but I notice that recently even a few of the fanboys and gals are expressing some frustration. There is just one guy I swear is on their payroll. Sets about annoying everyone who offers criticism no matter how constructive.
Userlevel 6
Badge +16
We're on it? Seriously...
Put all posts from new users in moderation queue, don't allow any additional posts from that user until out of moderation.

Put in place a very, very basic spam filter that looks for any sequence of characters with 11 digits inside, starting with 1 and 8.

ANY decent forum software has these things built in, and should take an hour or two, at most, to turn on. InSided has got to be the least competently written piece of forum software in existence if it can't do these basic things. A look at their slick marketing shows that yes, they offer much more than a forum, which no doubt played into Sonos choosing them, but boy howdy, I'd be hopping mad at them if I were the guy who made the decision to go with them!
Userlevel 6
Badge +16
Is anyone applying any filters or measures at all?
People have been asking that for weeks now. So I guess the answer must be: 'No'.
Are we watching Sonos become Bose? A great engineering-driven company being taken over by marketing? That would be sad.
@Majik I was following until you state the user "was asking for it". Talk about childish and self important tripe.
The older forum did get a bit of spam too, I had admin back then myself towards the end of it and helped a bit there. But the amount of spam that tried to come in was much lower. Part of that is because of our success here. Sonos has become a much larger company, and cause of that, our sites have become much more popular. With increased eyes on it, the community became a bigger target for spam. No point in spamming a community of a couple thousand.

We'll keep working with our partners to try and improve the filter and the community in general. We know it can be frustrating, it is for us too.

Ryan, nice try.

I did say "visible spam to users" in my post, not no spam, and I don't think that Sonos wasn't already a large and successful company a year ago or so, when the old Forum was still in use. With more than a couple of thousand members in its last few years of existence. Further, I am also a member on a forum that uses V Bulletin even today, and has close to a 100,000 members, and up to 10,000 active at a time, where I never see any spam.

From what I have noticed in the last five months, Insided is either unable or unwilling to take on board many suggestions that the "retired" forum administrators and some users with relevant experience have offered you, for free, on this thread. Which begs the question on why Sonos has chosen them for partner, a question that any senior management that takes its marketing collateral and user convenience seriously ought to be examining with some urgency.
Userlevel 2
Badge
i used to run a forum and like here we used to get a barrage of spam, it got to the level we are seeing here so I implemented moderator approval for the first 5 posts on the board. This stopped the spam dead in its tracks. The spammer cannot be bothered to make useful posts before ambushing the board and move on.
Userlevel 4
Badge +8
XenForo would get my vote. One of the best tech forums, MacRumors, uses this platform. Some of the Sonos staff might want to take a look:
http://forums.macrumors.com
So the thread title has changed from "Recent Spam Attacks - We're on it". At least there's an acknowledgement that InSided simply isn't.

In terms of expected board features this platform has IMO since inception been less than fit for purpose. The inability to counter this attack -- other than by throwing the bodies of Ryan and his valiant chums at it for two weeks -- only reinforces that impression.

Ryan, there should be no shooting of the messenger here, but if you and your colleagues can't rattle the cages with the powers-that-be over this lamentable choice of software who can?
Userlevel 7
Badge +26
Ryan, there should be no shooting of the messenger here, but if you and your colleagues can't rattle the cages with the powers-that-be over this lamentable choice of software who can?

The team and I appreciate the support, in this situation the right people know already.
With this platform the apparent emphasis on style at the expense of substance suggests that the marketing and branding folks could well have had the upper hand.
That is what I thought; and the same set could also be driving controller looks and features now, as well as product development. That was the source of my expressed concern, fuelled also by the recent playlist management issues caused by 6.4.
It's pretty ridiculous. I supplied some suggested regular expression filters a while back, which would cope with a pretty high degree of obfuscation of phone numbers. The current wave barely disguises the numbers at all, and would be easy pickings.

InSided might be working on things, but any progress is painfully slow and invisible thus far at forum user level. The simple fact that they have to retrofit such a filter underscores the immaturity of this 'home-grown' forum platform.
It's pretty ridiculous. I supplied some suggested regular expression filters a while back.
You can only take the horse to the water...
Userlevel 7
Badge +20
And another day of Spam. How can Sonos allow this to prevail, it tarnishes your brand and will put off new customers.
I suspect your answer is in your final sentence. The focus seems to be mainly on v7.0 Public Beta.

I'd imagine it's unlikely to be the same people dealing with those two items...
Janitor call again! This is beyond ridiculous.
This just re-enforces our feeling that the Americans couldn't give a STUFF about us foreigners!..
LOL....see the BCM post after yours for why.

The real situation is the Sonos couldn't give a STUFF about this community.
Userlevel 6
Badge +16
The real situation is the Sonos couldn't give a STUFF about this community.
Based on what's been happening in this community/forum over the last few months I tend to agree.
Userlevel 4
Badge +8
What Sonos seem incapable of grasping is that this forum isn't hidden away in some dark corner of the Internet. It's part of the main Sonos site, part of their shop window. I dread to think what impression this leaves in the mind of a first-time visitor.
I'm sure that many of us here have been using internet forums of all different types for many years - I have never seen one in this state before. A number of people here expressed concerns about the new forum software, but I doubt that even the most pessimistic imagined that it could possibly be this bad.
What Sonos seem incapable of grasping is that this forum isn't hidden away in some dark corner of the Internet. It's part of the main Sonos site, part of their shop window. I dread to think what impression this leaves in the mind of a first-time visitor.
I agree.
Sonos = ostrich with the head buried in the sand, ass exposed to the world. All the way up to the President, because he is also in blissful ignorance. I know, from an email he sent me.