No real idea, but my guess is the company that provides the software for the forum has dropped the ball. It’s been almost unusable since Friday evening, and a fairly poor representation of Sonos to the general public. 

Probably someone found a security hole, sold it to spammers and they are piling on.

The forum software also has bugs that make finding and cleaning spam much harder than it should be.

The response of the Gainsight forum folks seems to be severely lacking too.

I've been asking Sonos to move to a decent forum vendor for many years now, they aren't listening... Again.

Slightly more worrying is how secure are our own systems if they can’t secure their own website… especially as there’s no opt out for making your speakers accessible over the internet. 

@Ian_S, The Sonos units aren’t accessible over the internet; unless you messed around with your router’s settings.

The Sonos community is powered by Gainsight (former Insided). It’s on this contractor to prevent spam and suchlike; unfortunately, they seem to have been busy for years introducing new bugs instead of fixing old ones.

So how does play.sonos.com access my speakers then from outside my WiFi? I have done nothing to explicitly open up my router for that, Sonos decided that being able to control speakers you can’t listen to from anywhere a thing. 

And I don’t care who Sonos may or may not subcontract parts of their system to and why should I? 

The apologism on here really does plumb new depths. 

I’ve seen posts saying this spam issue has gone on for years. I wonder why they continue to use this if this is true? 

It’s been asked dozens of times and there’s never an answer.  The same with search giving posts instead of threads, search by poster, search by date, search anything.  Proper formatting.  No testing in production, etc., etc., etc.

I’m surprised to be fair that they haven’t just told everyone here to foxtrot oscar over to reddit and pay them to host it. 

In the same way any cloud service does (be it Spotify Connect, Amazon Alexa, Google Assistant or your Smart Home Provider). Fetching requested content from a streaming service you’ve subscribed to requires an internet connection as well. Doesn’t mean the Sonos units are accessible over the internet.

Sonos added 4 new employees to their r/sonos team a week or 2 ago so its got their attention for sure. 
 

Prior to the web controller if my Sonos account was hacked could my speakers be accessed by the hacker from the Internet? I don’t think they could but please correct me if I’m wrong. 
 

@BMZ, The Sonos account has been associated with the Sonos cloud for years. Ever since it has become mandatory to sign into the account in order to access ‘room settings’, ‘search for firmware updates’, and the ‘add products’ section in the iOS / Android app. Sonos has prepared / worked on the move from UPnP to Cloud since the introduction of Spotify Connect.

Who mentioned streaming? If I go straight to play.sonos.com from an internet connection that is not my WiFi, using a laptop, I can see all the speakers in my system from anywhere. I can even browse and play from my local library, which is hosted on a NAS. Given that the initial request is not coming from a local device that is then fetching content, I fail to see how you can claim that Sonos haven’t made internet access to all speakers possible. 

Personally I think that facilty should be user configurable and we should able to disable that un-asked for remote access. Given Sonos’ recent track record on software development and even worse, testing, having my equipment opened up for remote access without my permission is not on. 

EDIT: And I can’t think of any compelling use-case for accessing speakers that you need to be in the same room as to listen to from anywhere on the planet with an internet connection. 

While not a common request, there are a few use cases over the years that made some sense.  One was for remote control of things like hotels, an elderly parent’s home, tenants in a BnB, etc.  The other was to be able to turn off alarms or any other automation if you forgot to do it before an extended absence.

Then again, what this tangent has to do with the spamming of forum software, I really don’t know.  But continue on your quest to make every thread on this forum about the crappy release. 

@Ian_S, Because a properly configured router is not accessible over the internet. Your Sonos gear has been set online through your Sonos account since the advent of S2, which is mirrored in the Sonos app under “About My System” as “Status: Connected” (see image ; vs. “Offline”).

See this example for what can happen to improperly configured networks.

Nothing described in that discussion is ‘normal’ behaviour. Putting stuff in a routers DMZ, turning off DHCP on the router, or misconfiguring your router with public addresses are clearly nothing to do with Sonos making your speakers remotely accessible. You are attempting to confuse to try and defend your assertion that your speakers are only remotely accisble if you the user have been stupid. 

Yes S2 started the trend, although the ‘online’ status was laughably unreliable, but it’s the more recent play.sonos.com effort that is more concerning. 

I have a Synology NAS which I can choose whether or not you can access it remotely (without the use of your own VPN). 

My network is perfectly well configured, I did not give Sonos any permission to open up remote access to my speakers from outside my home, yet here we are. And it is access to my speakers, as the controller apps are not always on or started, only the non-portable speakers are. 

I could block sonos.com, however in the new world this makes the app even more unusable and tedious than it already is. 

And yes, I do feel like I’m being forced off my own system that I paid good money for in good faith. Local library usage is still painful. Sonos have nearly succeeded. After almost 6 months of perseverance, my patience is running out, and instead of upgrading my Sonos equipment (I’d already replace two Connects with Ports this year pre-May) I’m now looking for something that can replace Sonos. Even if it’s multiple systems I’d rather take that pain than the being fed up with basic tasks still being overly lengthy (browsing the local library), or even still absent (playlist creation). 

In 15 years Sonos have turned many from advocates into staunch critics and active adversaries. IF anyone asked me now should they get any Sonos equipment, unless they just wanted one speaker to use from Spotify I’d tell them to buy anything else. And if they wanted to listen to their own music I’d say it was the worst system you could currently invest in. 

Again, nothing about spamming of the forum.  But I understand  . . . it’s not like there are 3,000 other threads about the bad release you could post in. 

 Wow!  Sonos Community site hijacked again!

Yup, another spam day on the forums. Simple things like “no links can be posted from new accounts” would help.

Two days ago two of my postings incorporated links to Sonos support articles(!) Both postings got marked as Spam -- “Waiting for moderator approval”. 

Typically, I think that moderators work EU and UK business hours.

Agreed - this forum is getting bombed at a rate of several posts per minute with material which (I think) tries to take you to a site to install malware on your computer.

Sonos needs to instruct Gainsight to change the config so that new posters can’t post links for 10 days (or something similar), until this attack subsides. The attack is almost certainly scripted to run automatically, so it costs almost nothing for the attacker to do - so it won’t just “go away” if Sonos do nothing.

Expecting Gainsight to do more than cash checks and make promises is likely an unrealistic expectation.

Probably not even that outside office hours.

Eventually they will patch things and limp along until the next issue.

In fairness to Gainsight, it should not be down to them to make the decisions about things like this - it should already be covered by the terms of the contract between Sonos and Gainsight.

Any professional organisation would have thought in advance about possible problems that might arise during the operation of a service like this, and would have built in terms to provide control over this type of abuse.