SitePoint Sponsor

User Tag List

Results 1 to 25 of 25
  1. #1
    ********* Articles ArticleBot's Avatar
    Join Date
    Apr 2001
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Discussion thread for Sabotage! Coping With The Joe Job

    This is a dedicated thread for discussing the SitePoint article 'Sabotage! Coping With The Joe Job'

  2. #2
    Anonymous
    SitePoint Community Guest
    Great information. I hope I never need to use it!

    Thanks,
    Dotty

  3. #3
    Shiny Content! Pandrogas's Avatar
    Join Date
    Feb 2002
    Location
    Bozeman, MT
    Posts
    151
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Not a bad article. Though I've only known of this happening at a couple of places.

    Good defensive measures and pointers though.
    Matthew Gowdy---AKA---Pandrogas
    SeerNET: Various Geekery All Around

    Contact Information: E-Mail - AIM: Pandrogas

  4. #4
    Anonymous
    SitePoint Community Guest
    Another worthwhile URL resource is:
    http://spf.pobox.com

    It provides hope for stopping joe jobs (and is starting to get widely implemented). Basically you input valid IPs of e-mails which originate from your domain in it's DNS recrords. SMTP servers will check to see if the sender IP is valid based on this DNS record, and if it is not it will reject the e-mail.

  5. #5
    SitePoint Member DJD's Avatar
    Join Date
    Feb 2004
    Location
    Frankfurt am Main/Germany
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Red face

    Are there any information about some defensive methods for germany? or europe?
    does anyone has experience with that?

    Greets

    DJD

  6. #6
    The knight who said ni! RockyShark's Avatar
    Join Date
    Apr 2003
    Location
    Rockhampton, Australia
    Posts
    701
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've never heard of that happening before - that really sucks! Interesting article with some good advice. Knowledge is power.

  7. #7
    Anonymous
    SitePoint Community Guest
    Great article, very useful information.

  8. #8
    SitePoint Member
    Join Date
    Sep 2003
    Location
    Las Vegas, NV, US
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    One of my sites was joe jobbed, but not maliciously attacked as descibed, the domain was simply used as a from address to send out various spams, from herbal viagra to Paris Hilton stuff.

    The spam itself was coming from zombied computers, the headers indicated DSL lines, cable modems and computers connected to college networks.

    I sent every bounce I could to spamcop and this slowly got the zombies shut down, in the end it seemed like a sloppy automated operation rather than a malicious attack.

  9. #9
    Anonymous
    SitePoint Community Guest
    Great article. I went through this a few years ago and had to figure this all out by myself. Keep this page here forever, so future victims can follow the steps without having to learn via N.A.N.A.E. Thankfully I did know about that group, and Joe Jobs were a fairly new thing then so N.A.N.A.E members where interested and helpful.

  10. #10
    Anonymous
    SitePoint Community Guest
    Great article.

    One correction: Some Recieved: headers can also be forged, namely those of servers before the first server of the recipient. A clever attacker might include a server of the victim as part of the forged headers his servers send.

    The first server of the recipient will typically include the IP address of the sending server, and that *one* address the only reliably information.

  11. #11
    SitePoint Guru hurtdidit's Avatar
    Join Date
    Oct 2001
    Location
    North Dakota
    Posts
    627
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cothrun
    One of my sites was joe jobbed, but not maliciously attacked as descibed, the domain was simply used as a from address to send out various spams, from herbal viagra to Paris Hilton stuff.
    This is exactly what has just started happening to me this week, and each time the sender's address was a different one, but each from my own domain. This is causing me a lot of headaches with bounce-backs and irate victims, but there doesn't appear to be a heck of a lot I can do about it.

    Cothrun, you said reporting to SpamCop eventually helped? Did you use the "investigate" option as described in this article? I don't want to accidentally report my own domain as being the spammer!

    Thanks for this article, I know we can't be the only victims of this ruthless and unscrupulous tactic. I so wish I could meet face to face with the fellow who is amusing himself at my expense.

    "A small group of thoughtful people could change the world.
    Indeed, it's the only thing that ever has." --Margaret Mead

  12. #12
    Anonymous
    SitePoint Community Guest
    Excelent article. I see that you write from expirience from your point that the authourities can't do much, except prevent (secondary) civil and criminal punishment.
    However; I must disagree with your statement that with IPs an offending machine can be stopped. From my expirience large american ISPs will not only absolutely refuse but actually attack, threatean and bully anyone not using the voice of a 'professional' or business.

    It is my belief that a they prefer a few dollars form an abuser to obeying the law.

    ^ - -^ As for me; I'm a student, not yet a big enough threat to make the authourities do thier duty..

  13. #13
    Anonymous
    SitePoint Community Guest
    spamcop.net is the original spamcop site. spamcop.com is a commercial copycat and a cheap wannabe.

    Anyway, some spammers buy their own blocks of ip addresses, thus reporting spam to the contact information for that block of addresses will only give them a good laugh.

    Reporting to spamcop.net is a different story altogether since the ip addresses that the spammers are sending from will be blacklisted.

  14. #14
    Anonymous
    SitePoint Community Guest
    This has been extreamly neat i took great interest in reading this article and have had it bookmarked.If/when i ever start my site (if/when i get the cash) i'll be sure to have this system ready for use! :D

  15. #15
    SitePoint Guru hgilbert's Avatar
    Join Date
    Dec 2004
    Location
    London
    Posts
    839
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    scary
    and makes anyone cringe with revulsion
    at the low tactics.

    most often than not - whoever attacks you
    knows you more personally than you'd ever imagine.
    it is sad but often true.
    either an old "friend", or relative, ex-business partner or even his wife.

    some believe revenge is sweet
    but exposing that double-faced attacker
    - that is even more so.
    shaming comes down as a tonne bricks
    - as the one and final terrible blow.


  16. #16
    SitePoint Guru hgilbert's Avatar
    Join Date
    Dec 2004
    Location
    London
    Posts
    839
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    damn that wasn't suppose to rhyme! lol


  17. #17
    Anon
    SitePoint Community Guest
    Excellent article. Clear and precise with easy-to-follow steps. Thanks.

  18. #18
    Anonymous
    SitePoint Community Guest
    I don't have a website, but I do have a
    domain name. It has been used repeatedly by
    spammers. I the receive bounce messages most
    days, sometimes hundreds of them. Since I
    don't have a site, I'm not equipped to post
    a spam information page. However, it is good
    to see a detailed description of response
    plan. Thanks for a very useful article!

  19. #19
    SitePoint Enthusiast
    Join Date
    Feb 2003
    Location
    Vancouver, BC
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am currently geting hit hard by this. Just followed the steps in the article, so hopefully it helps, but I got a few bouncebacks for the SpamCop email addresses it provided to report the SPAM. I am currently getting hundreds of bounce backs each day, and they are sending from many different hosts.

  20. #20
    SitePoint Member
    Join Date
    May 2005
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi I am getting hit very hard by this currently three days ago I had 168000 messages in queue enough to effectively lockup my server I had the adminstrator stop the server and purge all messages in the queue that had failure in the subject line and then restart qmail I got the queue down to about 3100 messages now it is back up to over 62,000 or about 20,000 a day. From what I can tell the messages seem to be CC'ing ficticious email address all pertaining to one of our accounts these effectively are bounced back as non existent but then the originating email is also ficticious so all of these get bounced back as well. Each of the emails I was able to lookat while in the queue ad at least 30 names cc'd in the email so depending on the runout time of trying to deliver messages set on my server I could see at least the processing of 61 messages for each one for each attempt at bouncing a given message back.

    My only work around that I could come up with was to come up with a cron job that stops qmail, clears the queue as I did so when I first saw this, and then restart Qmail

    This will at least keep the queue 'semi empty' and should not bring it to a halt

    The only other longer term solution is to do something called checkuserand I think something like it may have been discussed earlier in this forum. If anyone knows of other solutions I did send several headers to SPAMCOP and then an informational message to the originating IP email account. If it does anygood I dont know

    Any suggestions or comments would be greatly appreciated

  21. #21
    SitePoint Member
    Join Date
    May 2005
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I know this a vague question but can anyone give me a number of message I could/should expect to see in the queue at any given time?

    I have about 50 accounts only about 5-7 use alot of email

    Any wild guess anyone???

  22. #22
    Rick Drew
    SitePoint Community Guest
    I've been hit four times by these. The first variation was years ago. Spamford Wallace sent out millions of emails using my domain as the forged sender and as the remove link. I found his personal e-mail address and auto-forwarded all the bounces to him. He changed his account three times, and each time I simply changed the forwarding. He actually threatened my ISP with a law suit for spamming!

  23. #23
    Non-Member Gator99's Avatar
    Join Date
    Sep 2004
    Location
    Florida
    Posts
    613
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is nothing new, a good start would be to set up an SPF record.

  24. #24
    SitePoint Member
    Join Date
    Oct 2007
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've been hit four times by these. The first variation was years ago. Spamford Wallace sent out millions of emails using my domain as the forged sender and as the remove link. I found his personal e-mail address and auto-forwarded all the bounces to him. He changed his account three times, and each time I simply changed the forwarding. He actually threatened my ISP with a law suit for spamming!
    ----
    bottled wheat grass juice

  25. #25
    phpLD Fanatic bronze trophy dvduval's Avatar
    Join Date
    Mar 2002
    Location
    Silicon Valley
    Posts
    3,627
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    I hate this too. I have been hit by it on multiple occassions for multiple sites. I have come to accept it just part of doing business online.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •