What is Joe Job

Joe Job is an e-mail spoofing attack in which someone sends out huge volume of emails that appear to be sent from an innocent source. Many times Joe Job occurs as an act of revenge and it’s forged to take down the target’s reputation online. In hosting business you may encounter a Joe Job conducted by an angry user you discontinued a service for or simply by a competitor who feels you’ve become irritatingly dangerous.

Why Should I Know About Joe Job

While it sounds something not worthy of attention right now, you might find this information very useful when it comes to the point of being a target. As already said, a Joe Job is just a regular email campaign that uses your company email address and company URL. The usual Joe Job does not send the advertising emails to hundreds, thousands or millions of email addresses but it does this multiple times per account. Possibly hundreds of copies are sent to an individual account. The sole reason of this is to irritate the recipients and to get your company into bad reputation, blacklisted and in a lot of trouble.

How do I know if I’m Joe Jobbed?

The first thing you’ll notice is receiving email bounces in your inbox. As soon as you realize this it is imperative that you recognise the situation immeditately because the next phase is getting irritated emails from the recipients threating you with the court of law, blacklisting of your servers, contacting your ISP to close your service. In some cases, if you do not take any action, all of the above will apply. So stay calm and act quick!

1. Set Up a Spam Information Page

The spam email most probably includes a link to your company site. Set up an announcement on that page that will explain in brief that you are a target of an identity theft attack called Joe Job. Also explain that this is something that cannot be prevented in advance by security measures and that you’re working on cutting down the malicious internet user and the spam will stop in the following few days. Remember to attach an example of the spam email with headers and explain that the source email address is spoofed. Also note that the source IP is the machine that is really sending the emails and that it does not belong to your company. Apologise the incident sincerely and ask the visitors for help.

2. Use The Possible Unsubscribe Link Into Your Advantage

Many Joe Job emails have an unsubscribe link on them that directs the user onto your server on a 404 page further frustrating the user. Take use of this URL and redirect it to your spam information page.

3. Remove All The References To Your Phone Number On Your Site

If you really want to solve this problem, remove the phone numbers on your site. Soon you’ll be flooded by angry calls if you do not. You can list a voice mail number on your site in place of your phone number. Remember to put in a nice notice on the side explaining that you’re under an Joe Job and that you’ve set up a voice mail during the attack. So you can work on stopping the attack. Also provide a link to your spam information page.

4. Give Up Your Email Account

It is useless waste of time trying to save your email account. Just give it up and set up a small autoresponder that will explain the situation and provide links to your spam information page and to your contact information page where people can find your contact form. Avoid simply providing a new email as the attacker might just switch the attack to the new email. Apologise, ask for understanding and help. Keep this email short and small as otherwise you would probably be DoSed by the amount of responders you need to send.

5. Contact Your Providers

Inform your providers that you’re under an attack and that that they probably will receive complaints about you. Give them a link to your spam information page and apologise. Even though it is not your fault. Remember that the angry users will not only contact you, but your ISP, your domain provider, merchant providers and any other provider that you use on your site. Also provide valuable information on how to slow down or even stop the attack. Do not forget to provide your new email address!!!

6. Post The Joe Job on UseNet

Once you’re signed in to UseNet, look for group called news.admin.net-abuse.email (Commonly called NANAE). Leave a post where you explain you’re under a Joe Job and remember to provide a link to your Spam Information Page. Your post will most probably encouter sceptisism by anti-spam fanatics but just ignore it. You didn’t post it for them. Your post will most probably be read by the people that run anti-spam services such as spews.org. They will not reply you but they will consider the situation before adding you to their databases as a spammer.

7. Contact The Authorities

Don’t count on having any concrete help from them. The reason you contact the authorities is that you will have official records of the incident in case you need to defense yourself when a prosecution comes as an option at a later date.

Conclusion

Stay calm, accept that a Joe Job cannot be prevented. Also accept that some victims of the attack will never believe you. Also remember that you will most likely get sympathy from some users. Acting fast, will minimise the losses.

Jani Hyytiäinen
Technical Manager
Codepic Solutions

Unluckily now there are still no way to prevent this kind of email problem.

How this spam works? They use your email address as the FROM part and they sent millions of emails out from zombie server, then when all this emails blocked or rejected by the TO user account, it’s all being bounced back to the sender (which will be the email address at the FROM part)

If someone knows the way to solve it, please let us know. cheers!!!

Just download and install the Internet Explorer 8 Beta 1. After I restart my PC and first run it, everything seems all right. When I started to make a blog post in here (wordpress standalone), the IE8 Beta 1 just CRASH!!! and for 3 times it said CONFLICT with the Google Toolbar I have when using the IE6, lol, why they want to push Google away???

Ok, so I remove the Google Toolbar for IE, then try to write new post in blog here again, this time just run OK BUT all the CSS and layout went wrong. Hmmm, when I download this IE8 Beta 1, it stated for professional and web developers, but seems like they still want to keep their own CSS and layout with not compatible to other browsers in the market (at least Firefox, Safari and Opera always quite similar in working with CSS and Layout)

A bit dissapointed with the new IE8 Beta 1. Oh ya, I don’t like Vista, so I never use the IE7, now I know my decision is correct, stay with IE6 until the 7 and 8 both stable

This related to one of my website that I have not been updating recently, so I quickly ftp into my server and check it.

I found that this data_.php script is use for GETTING HTTP POSTS from some where and then it will MAIL it out, so, my server will become the email server for the SPAMMER. Luckily I notice about it earlier now and saw this stupid spammer write different php style than me, so I can sure this is not the script that I wrote for myself (lol, I have to deal with thousand of scripts always)

I have report this to the datacentre admin, they are checking for me now that whether where is the security hole. Stay tuned!!

I will be putting the new server in this datacentre in my hometown – Ipoh. The reason is not because I love Ipoh, I guess that by co-locate my server there then I can have better access both remotely and physically, at least my staffs do not need to travel to Cyberjaya everytime.

The connection in this datacentre will be about 155Mbps. The other reason to choose to co-locate server in Malaysia is because we are expanding our business in ASIA which my UK servers will not be able to provide the fastest connection to serve all the clients and users.

The server should be ready in end of this month and should be ready to serve in early June.

Check it out at www.MotorZon.com

I signed up the Yahoo! Pipes for quite some while but never got time to really experience it. Today I just come across it again fater yesterday my visit to Internet World 2007 exhibition in Earls Court Centre, London, UK. In the exhibition I met with a guy in a stand selling his piece of software which works like that Yahoo! Pipes but he is going to sell it for €50,000.00!!! So I just politely tell him that his should do so to sell at that price because it’s new technology (I remember it called MASHUP SERVER technology).

Back to the topic here, I just try to make a TEST pipe here (http://pipes.yahoo.com/pipes/person.info?eyuid=lSogDpswo2uqNu9J6AYp), and then the result is cool I can combine two RSS feeds together. If you have good imagination and cretiave mind, maybe you can create some cool pipes???

Try it out mate, it’s worth a try. Great tools for researching….

Today I am installing the RoundCube Webmail for my client. I choose this webmail because it provides the AJAX and very very clean and simple interface.

I just wonder the developer stop the developing stage at beta 1? This webmail is really really cool. I suggest you should give it a try

http://www.roundcube.net/

It seems that Technorati still hold the MOST blogging sites attached to it, so successful huh!!!

My Technorati Profile

I wonder when will it be available in UK?

This is 2007 MUST BUY device

(photo grabbed from Apple.com)

The Official iPhone Specs

Screen Size: 3.5 inches
Screen Resolution: 320 by 480 at 160 ppi
Input Method:Multi-touch (touchscreen) and side buttons for volume control
Operating System:Stripped down version of OS X
Web Browser: Safari
Applications and Widgets:Google Maps, Stock quotes and Weather information
Storage: 4GB / 8GB
Phone Technology: Quad-band GSM(MHz: 850, 900, 1800, 1900) and EDGE (This means the phone is not a 3G phone but a 2.5G)
Wireless Data: Wi-Fi 802.11b/g Bluetooth 2.0
Camera: 2.0 megapixels
Battery: Up to 5 hours Talk / Video / Browsing, Up to 16 hours Audio playback
Dimensions: 4.5 x 2.4 x 0.46 inches
Weight: 4.8 ounces / 135 grams
Price :$499 (4Gb) and $599 (8Gb) with 2 years contract
Availability :June 2007 in the United States