azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)
[personal profile] azurelunatic
Let's discuss briefly the Advance-fee fraud, where a grieving orphan "inheritances an important sum from my late father" and would very much like to invest it, or something -- but up front, they're going to need a small fee -- really a paltry sum -- to liberate the cash. They will of course pay you back handsomely --

... except there is no money, and they pocket the fee and leave you in the lurch.

Please continue to use the "Mark as Spam" link from your Dreamwidth inbox when you get one of these. (As tempting as it is to mark the email notification as spam, try to resist the urge -- that won't stop spammers from registering accounts on Dreamwidth and trying to send you messages, it won't report the message to us, and depending on your email system's setup, may well lead to them ditching notifications of legitimate activity from Dreamwidth. It would be so much nicer if the "report as spam" in your email box were connected to our spam system, but sadly I don't know that that ever would happen.)

After you have marked it as spam in the Dreamwidth inbox, you can feel free to delete the message, as a copy will have been dumped into the spam team's queue.

The activity in IRC when this spammer kicks into action -- this one looks to be a single person, gone through 2 accounts now -- is probably hilarious for the onlooker. There's shouting of the "MAN THE BUCKETS! ALL HANDS ON DECK!" sort, and a frantic scramble for whichever Terms of Service person happens to be on duty at the moment. There is cussing, glowering, and occasional bursts of spammer mockery. Some of this is even in the public channels.


10/1/12 18:25
rydra_wong: Dreamsheep holding a hammer; "Dreamwidth Antispam". (dreamwidth -- spamsheep)
[personal profile] rydra_wong
Linking here as suggested by Azz -- please feel free to spread around if you think it'd be useful to anyone:

PSA: Today, you get ALL the spam
azurelunatic: Warning: participating in #dw may result in blacking out and discovering yourself as head of a project team. (#dw warning: department head)
[personal profile] azurelunatic
It's time for some informative digressions on Joe Jobbing.

What are Joe Jobs?

Rather than being Steve's less-famous younger brother, a Joe Job is where some spammer, scammer, or other lowlife forges a third party's information when carrying out an attack.

This is to be distinguished from the sort of attack where the lowlife cracks or otherwise gains access to the third party's property in order to carry out an attack.

From Wikipedia:
A joe job is a spamming technique that sends out unsolicited e-mails using spoofed sender data. Early joe jobs aimed at tarnishing the reputation of the apparent sender or inducing the recipients to take action against him (see also e-mail spoofing), but they are now typically used by commercial spammers to conceal the true origin of their messages.

The name "joe job" originated from such a spam attack on Joe Doll, webmaster of Joe's Cyberpost. One user's account was removed due to advertising through spam. In retaliation, the user sent another spam with the "reply-to" headers forged to make it appear to be from Joe Doll. Besides prompting angry replies, it also caused to fall prey to denial-of-service attacks that took the web site down temporarily.

Some e-mail joe jobs are acts of revenge like the original, whether by individuals or by organizations that also use spam for other purposes. Spammers use the technique to cycle through domains and try get around spam filters and blocks.

Joe-jobbers could also be businesses trying to defame a competitor or a spammer trying to harm the reputation of an anti-spam group or filtering service. Joe job attacks in other media are often motivated politically or through personal enmity.

The parties in this scenario are the Attacker, Joe, and the Recipient.

Joe Doll on the Joe Job
Steve's JoeJob Page (warning: Comic Sans)
Fighting the email Joe Job on your personal domain: SPF (Sender Policy Framework)

The Joe Job in Spam

In spam, the joe job is generally found in e-mail, where the spammer (Attacker)forges their e-mail headers to appear that it is emitting from poor Joe's email address or domain.  )

Who is the victim in a Joe Job? How are they hurt?

There are two victims: the recipient(s) and Joe. )

Who benefits from a Joe Job? How do they benefit?

The attackers benefit from the joe job. )

I'm a Dreamwidth user. Am I likely to be the victim of a Joe job?

If you have a paid account and the paid account forwarding email address, it may be forged as a part of a spam campaign, making you (and, by extension, Dreamwidth) Joe. This form of joe job is rampant on sites such as LiveJournal.

This address may also be the recipient of spam, including possible spam sent as part of a joe job.

Any forum that allows anonymous comments or any other form of anonymous posting, or allows un-authenticated user accounts (such as a form where you enter your name and email address, but does not confirm that you own the email address) is vulnerable to someone simply posting a comment signed with someone else's name. If you have anonymous comments enabled, or frequent other journals that have anonymous comments enabled, this can be used against you.

If someone wishing to cause trouble for Dreamwidth emits spam that appears to benefit or otherwise implicate Dreamwidth, the whole site will suffer.

How can I help?

Use SPF records, respect SPF records, and be aware of Joe Jobs as a form of spamming. )
azurelunatic: cameo-like portrait of <user name="azurelunatic"> in short blue hair.  (_support)
[personal profile] azurelunatic
There are three major tools Dreamwidth offers to help you protect your account from spammers: comment access, comment CAPTCHAs, and comment screening. These can be set individually, in any combination you like.

Visit the My Account Settings: Privacy page, and take a look at your comment options. (To set options for a community of which you are an administrator, pick the community name from the 'Work as account:' menu, then click the 'Switch' button.)

These options cover a number of groups of users: Everybody/anonymous users, registered accounts, your Access List, and nobody. (When working as a community, the Access List applies to the community's members.) These options do not treat the people that you are subscribed to but have not added to your Access List separately, nor any custom access groups.

You control the members of your Access List. As a general best practice, if you know a Dreamwidth user to be a spammer, you should not add them to your Access List.

Registered Dreamwidth users are not typically sources of spam. As Dreamwidth uses invite codes to create free accounts, this means a would-be spammer who wants to register a Dreamwidth account must either request an invite code from another party, or pay to create an account. Neither of these options are particularly attractive from a spammer perspective. (If you learn that another Dreamwidth user is a spammer, please do take action. If they have left you a spam comment or a spam entry in your community, select the option to report it as spam and delete it. If they have not spammed you, but you can establish that they are behaving in a way that is against the Terms of Service, contact Abuse.)

Logged-in OpenID users (such as LiveJournal or InsaneJournal users) who have logged in and set and confirmed an email address are classified with registered accounts. (OpenID accounts cannot join communities at this time.)

OpenID users who have not confirmed an email address are currently classified with anonymous users. However, Dreamwidth plans to change this behavior in the future.

Anonymous users include your friend whose browser ate their cookies again, a well-meaning user who does not want to take credit for a good deed, a well-meaning user who does not want to be associated with the information they have just shared, friends from other sites who haven't got their OpenID accounts working quite right, friends and/or relatives who haven't gotten into the whole blog concept, anonymous users without accounts, spammer-controlled zombie computers posing as legitimate anonymous users, and that person you banned (along with several of their friends).

Why does Dreamwidth allow anonymous commenting at all, when it can be abused so easily? Why not make all anonymous users solve CAPTCHAs?

Some people, particularly people with visual disabilities and people who use screen readers or other browsers that do not load images, have difficulty with CAPTCHAs. Anonymous commenting is useful because it has so many legitimate applications. Some people can't get or just don't want accounts. Some information wants to be free, and some of that information really shouldn't be associated with any kind of identity. Some games are more fun when played anonymously.

However, you personally may or may not have a reason to want anonymous commenting in your journal or community. If you are having anonymous spam problems, review whether you can use a CAPTCHA or screening to reduce or hide spam, whether you can leave anonymous commenting turned on for only short periods of time, or whether you actually need anonymous commenting turned on at all.

Enable Comments settings:

Nobody: This disables comments completely, and hides all old comments. This is not typically used to control spam.

Access List: Only people on your Access List are allowed to comment.

Registered accounts: Allowing registered accounts to comment is unlikely to allow actual spam.

Everybody: This allows anonymous comments (only to public posts).

Anti-Spam (CAPTCHA) settings:

Dreamwidth allows you to display a CAPTCHA to people leaving comments. This is in addition to any site-wide reasons that a user or IP address might be given a CAPTCHA, for example, if they are commenting very rapidly or if spam has been associated with the IP address in the past. (This setting is separate from the Enable Comments settings, so you are not stopped from selecting a silly combination like no one allowed to comment but everyone given a CAPTCHA, even though it will mean that no one is allowed to even try to comment at all.)

Keep in mind that CAPTCHAs may also be difficult for genuine users with accessibility issues to decipher, particularly people with visual disabilities, and people using screen readers or browsers that do not display images. If you know that your journal is read by these people, think carefully about whether you need to enable CAPTCHAs or not, and for whom.

Nobody: No one will be displayed a CAPTCHA on your journal, unless there are site-wide reasons to do so.

Anonymous commenters: When this level is selected (and when anonymous commenters are allowed to comment), all anonymous commenters will be displayed a CAPTCHA, but allowed to comment if they pass the CAPTCHA successfully. All other users will be able to comment normally.

People not on your Access List: When this level is selected (when people not on your Access List are allowed to comment), any anonymous commenters (if allowed) and any registered user commenters who are not on your Access List will be displayed a CAPTCHA, and people who are on your Access List will be able to comment normally.

All commenters: Everybody gets a CAPTCHA, including people on your Access List.

Comment Screening:

Comment Screening allows you to make potential spam less of a problem for your visitors by reviewing comments before they are visible to others. Once you have reviewed the comment and confirmed that it is not spam, you can unscreen it so your visitors can see it as well. (Note: you must delete spam in order to report it.)

All comments: This includes people in your access list. (This level is often useful for things besides anti-spam precautions.)

Comments from people not on your Access List: Again, the risk of spam from registered accounts is low; this level is often useful for dealing with potential harassment, rather than anti-spam. (Anonymous comments will also be screened.)

Anonymous comments: Legitimate anonymous comments will not be seen until you have unscreened them. Anonymous spam comments will not be seen, and you can delete and report them.

Questions? Comments? Ask away!

You may also want to check out the FAQ or contact Support, depending on what you want to know.
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)
[personal profile] azurelunatic
Found via Slashdot, the Washington Post has an article, The Scrap Value of a Hacked PC, which examines a number of malicious uses that your home computer can be put to if someone compromises it.

The malicious uses include being used as a zombie machine to spam websites (including comment spam to places such as Dreamwidth), and being used to solve CAPTCHAs.

So, while it's a very far outside chance that a virus on your computer personally could be leaving spam comments in your journal, keeping your computer and software updated, keeping a firewall between you and the internet (your router may already have one), keeping an antivirus program on your computer, and practicing safe browsing habits and avoiding phishing scams can help keep the internet a less-spammed place.

Snopes has useful information from telling good computer security advice from computer security myths.