Tag Archives: blog

Ahhhh! We’re Sending Out Spam

In true UE form, the following is what the UE Staff learned when we realized that one of our email accounts was sending out spam.

As we continue to learn the ins-and-outs of managing a community-run volunteer website, we’ve come across another fascinating aspect of being an online entity: becoming the victims of a joe job / spoofing attack.

A couple months ago, our Twitter account tweeted out a spam link. We changed all our passwords and double-checked all our other accounts: everything was fine. Then, a few days later, we found an email in the spam folder of one of our accounts from ourselves with a spam link! WTF? That was accompanied by several “mail delivery messages” (also in our spam folder) that our email had labeled with a warning, “This is a fake ‘bounce’ reply to a message you didn’t actually send.”

Okay, but if we didn’t send any messages, then why did some people in our contacts—including us—receive an email?!

Sure, we’ve all seen some form of these spam emails from friends, family members, coworkers, etc. Most likely, you assume they accidentally clicked on a bad link that compromised their account, you make sure not to click the link, delete, move on, and be happy it was not your account. But what if it was your account…?  Well, then, you promptly freak out.

After updating everyone with access to this email and changing all our passwords again, we started our Sherlocking.

First question: Were we hacked? Nope. We were not hacked. At the time, the majority of the members of our staff had access to this particular account so, of course, we were worried someone had been sloppy with the password. But, thankfully, most email clients (like Gmail) actually track every IP address that accesses your email (and the location, web browser, and computer type being used by said IP address.) We were able to verify every single log-in to the infected account in the last month. Not to mention we also checked all of its email history: not a single unidentifiable email was sent from the account. Just to be safe, we still changed the password (again) and deleted all its contacts. We are not ones to mess around with security!

So, if we weren’t sending it, where the frak was it coming from? According to those receiving our emails, the spam emails were being flagged in their inboxes (or were being automatically moved to their spam boxes), because the emails were not actually coming from our servers. That’s also why all record of any of this happening was in our spam box. When we investigated the headers of the spam message, we discovered that they were actually coming from an IP address originating in Kyrgystan. Awesome.

Then, we learned that a joe job is when a spamming company uses your email as a front to send out a bunch of gross links.  One great analogy we ran across explained it like this: spoofing is comparable to someone sending a letter via snail mail, but they wrote your residence as the “return address” in the top left corner instead of their own. This makes the spammy email look like it’s coming from us, when we actually had nothing to do with it.

What do we think caused this? Either someone on the staff was logged into the infected email and accidentally clicked on something, or they were using a computer compromised with spyware, malware, or a virus. We had everyone who had access to the account run scans, and we did find some spyware on one staffer’s computer—we think it was probably the culprit. Either way, the spammers were able to commandeer our address book and thus send out the spam.

So what happened? Unfortunately, there is not much you can do to stave off a joe job except wait for the spammers to move on to a new victim. Fortunately, most email clients either rejected the emails outright, warned that they were not from us, or moved the emails immediately into everyone’s spam folders so they didn’t even notice. We apologized, we ignored, and we hoped it would go away soon. Thankfully, it did. In the end, the whole ordeal lasted less than a week and, from what we could tell, most of the emails were bounced back before they were delivered. We decided not to send out a mass email about the whole thing, for fear of potentially adding to the number of emails, so we wrote this article instead.  The most important thing to know should this happen to you is to remind everyone not to click on the links. If no one clicks, you aren’t profitable to the spammers, and they will move on.

The silver lining?  We’re a little bit more enlightened this week, and we hope we’ve enlightened you a bit on the wonderful world of spoofing. Also, if could be worse: AOL literally sent out zombie spam that same week…

Extra credit: Why is it called a joe job? Well, this is a terrifying account of what happens when someone purposefully uses your domain to sabotage your business and email as a spammer. This did not happen to us. Not that that’s going to help us sleep tonight.

Have a wonderful, spam-less week!

Photo by Gali Levi-McClure

Photo by Gali Levi-McClure

An Urban Explorer’s Guide to Living Cheap

I am an urban explorer. Not the kind that sneaks into abandoned buildings or climbs through underground tunnels. The kind that loves to explore the culture of her urban environment. I don’t feel at home in a city until I have a favorite restaurant, can recommend a venue, and am a regular at a cafe.

But urban exploring comes at price, one that often exceeds the budget of a student or a struggling 20something. When I was living in Portland, I was a struggling 20something, freshly out of undergrad, and trying to support myself in a brand new city. I had only a year in Portland before moving to Eugene for graduate school and so I promised myself that I would make the best of my time and explore as much of the city as possible. This was my decree, and its success was in its limitations.

When on a mission to explore a new city, you have to decide what is possible. Can I go to every café in town? No, not in a city with 175 coffee shops per capita. Can I go to every restaurant? Again no, especially if you are living in food heaven. Can I go to as many free and cheap events as I can find? Yes, that I can do. And so I began my search for affordable activities in the hipster capital of America and aptly started a blog called Portlandia of the Free (Or Cheap).

I posted five free or cheap events to my blog every single day of the week for almost a year. All of them were $10 or less and, yes, I could always find 5 events to post. In fact, I often had to narrow down the list to my top five events for the day. How did I find all of these events? The simple answer is I looked for them, but the secret is where I looked.

Become Best Friends with your Local Magazines

I am not joking when I say I think of the Portland Mercury and Willamette Week as close friends. As I write this, I find myself smiling in memory of the times we spent together, me searching through their pages for events to post to my blog and discovering the best and weirdest activities. Like the annual Naked Shopping Spree at the Red Light Clothing Exchange, where people run out of fitting rooms naked and compete to put on as many clothes as possible in three minutes, while Portland’s fantastic Prince cover band plays music to the chaos.  Or CHAD Chats, Portland’s version of TED Talks, where people share sardonic PowerPoints and get drunk, of course. Or when I discovered that a local pie restaurant was letting the public judge which pie they would put on their menu next, immediately following a chocolate festival full of free samples. Food, drink, nudity, and sarcasm: that’s what makes Portland go ‘round.

I would not have discovered any of these events without my trusty local magazines. I seriously found most of the events for my blog through these publications, which is why, whenever I go to a new city, the first thing I look at is their weekly magazine. Not every city’s magazines are as good as my dear friends Willamette Week and Portland Mercury, but I guarantee you’ll find something unique and inexpensive to do.

Don’t be Afraid to Sign-up for Email Lists

As I started to attend all these events, I began to wean myself off depending on weekly magazines. I decided to get event announcements straight from the source: the venues themselves. So, I signed up on every mailing list I came across. I still get emails from Collage, a craft store that holds $5 classes every Friday and In Other Words, the feminist bookstore from Portlandia that hosts a range of free events. I also found that I wasn’t the only one curating cheap activities and joined mailing lists like Portland on the Cheap or Around the Sun. Now instead of searching for free activities, the entertainment was coming straight to me, and often I was getting in on sweet deals. I felt like I was “in the know,” which is exactly how you want to feel when you move to a new city.

Ask People Where to Go

Regardless of all my searching, there are some places I never would have found unless I asked. That great inexpensive Mexican restaurant in an alley behind a strip club my roommate recommended to me, or the gathering of local poets every month where you could hear people who didn’t perform at the big poetry slam. These were the places that finally started to make Portland feel like home, because you can explore a city all you want, but you don’t stop being a tourist until you find a community.

So, venture out there, but don’t just look for places, look for people. They’re the best form of free entertainment.

Photo by Andy Sutterfield

Photo by Andy Sutterfield