Slashdot Mirror
Proxy Sites Offer Secret Passage to Myspace
JafSquared writes "As sites like MySpace.com gain popularity in young adults, schools all over are finding that taking measures to keep kids blocked out of these websites is becoming increasingly difficult. As this hype continues, proxy servers such as "Box of Prox" are springing up like wildfire. While system admins furiously work to diminish the strain placed on their school's local networks from sites like MySpace, these proxy sites are enabling easy access to restricted areas. However, schools aren't the only places that are feeling the heat. Proxies have also been becoming a bit of a complication in the workplace. To the more advanced user, the proxy server can become a tool for malicious intent as this article, delivering an anecdote with the termination of an employee, so poignantly details."
Wow, Slashdot sure is on the CUTTING EDGE of TECHNOLOGY NEWS!
echo "127.0.0.1 www.myspace.com" >> /etc/hosts
I'm just waiting for more fallacious appeals to emotion in the fight against kids talking to one another.
Do politicians even consider how ridiculous their arguments are? Why, ghettos have become a haven for drug dealers, prostitutes, and other nerdowells! Do we ban ghettos? No, I believe parents simply teach their kids about the dangers of going there, and before they're old enough to understand that, the parents simply don't allow them to go there.
It's sad how human ignorance comes back with a vengeance with the emergence of any new technology or tool, without fail.
I wonder why kids have internet access at school. Do someone really want them to have ADHD since childhood? Aren't they supposed to learn something while they sit in waiting to be online back home?
Sorry for me spell bad, not a native but I'll do my best
How is this news? People have been using proxies forever to get around blocks.
no matter what people come up with, it can and will be broken. Really tough time to be a network administrator in a school. There are always proxy sites, and sometimes the students are just better. They will find a way no matter what
they haven't stopped VNC yet in a lot of places...tunnel that over SSH...over HTTP...to home server...it's easy.
As sites like MySpace.com gain popularity in young adults ...
The last time I was in a young adult, I know I certainly gained popularity.
It is possible to filter out these sites with a little more work. For example, my company blocks any url that contains 'proxy'. It also filters most proxy sites that you can find on Google.
2 UuY29t&hl=1111101001 then they could just visit that link, see what it was and block away.
Also, if an admin notices they're getting a load of traffic to say http://surfinsecret.com/index.php?q=d3d3Lm15c3BhY
I got around it by installing my own copy of phpproxy on my server and use it infrequently for certain sites. There's a lot of traffic to my domain anyway because I run an application my department uses on there, so it's fairly safe for me.
My school district already hates me, just because I was using a VNC connection over an SSH tunnel to work on some stuff at home (yes, this was for a school project). For whatever reason they thought I was trying to access banned sites... funny thing is, I don't even like MySpace. Or any of those sites.
Creative misinterpretation is your friend.
The next internet is already being implemented by hobbyists, idealists and realists. There are those who want information to be free, those who want the Big Government(TM) to keep their hands off, those who feel that it's time to take the 'net back. These people are like you and me: they are tired of reading about the latest threats made by the RIAA/MPAA to bend laws to their twisted will. They are tired of knowing that bills introduced by the government to Combat $concept(TM) will be abused by special interest groups. They are fed up with the Fear, Uncertainty and Doubt being planted by media and corporations.
Some of these people have gathered and joined forces to build their own version of the Internet. An Internet for the people and by the people. One such implementation may be found at http://anonetnfo.brinkster.net/ and http://anonet.org/
This is not a darknet of paedophiles, script kiddies and warez traders. It is an independent effort by those who think that the Internet can be more than a money making scheme by Big Business or tool for brainwashing the masses.
Go on, take the blue pill. Wonderland is waiting.
When I was in school (5 years ago), schools were trying to block well known proxies, but were unsuccessful at blocking those of us with 'home brewed' proxy servers. This wasn't really such a problem, because the policy was "get caught looking at sites x, y or z and you lose your computer privileges", why does this approach not work with advent myspace et al?
Proxies aren't such a big deal anyway, I worry more about the possibility of a savvy user with a bootable USB flash drive and OpenVPN.
MacBook Pro. Worst name since the Bicycle
I admit that I don't get MySpace.
That said, I find it hilarious that a site which is all about openness and lack of privacy (thus the concerns) is causing a proliferation of proxy servers which are intended to give privacy back.
Blocking sites is a half-assed solution since students will always find a way to expend bandwidth. (Personally, I think that the 'net doesn't need to be in classrooms anyway. I went to HS from 1993 to 1997 and survived just fine without going online in school.)
-b.
But the moment, you introduce blockades to access to a "cool" thing like myspace or facebook, these talents become valuable in terms of utilization. More kids learn these, use these and try to out-do the other in terms of l33tness. If there aren't the artificial boundaries drawn by the authorities, these skills would have never been learnt, developed and hopefully put to good use in the future.
Whatever they block these with, they just raise the bar for the kids. Clever, curious and with the power of the rest of the internet behind them ... there's nothing that's totally blocked off. Probably threats to those who break the security and offer real world punishments maybe, but blocking it all is impractical. Of course, then there are those who prefer forbidden fruit to the ones in the fridge, for the momentary thrill of breaking some rules.
I remember breaking the proxy at a college where I was giving a talk. All I did was ssh -D 8080 into my box and bypassed the "security" of the campus network. But I did that by unplugging the monitor cable, running ssh and plugging the monitor back on in under 2 minutes.And lo, meebo.com suddenly worked. The kids thought I was some great genius or something. THat kind of ego-rush to a 17 year old teenager can drive them to do far more than just break firewalls to get kudos from their peers.
These kind of restrictions just favour the kids who learn to use the system, instead of just fighting it on the streets like the average politico.Quidquid latine dictum sit, altum videtur
WTF, how is this news for nerds and how does this matter????? /. today (its been my homepage since 1998) i found some /. didn't have any ads
and another thing that pissed me off as i visited
kind of hover ad that was ontop of the fucking content!!!! I MEAN wtf. I remeber when
at all!
A lot of the problem is that the kids are often just plain smarter than the school's sys admins. Back in my high school, there was a really popular rom collection that the admins couldn't get out of the system because when they tried to (via wiping the system or otherwise), someone would just restore it from their copy of the roms. Eventually it got to the point where if it was a certain amount of time before class, the admins just looked the other way while kids played Super Mario 3 and Adventure Island.
Truth is, if they'd bothered writing some protections to the 'shared' drives (even in the form of a password) where people kept replacing the roms so all the computers in a lab could use that rom, they could've probably stopped it cold. But hey, that would require understanding HOW we did it in the first place.
There are always proxy sites [...] They will find a way no matter what
I agree completely. Schools are stupid if they think they can prevent access to Myspace and other sites in this way.
The way to do this would be the exact opposite - not a list of banned sites, but a list of allowed sites. If you want school PCs to be limited to school activities, that would be the way to go. Of course, this would seriously limit the kids' ability to do legitimate research online.
So really there is no good solution. Except for (1) supervision in computer rooms, and (2) accepting that kids will be kids and find a way to visit Myspace no matter what you do.
For the purposes of myself (who at first just wanted to play sudoku at WebSudoku...) and others in my class at college (who wanted MySpace) I set up a CGIproxy on my webspace. A few months later, it had to be removed; for a start, because even when password-protected, the thing sucked up about 50% of the CPU time on the (shared) server on which it was located. In the end me and my classmates were a minority, it was mostly others using it (I did get a very nice email from a US Marine in Iraq asking for the password... I wasn't horrible enough to say no :) I kinda pity the people who do the same thing, set up a proxy for their own personal use and watch it get used by just about everyone and their dog.
By summer it was all gone...now shesmovedon. --
Install DansGuardian into your Squid proxy (what do you mean you don't use Squid..?)
/etc/dansguardian/bannedphraselist:
Add to
' MySpace.com. All Rights Reserved.' (changing the ' for angle brackets)
Despite years of fiddling with my own home networks and hearing about ssh tunnelling, I'd never set up an ssh tunnel and never "got" the reasons for it. That's changed recently, and now I'm a convert. I know this is basic crap among most of the /. crowd, but here's how I can anonymously surf at work:
I have Proxomitron at work to get through the firewall. It acts as a local proxy server, and works with our something-Point firewall. It seems like only ports 80 and 23 are open. No port 22 for ssh, and no ports for email.
Using puTTY configured to look at the local proxy server, I establish the appropriate ssh tunnels to my Linux box at home. I don't know why this works, so any explanation would be cool. I'm using port 22 via the Proxomitron local http proxy over the corporate http proxy to my plain vanilla Linux box. Fscking mystery to my how it works, but it does. Setting up puTTY to work directly with the company firewall doesn't work, and I have no idea why. Proxomitron is required.
Of course now with all the right tunnels, I can use FireFox on my Linux box or even Safari on my Mac (if I leave it on) via VNC, and I have instant anonymous surfing. Yeah, I know I'm using a helluvalot of bandwidth, and I generally don't need or do any anonymous surfing anyway.
So, what's my traffic look like to my company IT boys for my interesting setup? I'm assuming that my secure ssh connection doesn't let anyone know what I'm doing over ssh; that's the point. But yet I have this traffic flowing out of Port 80 to Port 22 somehow, and it's either little tiny bursts when I'm working in bash, or it's a bandwidth hog if I'm using SAMBA or VNC over the connection.
-----
The whole initial point of the excercise was to talk to my MythTV box while on the road. All I wanted to do was ssh in to check my RAID status. I also had all kinds of ports open on my router so I could http into MythWeb, and Webmin, and MythStream, and SMB, and the router itself, and ftp, and generally a big mess. Now all I need is my single ssh port, and I'm good for everything without all of those open doors. At work I use puTTY, at the hotel I've got my iMac (remind myself to look for an ssh tunnel control panel so I don't have to keep using the shell).
Even with ssh, I'm subject to brute force attack, right? Wasn't there something like a magic knock I can setup so that I ping a certain sequence of ports in the right order, my ssh port opens up, otherwise being closed? Probably won't work for me, as I have a proprietary hardware router...
--Jim (me)
TFA doesnt even mention the onion router.
ac (heheh)
Half of what I learned in high school, actually probably 2/3-3/4 of it, I learned online at school or on my own time. A lot of the stuff that I read was at one point or another restricted, like a lot of libertarian stuff (including the party site) was restricted because it advocated drug use.
That's how the pea-brained morons that make most filtering software think. Yet a friend of mine would pull up porn sites like pink.com (back in the day) and laugh about it.
I have been out of college for 6 months and so am young enough to remember high school life. It was a waste of my time. I plan to homeschool my kids because they shouldn't have to "fight the system" to get anything interesting out of it.
stories that talk about unintended consequences are always interesting. in this case, the kids are sent to school to learn what they're Supposed To learn, and end up learning something else, that the bureaucrats are uncomfortable with.
the bureaucrats usually catch up though, not by direct denial (like the school admins are trying now) but by subverting the desires of the kids - like making them want to use their skills in other ways, and/or changing the popular sites so that they work for the bureaucracy.
What does the internet have to do with ADHD? Ohhhh... That's right. Anything we don't like kids doing must cause ADHD.
Isnt this some sort of 'intervention device' or some such nonsence and illegal ? ( or at least banned under some international treaty )
---- Booth was a patriot ----
I can't help but question the approach used by many schools in regards to blocking social sites. The primary reason for the blocking of these sites seems to be that they utilize excessive network resources (oftentimes this is under the guise of them being inappropriate). I compare this to a town realizing "all of a sudden" that the traffic on the roads is more than they can handle. The fact is that many schools have been skating by on the bare minimum amount of bandwidth (it seems to the the norm that a school started leasing a T1 5-10 years ago and have not upgraded). Even a small increase in use strains the network. So the question is, where does it stop? By the logic being used, all IM and web traffic should be blocked as well because it strains the network.
this would be one thing for computer labs or classroom computers, but the dorm room acts as your home in college, and the college network is your isp. if my isp told me i couldn't go to myspace (or any site at all) because they couldn't handle the bandwidth, i would be up in arms and immediately switch isps. why is this any different in a college dorm? also, two weeks ago when some college banned facebook everyone said it was a violation of their rights, but now they go and blame bandwidth and nobody seems concerned???
"no matter what people come up with, it can and will be broken."
Agreed. That's why what happened to IE will happen to Firefox. Oh wait, we all know that your premise isn't true, so Firefox will be safe, and that browser (and company) we all love to hate will be the butt of jokes for years to come.
--
How appropriete my confirmation word is "pretend".
1997 called. They want their story back.
Seriously, I can't be the only one here who wrote a CGI proxy server so that I can get around censorware (like BESS) while in high school. I even sold access to it to my fellow students!
Code is simple:
# fetch the url specified after the "?"
# prepend the url of the proxy to all link tags
# print the page out to the user
So all you have to do is run apache with this CGI from home, and you never have to worry about censorware again.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
use a proxy several years back in school. Ran CGIProxy through an SSL connection and it worked great glad I don't need it anymore though
Maybe that's a good thing, since in my experience, 99% of proxy servers log usernames and passwords. I used one from proxy4free.com to get into Yahoo messenger from Quakecon (which was blocking those ports) and within 5 minutes, I got the "you have been logged off because you logged in at another terminal" message. Lucky for me, I was able to change my yahoo password before they did, but it only confirms that I have no skill at finding free, trustable proxies with Google. The proxy operators can start hacking the Myspace accounts into oblivion once the kids use them.
I don't understand. It's not a place of absolute freedom already since MySpace is disallowed. Why don't these folks who seem to have such a penny up their ass use whitelisting? Hell they could just sever the connection from each PC to the internet and have only approved content on local servers, updated by admins if they care so much.
MORTAR COMBAT!
I'm a sysadmin, not the network admin at my company, but from what I know, all the PC's are on their own VLANs. Any requests from these VLANs to outside networks are blocked by the firewalls. The firewalls are set up to only allow port 80 and 443 traffic from the Proxy, which is on a seperate VLAN. From what I can tell, it's pretty locked down.
Karma: Can only be portioned out by the Cosmos.
There's basically three ways to solve internet in schools. The first way (which my high school did) is the lamest and doesn't work. Proxy servers that look for keywords and stop people from going to certain websites. However, these are completely ineffective beceause there are always sites which can get by the filter (website proxy, google cache, etc, etc). The second way is to block everything except 20-30 approved sites. Such as maybe paid encyclopedia sites. The third way is just to let everything in and watch the damn kids. I think this is the best way. Have "internet times" where the teacher is strictly watching the kids and where they go. If they get caught looking at a site they shouldn't, bye bye internet access.
If an officer ever threatens to taze you, say you have a pacemaker.
Yep... my friends were definitely using proxies to giggle at pictures of boobies in class some 7 years ago. Not new AT ALL.
MySpace is the antithesis of the geek world. It is a corporate website that allows users to violate every standard of web design without having to know a lick of code or even html. The user pages are downright painful to attempt to decipher at times, and there is usually some horrible music playing in the background that is difficult (if not impossible) to stop. The fact that it is used for criminal activity only adds to the collective distaste.
Information wants a fueled airplane waiting at the hangar and no one gets hurt.
I work for a company outside of the education process. However, we hire lots of young people, either as summer positions, or as newly graduated employees. The MySpace accounts created by school-aged members are not revoked once they come of age. My company can't easily do a whitelist, due to the nature of our business, which includes using the Internet as a search tool. So we are put in a position of blocking myspace and other such portals, so that the bandwidth is available for work activities. Using a proxy site or an anonymizer raises a red flag in our environment, as it is an indicator that the person knows that what they are doing is against the Acceptable Use Policy. I can't believe that ours is the only company dealing with this issue. A generation that has grown up "connected" wants to stay that way -- and occasionally needs to be reminded that the resources they use at work are accessible for personal use, only as a privilege. The needs of the company to get work done outweigh the personal desire to access non work-related sites.
Why do these sites run? Presumably for the advertising revenue they generate. But kids at school are very unlikely to do any online shopping. So surely they won't make enough money to be worth it....
Proxies have been forever, and have been the problem forever. But mass access to the Internet and real problems resulting from it happen now. Proxies and blocking access are just a small countermeasure...
/b/[NSFW] finds a way to find separate private user profiles on Photobucket in the recent[possible NSFW] directory. /b/tards embark on a quest for more amateur porn by watching this page.
/b/. Wouldn't happen if not that.
A story of yesterday night:
- anonymous at
- more
- they find about 80 pics of a girl naked, masturbating.
- they find out more about that girl, including her myspace and Xanga profiles.
- They find out she's 15. Making essentially the pics of her very illegal.
- They post the pics wherever they can, her school, her friends.
- She deletes the pics and the profiles, but the profiles are in caches, the pics already packed on Rapidshare[NSFW, NSFH, and highly illegal!]
- They contact her, fill her up on the story with lots of lies including that her boyfriend was the one who published the pics.
- Her profile on myspace gets ".-*forever loved*-." header. Rumors of her suicide start popping up. Quite likely she's dead by now.
Now of course a proxy-blocking firewall wouldn't help here.
But let's see: web 2.0 sites made this possible - forum, photo sharing, file sharing, profile site.
Unlimited access to the net for the kid and for reckles teens from
Think of your own reflections. It's not about proxies. It's about kids with access to what they shouldn't be able to access.
Anagram("United States of America") == "Dine out, taste a Mac, fries"
What do you do when your college keeps finding ways to shut down the DirectConnect hubs that people discretely set up on library computers? How do you create a filesharing network tailored for a high-speed LAN which cannot be easily shut down or traced to a source?
Do there exist already-developed OSS filesharing servers (with corresponding Windows clients -- a filesharing network is only as good as the number of people that use it!) which get around these limitations?
One thing to consider is a completely decentralized system which relies on broadcast messages. Yet isn't this exactly what Windows-filesharing/SMB does -- and which is painfully slow to list shares or search?
Exactly what sorts of tools does a sysadmin have at his disposal to locate a computer on a large network, anyway? Say I'm in the business of shutting down DC hubs, and I see that a DC hub is running at 192.168.0.200. I can even figure out what MAC address the server has. Can I easily block that MAC at all my managed switches? Can I easily tell my DNS servers not to register IPs to that hostname?
Back to the point of view now of the would-be hub operator. What if the operator were to add a bit of code at DC++ client startup that broadcasts, "Yo! Where's the DC hub?," and to run a small program on his server(s) that broadcasts "I'm at IP xxx.xx..." in response. Then he could randomly change the DC hub's MAC and hostname every night -- or perhaps even have hubs on multiple computers, and only run one at a time (orchestrated, perhaps, with a PRNG and a common seed), and the clients will still work? Or would this just be a reimplementation of ARP (and could a hub operator take advantage of this scheme's benefits without implementing new protocols?)
A hub operator might also hesitate to write new code, because then he would need to distribute it (and, more realistically, Windows binaries for it), and that presents a single point of failure (which, admittedly, might be solved with BitTorrent and a page on thepiratebay -- but BitTorrent is not something Jane Average will be familiar with). The need to distribute code also reduces the hub operator's anonymity.
Other more exotic schemes are possible, including tunneling traffic to the hub through DNS, but I'll admit that I do not (yet) understand these things well enough to really wrap my head around the potential weak points to know if they'd be something that someone might want to use. And again, a hub operator would want something that's easy for the computer-unsavvy to use, and that requires little distribution effort on his part.
A hub operator would also need to solve the problem of anonymously publicizing any new system in such a way that it does not attract the attention of admins. Grapevine, word-of-mouth is the obvious way to go, and that's how it has been done often in the past -- but word-of-mouth is slow, and limits users to those who would bring up P2P in passing conversation. Grand stunts like dropping flyers at night cross one's mind, but that attracts admin attention. Perhaps a hub operator might run sendmail for a day on a publically-available computer, and send out to email lists (with a "Forward me to your friends!" request in the message body).
Continuing the thought-experiment: What would you do if you were such a hub operator? How would you encourage filesharing?
Now with all my favorite proxies blocked, I have no way to get to my favorite sites... Wait, I've got it! I'll just proxy the proxies!
Our school had minor problems with proxy services such as this one, but our school's web filtering system (Surf Control) did a great job at blocking them. I think students, when given the oppertunity, will browse myspace, but really will not go out of their way to do so.
The average technical know how of students in my year is terrable, generally not above simple instant messaging/powerpoint usage, and have no idea what 'proxy' means. I think any school with a half-sensable content-based web filtering system should have no problem preventing students from using proxies, especically if the admins are paying any attention to what their students are doing.
>Proxy Sites Offer Secret Passage to Myspace
I can think of *so* many better destinations for Secret Passages.
Open Source Drum Kit, LPLC deve board - mjhdesigns.com
At one of our offices where MySpace and other personal web surfing had been a continuing problem (proxies and attempts to bypass filtering) the boss finally just said "no more internet for them, period". And that was it. The users now have to access the net on a terminal in very public part of the office if they need something. Oh well, sucks to be them. A few people who just couldn't grasp the concept of "work time" vs. "personal time" ruined it for everyone.
I was a sysadmin at a High school for a semester... Its wasnt myspace that was the problem it was livejournel. I ended up setting up squid guard at a single point of entry for the network (yes that's a single point of failure) but then it checked every site they looked at. It was nice having that power....
:P.
Eventually i decided (the cocky sob i am) to challange the students to try to hack past my proxy and no one could. I was going to be let go at the end of the year away so i took the "resident computer geeks" and showed them how to set up EXACTLY what boxofprox does...but on a personal site with dyndns.
So yeah the moral of the story.... boxofprox is nice, but dyndns+linux+apache+cable modem is much better and harder to find
j^2
Remote Desktop and logmein.com? This introduces a completely new issue since users are no longer viewing sites like myspace through the local web browser. They are instead viewing them through their own personal computer. Are they then accessing the site through their computer or the school's computer? And how can a SysAdmin prove that they accessed the website?
During the middle part of the 20th century, many urban "ghettos" in the US, inhabited mainly by Blacks, were leveled. In some cases they were replaced by public housing. For a very brief time, the public housing was better than what came before, but it rapidly deteriorated.
Elenor Roosevelt famously advocated for the demolition of illegal alley dwellings in the District of Columbia. At the time, they were cramped, filthy, areas that attracted vermin and were unpleasant to live in. I don't know exactly where the displaced residents were moved; presumeably cheap subsidized apartments, under what is referred to as the "section 8" program here in the US. Today, there are a few remaining alley dwellings here in DC. They are much sought after as unique spaces that offer shade and a noise barrier from the street. Modern conveniences like air conditioning make them pleasant places to live that don't attract quite so much vermin, although the ever-present rat population is probably more visible there. People put up with this, despite the fact that in some cases the residences are still technicly illegal and could, in theory, be torn down although in this capital of litigation such a move would be very unpopular and end up winding through court for years.
In recent years, the trend has been to demolish ghetos and replace them with renewal projects. Nobody bothers to try and build public housing anymore, because of past problems. The residents are simply displaced.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
What I'd do, in high school, is just open a SSH connection to home with the -D flag on the client, for a SOCKS proxy. School couldn't track where I was going nor filter anything.
I've been using proxy at school since I was 13! They realised after a few years, so I started using Google Cache to bypass the filters. Ah happy memories...
What would a mongoose do?
At our school, unencrypted traffic to myspace will be blocked. They use one of the filters from 8e6 Technologies (http://www.8e6.com/products/R3000/index.htm), which they have set to only look for keywords in the transferred traffic. If the traffic contains the keywords, the filter sends a stop command to the webserver and sends the web browser of the client to the "blocked page site". I believe that they have this filter looking for keywords on the myspace sites or html code only used by this site.
These Proxies WILL NOT work.
A much better approach would be to find out the IP address of the filter, and then launch a DDOS attack against it. Since the filter is "passive", when it finally goes down, the internet will be unblocked for everybody.
Could you please send me your credit card number and pin?
Thank you very much.
Signature: A marine in Iraq
Why can't
"To the more advanced user, the proxy server can become a tool for malicious intent as this article, delivering an anecdote with the termination of an employee, so poignantly details.""
The part about the firing was short and rather matter-of-fact. Where, exactly, was the poignancy?
In the words of a famous Spaniard, "I do not think it means what you think it means."
#DeleteChrome
If schools really want to block sites like these, they should use their own proxy servers instead of parental control blocks. Something like ISA 2004 would by default block all incoming and outgoing access. Then all they would hve to do was open access to sites that wanted allowed to the kids. It might be a bear to setup, but it would definatley stop them from using their own proxies to try and get around it.
Schools and others who wish to restrict access need to start whitelisting allowed sites, rather than blacklisting prohibited ones. Yes it's a lot more work to whitelist a thousand useful resource sites rather than blacklist MySpace. However, if the schools work together on a single system they can spread out the burden sufficiently. Otherwise it's just a game of Wack-a-Mole.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Internet proxies have been around just as long as slashdot, if not longer. This isn't a new problem.
And really, the best answer isn't to attempt to whitelist half the Internet in schools. Students don't have computer access unless they're in the library or computer lab as it is already. And in both of these places, there MUST be a teacher present if the students are present. If the teacher would just look around at everyone's screen, there'd be no problem.
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
Just this last year, our school introduced an extremely-restrictive proxy that would often block legitimate research sites (as well as all the fun ones.) In addition to finding a few workarounds (ping to get IP address, use that instead; google translation; etc.), I wrote a happy little program that I distributed throughout the computer lab.
o n=ADULT-CONTENT), it sent a nice little email to the IT guy. It was very polite, just saying a sentence or two about how I believe site.com had been added to the filter list in error and I would request its removal. Multiply that by every blocked site ever visited, though... :-D.
What did this program do? It ran in the background, monitoring Internet Explorer's address bar (couldn't find a nice API for Firefox, but mozilla.org was blocked anyway). When it detected that the proxy had taken over (http://www.lghs.net?blockedsite=mozilla.org&reas
(Yes, I know it's probably not moral to use school computers for this. Yes, I know he could have created an email filtering rule to send the messages to the trash. I liked it, and so did the users. *Shrug*.)
"May the days be aimless. Let the seasons drift. Do not advance the action according to a plan."
The obvious solution to people going around and surfing myspace etc, is content filtering I believe. Honestly, unless there is a proxy out there that will take naughty requests and format them into a flash animation page for you no matter what...then the text is still there. It is still filterable.
The other way around it is encryption...but I'd imagine most of the proxy's are not encrypted. Perhaps I'm wrong though, as I haven't searched for a proxy for a while. But even then, the proxy site may have the word 'proxy' in it...and you could simply score the word 'proxy' when used in conjuction with 'web' or 'internet' or 'free' add up to be over the threshold for blocking.
SmoothWall Firewall does a fine job of being a firewall, and the DansGuardian Content Filter with Antivirus mod will allow such things very easily.
Domain block lists and white lists have their place, so does true content filtering. There are free versions that work well for home users including smoothwall firewall, and there are also better featured versions of different content filtering products for enterprise users.
While obviously content filtering intruduces some delay into your web transactions, don't underestimate the utility of the machine also serving as a cache - out of 5000 people, do they really need to download 'google.com' 1000 times a day? or maybe only 100 due to caching... I know google is light on the load and bandwidth, but other sites also get cached. Its a pretty good deal.
Who is this that even the wind and the waves obey Him? Surely this computer must submit also!
About /b/. Don't expect to find this there. /b/ moves a hell of a lot faster than /., and things like this happen all the time. Message threads usually last less than an hour before being pruned, as the pace at /b/ is quite fast.
/b/ is not the reckless kids you may think they are, even discussing /b/ I am in the reuired Anonymous persona. Think of /b/ not as reckless teens, as most /b/-tards I have met tend to be older tech guys, a ton from the old BBS days, and a lot of tech savy and graphical art persons and professionals.
/b/, and it helps keep those truely over "sensitive" individuals off /b/. Yes, in this case we used a girls stupidity against her, it taught her a lesson, in other cases we have crashed kiddie porn sites through coordinated effort while law enforcement just sat their with their limp dicks in their hands over it, and other times we just like seeing Habbos whine and cry about not being able to get in their virtual water, all because we care about them and don't want them getting AIDS.
/b/rothers behind us!
/b/ is, continue to do so, because then you will never see us coming and lord forbid if /b/ turns their eye to one of your servers.
Additionally,
We have been on the net before it was the www, we have explored the dark corners, killing our souls, learning that the net really is an evil place, a base place, and anyone who tells you different is just trying to sell you something. We perpetuate this by continuing to expose eachother to the horrors of the internet through
Yes, we act like idiots, but that is kind of the point. We have learned the internet is a joke, because many of us were ones who helped make the net what it is, and internet memes. We are the insurgency, the holy jihad against FAIL, we will bash and belittle people into suicide, we will find an interesting picture or personal detail and we will make you learn your folley through public humiliation. We are the proactive education of the internet. We are Anonymous, we are legion, we do not forgive, or forget! We find a hole, we widdle at it, not like shadowy script kiddies, but like the loud large force we are. We don't sneak, we walk up and slap you in the face laughing with a 1000 of our
Please doubt who
POOLS CLOSED!
Blockmenot.com has been here a lot longer than "Box of Prox"
PS: they say they record what we are doing, but I don't really believe it (plus we haven't been given personal users yet)
Yeah. Would you choose a neurosurgeon who pokes around people's brains in his spare time? I wouldn't.
I have looked at this idea from a standpoint of the proxy-holder. Imagine if you could take all the data flowing to every large social-networking site, and analyze it. Then you know you can sell a way to defend against proxies.
So if I was a proxy holder I would:
1) data mine
2) Charge companies to block access -- extort
3) Charge people extra money to purchase access to the SSL version, in order to defend against SPI
There are currently a few ways to stop proxies:
1) Ban all known proxy URLs/IPs
2) Use SPI and analyze the content, then block it, rather than using URL/IP only
3) Trust... (HAHAH, just kidding)
4) blacklist:* whitelist IPs/URLs that only pertain the organization, and have a supervisor that has access to the whitelist.
The first time the MySpace-blocking stories came around I was on the bandwagon with the rest of you. "OMG! WTF? How can they do such a thing?!" This weekend my girlfriend gave me a different point of view.
This isn't about keeping the silent nerd from reading Slashdot. It's not about hindering Little-Mary-Sunshine from adding 5 more rows of dancing guinnea pigs to her MySpace. It's about the safety and security of the people (usually women) who have to administer the places where these "public" computers are located.
Our local community college library is overrun by teenage THUGS every weekday at 1:20pm. That also happens to be the same time that summer school lets out. Coincidence? The librarians are literally scared for their life by these packs of rude, unruly future-felons. They don't DARE ask the kids to quiet down, much less leave the premises. You might say "Bah, these kids aren't gunna knife her in broad daylight." They don't have to. The librarians need to leave work at some point, and since the ghetto-kids live right across the street there's nothing to keep them from doing the job at night while the ladies walk a half mile to their cars.
I work for a company that has a lot of retail computers for general public use. All of them are connected to the Internet. You may have heard of us, our logo is a nice white fruit, complete with a bite taking out of it.
Anyway, we were having difficulties with kids coming in and being disruptive, all the while spending hours on end on myspace. My manager charged me to figure out a solution (and, before you ask, asking them to leave did not work - we had already tried for weeks on end).
An hour or two later and we were effectively blocking *.myspace.com
The number of problem children went down, and our computers were again available to demonstrate to other customers. That was about two months ago.
We are now seeing a growing number of children coming in and using proxy servers to bypass our block on myspace. It is not too bad yet, but I have started researching ways of blocking them, as well. Luckily for now it seems to be two or three major proxies, so if we block those we will have at least re-applied the band-aid.
"You'll note that, though the company did find out where their fired employee was surfing the reason for his dismissal was the use of the web anonymizer to hide his tracks in the first place. There is a simple rule known by anyone who is a parent. If there isn't any noise then the kids are probably getting into trouble. Take note of that when you choose your stealthing tools."
In other words, those who think they're clever, usually aren't. A rather relevent lesson for this forum.
http://en.wikipedia.org/wiki/Rupert_Murdoch
The summary started off generally okay, even if it wasn't telling us anything we didn't know for the past 10 years, but that last sentence... that's not even English so poignantly details.
As a technical consultant for a software firm that produces acceptable use policy enforcement software, I see this happening a lot at schools and some businesses. Students use 'anonymiser' and proxy sites to access prohibited content.
If anyone is interested in a solution, check out a piece of software called 'Policy Central Enterprise'. The software is server/client based, and is basically a keylogger of sorts. It has the ability to block URLs, and even words - so adding the word 'myspace' to the blocked words list works wonders. It also takes a screenshot and grabs the user's details and reports the incident to the server so the sysadmin can caution the student*.
* On a Good Day.
The easy part was getting the brain out, but the hard part was getting the brain out.
You have posted this exact same cut and paste post a dozen other times. You are a spammer and you need to fucking die.
If everything's unblocked? For the first time, my school's sysadmin finally put in a blocker -- a very expensive sonicwall. He assumed that i would try to get around it, so he offered me a deal: His part: I get unblocked, unmonitored access. (this is on a personal laptop) My part: I gotta tell him all the various ways around it Can't tell other kids. So far, it's working out great for both of us. I tell my peers i'm 'hacking it,' they don't even try to get around, the admin gets everything blocked, and I get to visit the 2 sites that were blocked: Netvibes and my personal site (/. was open, for goodness sake!). I wasn't too mad about the content filtering, but this is great because my line is extremely fast, without packet scanning.
First off. Any smart Administrator will have the comp setup so nothing can be installed. Then have a program like deepfreeze where once the comp is rebooted then the comp will be starting fron new and the software wont be installed anymore. We have a security system program that stops programs from being installed and access to a lot of the windows sections, then we have then set as regular users, then with group policy , then deepfreeze. Then we have a filter, the security program also blocks websites, and window titles. I can also use another program o na server o nthe network if I had to to. A real admin would have no prblems blocking these. Also our security progra monitors every site visited i nreal time. I Could just send them a message and log them off the computer. SO any real admin would be able to block this stuff if they needed too.
Anyone who reads that from this so called "Network and Computer Systems Administrator" will be seriously scratching their head. First, they used a tool from the same people that make Webwasher pseudo-ware. This software basically looks for HTTP GET requests and prepares a report. Then he mentioned they found evidence of a leet batch file, "footprints", whatever those are, and of course this employee of theirs was some leet uber hacker going to deploy the latest and greatest worm on their network of poorly secured network running some sort of automated intrusion detection ware.
Then he ships the system off to Forensics (what company has a Forensics department I don't want to work at) and they were able to find all the bits, maybe even some bytes. When it came down to it, the company supposedly terminated the employee for using an online anonomyizer service, assuming they couldn't prove he was using it to break company policy.
If this story is true, which I highly doubt based upon the anecdotal evidence of this so called "Network and Computer Systems Administrator" they should have fired none other than this dumbass. Bullshit article.
"I'll just chip in a bit for RedHat: I actually have that installed on my university machine." - Linus, '95
As much as I despise Myspace, I don't necessarily agree on blocking it. However one thing IT guys gotta rememember is that there is always someway to get to the site. It is nearly impossible to stop people from getting there, that is, unless the It guy wants to wage a daily war blocking every single method constantly for the rest of his life.
Klingon Software is not released, it escapes, inflicting terrible damage onto the enemy as it does
Riiiiight, because we all know the "dangerous-kid" crowd and the attention-starved future camwhores of myspace have SO much overlap. First thing they want to do after poppin' a cap into some punks bitch-ass is to blog about it!
As a fan of freedom of speech (yes, even for kids!), I recommend Firefox, Privoxy, and the TOR plugin. Over time, this kind of setup is a lot less work per student, and you could even put the whole setup on a USB dongle and have all your bookmarks and browsing preferences with you at all times. I imagine if you have an ipod like device (or USB hook up cell phone), this whole arrangement would only take a couple of songs worth of space on it, and be with you at all times as well.
rhY
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
Actually, the only working solution to close the proxy hole is NAT + proxy whitelisting.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Actually there have been some idiots that have done that. Did you ever hear the news of the police who used myspace to solve a crime?
"I thought what I'd do was I'd pretend I was one of those deaf-mutes" ~ Laughing Man - GITS:SAC
I personally don't use MySpace but I have several coworkers that we shocked to see out IT guys block access to the site. My first thought was to use an anonymous proxy site. Now I read that more and more of these sites are popping up. It does not help us here. As long as theses site names contain the characters "prox" or "proxy" we cannot connect to them. Our IT guys have blacklisted those characters. We now get the following mesage:
Access Denied (policy_denied)
Your system policy has denied access to the requested URL.
For assistance, contact your network support team
-AxXium
Here's why you got modded down:
You gave an opinion about a Mac.
You never give opinions about Macs on slashdot (or really any forum). EVER.
There are two main camps:
1) Those who believe Macs are the saviors of all computing and Apple can do no wrong.
2) Those who think that Mac users are 'fags' and are stupid for wasting their money.
Even if you have a rational opinion, a person with moderation points from one group will lump you into the other group, and thus mod you down on principle.
Sorry, but that's how it is. Don't touch the Mac subject, that's like talking about Israel vs. Palestine, or Emacs vs. VI. All it does it get everyone to whip out their E-Penises.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
... No. I hadn't.
Yet, for some reason, I'm not surprised.
www.surfcontrol.com
www.websense.com
Both of these products block proxy servers. They do a good job of keeping up with which proxy servers are out there. If Joe Blow puts up a proxy in his house and sends the traffic via winsocks over sTunnel for his own personal use, then he might get away with it. But that takes a lot of work and your average user is not going to figure that out.
I'm Sysadmin at a Community College, and the moment we were able to, we blocked myspace.com. Once piece of software these kids get a hold of is JAP (http://anon.inf.tu-dresden.de/index_en.html). Be aware of this executable, and block it from being ran.
Here's a bunch of sources - not exactly statistically rigorous sources, but at least there are a bunch.
Rather than just the social issue alone, I have sources for the other questions posted in reply to my original post the Evidence for the specific claims I made is in boldface. (homeschoolers better in: quality, extensive social life; learn more; less alienated; happier; no "learned helplessness", therefore are more effective and self directed) Hard numbers are few, as might be expected (how reliably can one quantify such traits?) but the hundreds of individual parent accounts I have read are overwhelmingly positive for homeschooling as opposed to the epic battles and institutional anti-competence that most parents of gifted children in public schools report having to battle, usually without real success.
A large collection of general articles and research on homeschooling visit the biggest and best gifted education and information site on the web, Hoagies' Gifted Education Page
A collection of homeschooling success stories: http://www.hoagiesgifted.org/success_stories.htm
The TAGFAM and TAGMAX email lists (linked on first Hoagie's page above) give a picture from hundreds of families that strongly supports the intellectual, personal and social ability advantages of homeschooling. Compared to any other electronic forum I have seen - including 4-sigma IQ lists - the TAG list moms' writing is light-years ahead in perceptible intelligence, substance, style and tact.
Some basics everyone should know about homeschooling:
"School's Out"
Get ready for the new age of individualized education
(Reason, October 2001)
By Daniel H. Pink
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery?" - Patrick Henry