Slashdot Mirror
Proxy Sites Offer Secret Passage to Myspace
JafSquared writes "As sites like MySpace.com gain popularity in young adults, schools all over are finding that taking measures to keep kids blocked out of these websites is becoming increasingly difficult. As this hype continues, proxy servers such as "Box of Prox" are springing up like wildfire. While system admins furiously work to diminish the strain placed on their school's local networks from sites like MySpace, these proxy sites are enabling easy access to restricted areas. However, schools aren't the only places that are feeling the heat. Proxies have also been becoming a bit of a complication in the workplace. To the more advanced user, the proxy server can become a tool for malicious intent as this article, delivering an anecdote with the termination of an employee, so poignantly details."
My school district already hates me, just because I was using a VNC connection over an SSH tunnel to work on some stuff at home (yes, this was for a school project). For whatever reason they thought I was trying to access banned sites... funny thing is, I don't even like MySpace. Or any of those sites.
Creative misinterpretation is your friend.
When I was in school (5 years ago), schools were trying to block well known proxies, but were unsuccessful at blocking those of us with 'home brewed' proxy servers. This wasn't really such a problem, because the policy was "get caught looking at sites x, y or z and you lose your computer privileges", why does this approach not work with advent myspace et al?
Proxies aren't such a big deal anyway, I worry more about the possibility of a savvy user with a bootable USB flash drive and OpenVPN.
MacBook Pro. Worst name since the Bicycle
For the purposes of myself (who at first just wanted to play sudoku at WebSudoku...) and others in my class at college (who wanted MySpace) I set up a CGIproxy on my webspace. A few months later, it had to be removed; for a start, because even when password-protected, the thing sucked up about 50% of the CPU time on the (shared) server on which it was located. In the end me and my classmates were a minority, it was mostly others using it (I did get a very nice email from a US Marine in Iraq asking for the password... I wasn't horrible enough to say no :) I kinda pity the people who do the same thing, set up a proxy for their own personal use and watch it get used by just about everyone and their dog.
By summer it was all gone...now shesmovedon. --
Why did you unplug the monitor exactly? Was it to give the illusion that you were some sort of badass or something? Since it sounds like the people you were trying to impress were rather clueless anyways, they probably would've been more impressed watching you type a login and pass into a prompt under the guise of "hacking the system." Theatrics only show that you're craving attention.
1997 called. They want their story back.
Seriously, I can't be the only one here who wrote a CGI proxy server so that I can get around censorware (like BESS) while in high school. I even sold access to it to my fellow students!
Code is simple:
# fetch the url specified after the "?"
# prepend the url of the proxy to all link tags
# print the page out to the user
So all you have to do is run apache with this CGI from home, and you never have to worry about censorware again.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
That's no reason to blame MySpace. By the same token, MySpace users could say that Slashdot's either full of egotistical nerds or people with delusions of knowledgability...
By summer it was all gone...now shesmovedon. --
The case, of hiding your web travels while at work, was mentioned in this article which was cited in the post.
You'll note that, though the company did find out where their fired employee was surfing the reason for his dismissal was the use of the web anonymizer to hide his tracks in the first place. There is a simple rule known by anyone who is a parent. If there isn't any noise then the kids are probably getting into trouble. Take note of that when you choose your stealthing tools.
My old school used IP whitelisting. All ports other than HTTP(S) were blocked to the outside world - literally, not even SMTP/POP3/FTP were allowed. If the firewall detected non HTTP on port 80 it rejected it, same with HTTPS and 443. All non SSL traffic was scanned for a banned words. This system negated any measures that we could through at it - Web based proxies were not on the whitelist, neither were any which we set up. Any hosting websites were blocked - (members.aol.com and similar) and other methods either failed at whitelist or firewall level. Anyone got any ideas on getting past that?
And yes it does limit doing research.
no but schools network ADmins are certianly pretty incapable of doing their job if they are not using a whitelist instead of a blacklist.
Have only a list of acceptable sites. when blocked put a link to submit for approval and teachers in the class or room can click on the link they wanted, view that it is not a backdoor to myspace or someplace inappropriate and then click "allow" which add's it to the whitelist.
simple works great and has near immediate access to sites not on the whitelist.
Too bad most schools cant afford IT staff that has the brains to do this stuff. They have to spend all that cash on the sports programs!
Just this last year, our school introduced an extremely-restrictive proxy that would often block legitimate research sites (as well as all the fun ones.) In addition to finding a few workarounds (ping to get IP address, use that instead; google translation; etc.), I wrote a happy little program that I distributed throughout the computer lab.
o n=ADULT-CONTENT), it sent a nice little email to the IT guy. It was very polite, just saying a sentence or two about how I believe site.com had been added to the filter list in error and I would request its removal. Multiply that by every blocked site ever visited, though... :-D.
What did this program do? It ran in the background, monitoring Internet Explorer's address bar (couldn't find a nice API for Firefox, but mozilla.org was blocked anyway). When it detected that the proxy had taken over (http://www.lghs.net?blockedsite=mozilla.org&reas
(Yes, I know it's probably not moral to use school computers for this. Yes, I know he could have created an email filtering rule to send the messages to the trash. I liked it, and so did the users. *Shrug*.)
"May the days be aimless. Let the seasons drift. Do not advance the action according to a plan."
Ohhhh... That's right. Anything we don't like kids doing must cause ADHD.
You've hit the nail on the head; it is the 'not liking kids doing anything' that causes ADHD.
In the free world the media isn't government run; the government is media run.
I think the problem is, is that apart from creating a whitelist of sites (which is a pretty crappy way of using the Internet), there's no way to really keep kids off of sites you don't want them to see. You can't blacklist all the bad stuff, and once something is encrypted, the firewall would be very bad at filtering anything out. It may be a lack of knowledge, but it's also the lack of a solution. I don't know why they need internet except on certain computers anyway. When I was in high school, we had 1 or 2 computers in the library that had Internet, and it wasn't that out of the way, so you didn't dare try to do anything unauthorized. Mind you, we still did a lot of unauthorized things, like run gorillas, nibbles, or Cross Country Canada when we weren't supposed to, but nothing that they really cared about too much. The computer rooms were empty most of the time anyway. Most students used computers once in a while to type up a big essay, but that was pretty uncommon even in high school. Most research was done with books in the library. I don't believe that the Internet has changed the world so much in the last 10 years that kids need the internet for doing their school work. Are the even any reputable essay sources you can use on the Internet without paying?
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
I'm not the grandparent but I can respond to this. The way most K-12 systems are setup this is largely unavoidable. All computers are on one network within each school building. I know in the system I worked for most schools had one router and a class C of address space. The Internet access was provided by the state, and all sites ran through central office and through a firewall there. There was no way to provide completely seperate VLANs and routing because the state controlled the core routers and wouldn't do so. Our policy was that bookkeeping and other critical systems were kept off the network unless absolutely necessary.
Personally I wanted to use cheap Linux boxes as NAT routers/firewalls and put the entire office of each school behind one but that never came to be. It also never will, the system eliminated my position so now there is no network admin. Things will start falling part soon because I was the only person there who knew how to run most of the stuff I had implemented. (Which also greatly stabilized the network from how it was when I started. They had no network admin when I started either.)
Well yeah, but welcome to the reality of K-12 school systems. Often the network admins hands are tied by arbitary crap that's decided upstream. Even the most competent network admin can't do shit when they can't change parts of the network or the system refuses to buy the necessary equipment to implement even the simplest, cheapest solutions.
I can tell you've never worked IT in a K-12 system, and so can anyone else who has. I've done systems and network administration for years and in places other than K-12, and K-12 is an absolute nightmare. The students are your enemies, there's no two ways around it. It's not all of them, some are simply curious, some really want to learn but quite a few simply want to do whatever the hell they want to do, when they want to do it, and don't give a damn about learning anything that they don't need to know to access their game/porn/social networking site. They'll damage software installs if they can, they'll hose profiles, they'll screw up entire labs to the point of near being unusable all so they can play a game. I've encountered every one of those situations, and it's very hard, and very time consuming to get ACLs and permissions exactly right on every single point of attack that they'll use. (Also keep in mind that in my case I had 18 sites to deal with and was the only network admin. A lot of time I simply didn't have time to get all the fine details exactly right because I had fires to put out in other schools.) They also use attacks that you'll never see anywhere else, and frankly it's amazing and scary both. If these kids would bother to direct that intensity at learning they'd probably end up being brilliant, as it is they're generally hardcore slackers who don't care if they get suspended or expelled as long as they can play their game one more time.
I don't think it's necessarily bad to teach network programming to sophomores, but you don't know the realities of K-12 network administration at all or you'd understand why the grandparent said it was a bad idea. It IS a bad idea the way most K-12 networks are forced to be designed, and until that part is fixed (and you'll have to talk to people much higher up the chain than your local system to get that fixed, like your state congresspeople) it will remain a bad idea.
I use squid's bandwidth buckets to tarpit access to 'web contraband' like .swf files and can whitelist legit sites if needed.