buzzinh Posted May 11, 2007 Share Posted May 11, 2007 Hey guys as you know there are thousands appon thousands of proxy sites on the internet for gaining access to banned websites. i work in a school as an IT techi, where alot of people are bullied via things like bebo. we have blocked it because of this, but students are still managing toget acces to bebo etc.. with proxy sites. we can block them aswell but as soon as we do they find a new one! is there any way inwitch we can stop all these de-filter proxy sites working / some common thing they all need to work that we can disable? regards buzzinh Quote Link to comment Share on other sites More sharing options...
Shaun Posted May 11, 2007 Share Posted May 11, 2007 Hey guys as you know there are thousands appon thousands of proxy sites on the internet for gaining access to banned websites. i work in a school as an IT techi, where alot of people are bullied via things like bebo. we have blocked it because of this, but students are still managing toget acces to bebo etc.. with proxy sites. we can block them aswell but as soon as we do they find a new one! is there any way inwitch we can stop all these de-filter proxy sites working / some common thing they all need to work that we can disable? regards buzzinh I don't understand how you bully someone on sites like this? I suppose they can be used to spread rumours or make fun of people, but then there still needs to be some real life component. Unless the bullied person is actually actively going to these sites on purpose. And plus students can still access these sites from home so I don't know how you would stop this. Anyway, you can make a lots of the web proxies useless by filtering on actual content, e.g. look at the source code and if it says Bebo in the title element then block it. This won't stop proxies which use HTTPS though, unless you force use of your own SSL/TLS certificates on the browsers so you can do a MITM type thing and filter the secure traffic too. Quote Link to comment Share on other sites More sharing options...
buzzinh Posted May 11, 2007 Author Share Posted May 11, 2007 cheers we will have a look at that. they can still use these at home but if they are using them here to do it we can be liable. there for we have to do everything in our power to stop it. it is a pain in the arse but we have to do it.....orders from above :-) thanks for the advice. regards buzzinh Quote Link to comment Share on other sites More sharing options...
deleted Posted May 11, 2007 Share Posted May 11, 2007 If you filter SSL and have your own certificates, alot of normal sites that use these may not work like they are supposed to. Quote Link to comment Share on other sites More sharing options...
digip Posted May 11, 2007 Share Posted May 11, 2007 I know SmartFilter seems toblock 99% of the annonymizers and proxy servers. If you also set up an internal proxy you can cache and check them against your own black list and then ban the sites. http://www.securecomputing.com/index.cfm?skey=85 Quote Link to comment Share on other sites More sharing options...
Shaun Posted May 11, 2007 Share Posted May 11, 2007 If you filter SSL and have your own certificates, alot of normal sites that use these may not work like they are supposed to. What? The site has no idea the user isn't being presented with the right certificates, as far as the server is concerned the user is using the right certificates, because you are decrypting the traffic encrypted with your own certs when they get to you, reading whatever the data is so you can do your filtering, then re-encrypting with the website's public key. Of course you have to get the browser not to complain when your certificates aren't for the website they are on or aren't signed properly, but that's easy to do when you have full access to machine like in this situation as an admin. Quote Link to comment Share on other sites More sharing options...
deleted Posted May 11, 2007 Share Posted May 11, 2007 I have set up the SSL part of my site to localy read the Certificate and if it is the wrong one to redirect to an error message. I did this to make it more secure. Quote Link to comment Share on other sites More sharing options...
Shaun Posted May 11, 2007 Share Posted May 11, 2007 I have set up the SSL part of my site to localy read the Certificate and if it is the wrong one to redirect to an error message. I did this to make it more secure. I'm not quite sure what you mean by locally read the certificate, could you elaborate? Quote Link to comment Share on other sites More sharing options...
deleted Posted May 11, 2007 Share Posted May 11, 2007 I'm not quite sure what you mean by locally read the certificate, could you elaborate? Using Javascript I am able to read files on the harddrive so i make it open up the certificate and check its integrety. Quote Link to comment Share on other sites More sharing options...
Shaun Posted May 11, 2007 Share Posted May 11, 2007 Using Javascript I am able to read files on the harddrive so i make it open up the certificate and check its integrety. Files on whose hard drive? Anyone who visits your site? I don't think so. Quote Link to comment Share on other sites More sharing options...
Deveant Posted May 12, 2007 Share Posted May 12, 2007 Using Javascript I am able to read files on the harddrive so i make it open up the certificate and check its integrety. hmm i have issues with this comment as well. As for the main topic, this is our security setup for filtering. were using blue reef's sonar, and to block most proxy sites, we block out HTML code, this allows us to read the HTML code for strings, and refuse to pass it onto the client. The strings that seems to have done the most damage is, "Proxy+Myspace", and "Proxy20%Myspace". Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.