• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1336
  • Last Modified:

Blocking Myspace, even when users are useing Proxys...

At the school that I work at students are constantly browsing Myspace. Apparantly the faculty cannot stop this through disciplinary measures so they asked me to stop it with technical measures. So I set up a rule on our Packetshaper to block Myspace.com and that was that.

But now the students have figured out how to use proxys to get around the block. To combat this I had went out and found all the lists of proxys that I could find and added them all to the HOSTS file to block them. But there are literally thousands of free proxys out there and I do not have the time or resources to find them all.

So as it stands, even with Myspace.com blocked at our Packetshaper and even with all of the popular proxys blocked with the HOSTS file, students are still using other proxys to surf Myspace. I need a way that I can block all access to Myspace even when they are using proxys to access it, preferably without having to resort to any third party software as getting approval to run extra software can take months around here.

These computers are running Windows XP Pro with all the updated patches and with the latest versions of IE, Firefox and Netscape.
0
xy8088
Asked:
xy8088
  • 3
  • 3
  • 2
  • +4
2 Solutions
 
Dufo G. BelskiRetired bureaucrat/desktop supportCommented:
>>Apparantly the faculty cannot stop this through disciplinary measures

Sorry, I can't address your technical question.  But having suffered through a similar incident, let me tell you that this is not your problem.  This is a faculty\administration issue and for them to foist it off on you is not fair.  If they cannot address it then they are ineffectual at best.

>>getting approval to run extra software can take months around here

So they ask you to fix a problem that's not yours to begin with, and then won't provide you the necessary support to do the job?  I do not envy you.

Bottom line:  this is an administrative issue, not an IT issue.
0
 
thoffmanCommented:
There really isn't much you can do without third party tools. As you've found, there are thousands of proxies, and the list is constantly changing. You'll wind up spending most of your time fighting a losing battle.

The best thing you could offer is to setup a logging system. Give each student his or her own login (if that's not already being done). Update the computer usage guidelines to prohibit using proxy servers of any type. Then, track every site each student visits. Look for proxy-like sites. Confirm that they are, indeed, proxies. Give the faculty the list of students found violating your policy. Let them deal with disciplinary action that could include revoking computer privileges (which will be easy if each student has his or her own login).

By ensuring each student has a unique login, the disciplinary measures the faculty can take will include revoking Internet usage on a per-student basis, whether it's by a logging system or just by the person watching the students.

Another option would be to block all websites then create a white list of approved sites. I wouldn't recommend this, however, because that's almost as much work as blocking proxies. However, it may work as a disciplinary action. Rather than completely restricting access of those who violate the policy, you can restrict them to pre-approved sites.

--
Troy
0
 
xy8088Author Commented:
One of the big problems is that this is not a High School. This is a private college for adults. There are usually around 1,000 students here and they are probably all over 18 years old with the average age being around 25. These "adults" are also paying lots of money to go to school here. So things like disciplinary action and "revoking Internet usage" are not really an option in the eyes of the administration.

It is obvious which students are using Myspace because they do it right in front of their instructors. The students know that they will not get in trouble for it so they do it without even trying to hide it. These are adults and the faculty here refuses to punish them as if they were children. Plus being a private profit motivated school the administration is concerned with keeping students coming here (and paying tuition) and is not going to jeoporidize that by alienating students by punishing them for going to the wrong websites.

It sucks and I do not agree with any of it but that is just the way it is here. The administration wants me to keep students from going to Myspace so that is what I have to do. For me it is pretty much just a technical problem and cannot involve any kind of cooperation from the students or faculty.

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
SilentezCommented:
Try to use some tools for blocking web sites by keywords. For example such tools builtin in many firewalls. Just add "myspace.com" to the list of blocking keywords and that's all.
0
 
KenneniahCommented:
The bottom-line in my opinion.....
If you want to give users internet access, but don't want them getting to certain sites, you'll have to do that through your proxy server. Force the computers to use your proxy server by using Group Policies, then configure the Proxy server not to allow access to those sites.

Unfortunatlely in your case (I assume you are talking about anonymous proxy websites, not actual proxy servers), you'll either have to manually enter every single URL for them you can find, or you'll have to subscribe to a 3rd party that does that kind of work for you. If you can talk Administration into it, Websense works very well for us for web blocking\filtering.

http://www.websense.com/global/en/
0
 
georgecooldudeCommented:
Get a proxy server in your LAN like bluecoat then block all access to myspace. add a keyword filter to block "proxy". Setup every PC to go via the proxy. Make sure they don't have admin access to the machines to remove the local proxy. Problem solved. Well 99% solved. There will also be the few that will get through. Thats the fun of being on a school network. Whatever restrictions you place down people will always try and break them especially school kids. I know I was the same a few years back after figuring out how to send console messages to the entire lan :-P
0
 
thoffmanCommented:
Now that I know it's a college, it's a whole new ballgame. Understandably, you can't punish students the same way as in high school.

I went to myspace through a handful of these proxies. I noticed a few things in the source they return.

First, they don't seem to strip out the keywords mega tag. These keywords seem to be the same on each page, though I can't be 100% certain, since I only checked a few profiles in myspace.

Second, they leave behind the WEBPROFILE* comments.

Finally, there still are places in the source that contain "myspace."

So, you can do content-based filtering using something like the keywords tag, WEBPROFILE, or myspace.com. The last one might not be such a great idea, though, because Google searches that happen to return a myspace page will be rejected (though, I suppose, you could whitelist Google and other "safe" sites to allow any page, regardless of content). There may be proxies that strip those out, but most of them don't seem to do so.

--
Troy
0
 
xy8088Author Commented:
So what you are all saying is that there is no easy way to do this using just the tools available on a default install of Windows?
0
 
Expert4XPCommented:
>> The administration wants me to keep students from going to Myspace so that is what I have to do.

Send the administration to China for awhile and see if they then have the same opinion. (just kidding).  But the subject of blocking, censorship, proxies, etc. is a big-subject item in many countries, and not just to prevent idle socializing.

Here's a couple:

Through hell, high water or Web filters
As Congress mulls action, some schools already limit MySpace access. But it hasn't kept teens off the site.
http://www.latimes.com/entertainment/news/la-et-networkingwars31may31,1,3879691.story?coll=la-headlines-entnews&track=crosspromo

Web censorship: Correspondent reports  
As human rights group Amnesty International launches a global campaign to try to halt censorship of the internet by governments, BBC correspondents report from some countries where web users face difficulties.  
http://news.bbc.co.uk/1/hi/technology/5024874.stm

Hoodwinking the censors
Revenge of the nerds
Three computer geeks at the U of T are renowned developers of anti-censorship software, including a program out this month that could allow people to outwit the world's most repressive regimes
http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=1146865816987&call_pageid=968332188492&col=968793972154&t=TS_Home


0
 
KenneniahCommented:
Blocking in cases like these have nothing to do with censorship.
Like in my company, these are company (school in the posters case) owned computers utilitizing the bandwidth paid for by the company. We provide the computers to employees to use for WORK, not to browse things like Myspace. Not only does it take time away from what we are paying for, the bandwidth being used for non-work related issues can cause actual work to take longer. Why should we pay for employees (or the college pay for students) to access things like Myspace?

Censorship would be stopping them from accessing it on their own computers using their own bandwidth.
0
 
Expert4XPCommented:
Kenneniah -- ok, and I understand and agree with your point.  This is a timely thread though, and I recently read the article in the Los Angeles Times.  Many companies and schools are discussing this very topic.

However, I remember (wayyy back) before the Internet was invented...we had a similar question at work:  "How can I prevent my employees from reading the newspaper or a magazine at work?  Or talking on the phone?"  Note, this is not an IT problem, it's a productivity problem as you point out--causes actual work to take longer.

No one solved the problem back then, except to tell the employee to stop or else.  Doubt if we will solve it now.

So a company blocks, myspace.com today, then I guess we should also block espn.com as well, then cnn.com as well.  Oh well, you get the idea, just block ALL those non-work websites!



0
 
KenneniahCommented:
"Oh well, you get the idea, just block ALL those non-work websites!"
We do :)

It is slightly different than a magazine or newspaper however. A magazine or newspaper takes up user time yes, but not other company resources. We actually have no problems with that if an employee is getting the work they need to done. Internet access is a different for a few different reasons. One, it creates network traffic internally, which if a large number of employees are using it for personal reasons, could slow down network traffic for actual work. Magazines don't do that. Plus, for our internet, we use leased lines where we pay for the amount of bandwidth used. Employees using the internet for personal use, can cause the used bandwidth to jump to the next level, therefore costing the company more money than business use alone. There are also possible legal ramifications. Any illegal activites performed by employees using the company internet connection can result in charges/fines for the company itself. Web traffic can be traced back to an IP, which can be traced to your company, so even if not illegal, actions performed by employees using the company internet can reflect poorly on the company. From a security standpoint....the more personal internet usage at work, the more chances for an unkown virus to get through or security hole to be exploited.

Before we had such a strict stand (and before I worked here thankfully), we had a user post on a website some financial information about the company. He thought he was okay since he was using it as an example to make a point, and didn't mention the company name etc. However, the IP was traced and it the information did end up being used in a manner that caused a fine for leaking insider trading information.

Now, we don't quite block everything, but we are very picky about what users can get to for these and other reasons. In your examples, CNN.com is open as there might be business reason to get there for market information, or since we are an insurance company, disasater information etc.

One of the concessions we chose to make however, is we have what we call library computers in each user area that allows access to most categories of websites. Users are allowed to use this on breaks etc. These computers are on a seperate network from business computers, so no viruses or unkown Windows security holes can compromise the company. Since they are out in the open, where supervisors can always see who is using it, users are more likely to just do what they need to, then go back to their desk. The bandwidth issue is lessened, since a limited number of users can use the computers at once.

I've always been kind of two minded about things like this. On the one hand, for the reasons already mentioned, I want to restrict access as much as possible. But on the other hand, I think if you can trust employees with business information and decisions, you should be able to trust them to use internet access wisely. Finding a balance that works for not making employees feel like children, but still addressing reasonable security and financial concerns is an ongoing task :P
0
 
xy8088Author Commented:
I pretty much explained to the administration as best I could that we are already blocking myspace.com and that if they want us to further block the ability of students to get around it using proxys that they would have to be willing to actually be willing to throw some money at the problem because working with the hardware/software that we currently have there is no way to block it beyond what we are doing. I divided up the points between the most relevant technical answers to my question because they gave me some info to work with in case the administration does decide to throw some money at the problem.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 3
  • 3
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now