Announcement

Collapse
No announcement yet.

The Porn Debacle... again...

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The Porn Debacle... again...

    Some of you may remember my first porn debacle.... well, it's happened again.

    So, right after I walked in this morning, the admin asst from the dining hall called in. She said that she thought the night worker got on the computer that night, and now the program they use to track students wouldn't open.

    I pretty much rolled my eyes and waited for my manager to come in. When she did, I explained what was up, and she decided that she'd go with me, and we'd figure out what to do when we knew exactly what was up.

    So, we get over there, and the AA tells us they had to turn off the computer, because it kept popping up porno.com. I start it up, and.., yep, it's infected.

    So, we take the computer with us, and manager tells me that she'll have a student worker work on it, so I don't have to, which is a yay. So, we get back, and after awhile, a student comes in, and they get started on the computer. Malwarebytes came back clean. While SUPER was running, the AA of the dining hall called back, asking if we could get any proof from the history of the computer to prove that the guy was getting on the computer.

    So I spent about 2 hours pulling each website and taking a screen cap of the sites visited and the time last visited. First, we had him dead to rights. He logged into both his facebook account and his email. Secondly, there was the normal run of porn. And...... finally, the site that had the largest amount of visted pages???

    CROSSDRESSER.COM

    I did learn far more about this guy than I wanted.

    Thankfully, during my investigation, I found a reference to the files that were infecting the computer. I was able to remove the files in question, and the computer was then fine. I brought the computer back to the dining hall, set up the computer and discussed my findings with the AA.

    I will be locking down the computer BIG time tomorrow.

    Wish me luck!
    SC: “Yeah, Bob’s Company. I'm Bob. It's my company.” - GK
    SuperHotelWorker made my Avi!!

  • #2
    Wow... That guy is so going to get cann'd. I feel badly for you, having to slog through someone else's pr0n browsing habits. Eeew.

    Quoth technical.angel View Post
    Wish me luck!
    Good luck!

    Comment


    • #3
      Quoth technical.angel View Post
      And...... finally, the site that had the largest amount of visted pages???

      CROSSDRESSER.COM

      I did learn far more about this guy than I wanted.
      You don't know... It might be he was looking for fashion tips.
      Sorry, my cow died so I don't need your bull

      Comment


      • #4
        I know is is a bit late.... but if you bullet-proof tips on doing forensics on PCs:
        http://it.toolbox.com/blogs/securitymonkey/
        There's no such thing as a stupid question... just stupid people.

        Comment


        • #5
          Quoth technical.angel View Post
          Thankfully, during my investigation, I found a reference to the files that were infecting the computer. I was able to remove the files in question, and the computer was then fine. I brought the computer back to the dining hall, set up the computer and discussed my findings with the AA.
          MBAM didn't find it? Then you should zip up those files and get in contact with MB and say you've found a new threat. I'm sure they'd be very, very, very interested in getting their hands on those files.

          Comment


          • #6
            After I deleted them, I realized I probably should have done something like that, but then it was too late.
            SC: “Yeah, Bob’s Company. I'm Bob. It's my company.” - GK
            SuperHotelWorker made my Avi!!

            Comment


            • #7
              At the risk of squick and TMI, crossdresser.com isn't porn. It's a retail site for dressing supplies.

              Comment


              • #8
                i don't suppose you can block the computer from accessing porn?

                on most of my navy ships we had intricate rules stored in the router that specified which computers could access telnet, what IP addresses were blocked (both for incoming and outgoing transmissions). pretty much if you wanted to access porn you had to really work hard to get to it.

                Comment


                • #9
                  Quoth PepperElf View Post
                  i don't suppose you can block the computer from accessing porn?

                  on most of my navy ships we had intricate rules stored in the router that specified which computers could access telnet, what IP addresses were blocked (both for incoming and outgoing transmissions). pretty much if you wanted to access porn you had to really work hard to get to it.
                  Or just be smart.

                  I once wrote a script that scanned for usable proxies at a pretty decent clip. And I could always portforward through SSH via my server.

                  I would repeatedly get in trouble in high school for accessing sites I "wasn't supposed to", like Digg (I know). Don't have much respect for authority, no.

                  Comment


                  • #10
                    Quoth PepperElf View Post
                    i don't suppose you can block the computer from accessing porn?.
                    There's a file on the computer called host.txt that tells you how to map addresses to ip's and you can manually edit it. My husband found a giant file online that had tons and tons and tons of assorted porn sites on it that basically never allowed them to load.

                    We found this due to one of the kiddos needing a lot more restriction in her surfing

                    Comment


                    • #11
                      yeah my ship went through trouble with the proxy hack sites... it went badly cos some of those hack sites also hack *you* back (malware/viruses/keylogging). in a nutshell the hackers almost crashed the network (viruses on the servers = pretty fucking bad)

                      they had to scan the traffic logs and punished everyone who went to a hack site - no computer access for a week & a signed counseling chit. and if you refused signing, they refused to turn your account back on.



                      and another idea for preventing computer issues... my college does this - although sometimes they mess it up... Deep Freeze.

                      In a nutshell, the software will set the computer to a specific setup (your choice) and whenever you log off or shut the computer off, it'll revert to that setup. The only thing i hate at my college is that sometimes they forget to register some of the software ... so you have to go through the "do you want to register" crap ... a lot.

                      Comment


                      • #12
                        We use DeepFreeze.., well, I think it's DeepFreeze. Well, DeepFreeze or a very similar software in our computer labs.

                        The big problem is that the computer in question lives in a gray area. The dining hall is run by an outside company. We supply the computer, but that might change here now that the big boss has found out that the dining hall staff is a separate company, not related to the uni.
                        SC: “Yeah, Bob’s Company. I'm Bob. It's my company.” - GK
                        SuperHotelWorker made my Avi!!

                        Comment


                        • #13
                          Deep Freeze, unfortunately, does a couple of things completely wrong, and as a result, is readily defeatable. If something nasty manages to run as Administrator, all bets are off.

                          To protect against privileged processes, you need to replace MBR (they don't), backed up by in-BIOS MBR write protection (beyond the software's control, but how many sysadmins actually turn that on?), have a complete disk backup in a hidden location on the machine (they only back up certain system things + registry and try to "diff" the rest, a fool's errand if there ever was one), and restore before Windows boots (DF runs as a Windows service, giving other crap a chance to run before it even gets executed).

                          Comment


                          • #14
                            Quoth RestaurantDude View Post
                            Wow... That guy is so going to get cann'd. I feel badly for you, having to slog through someone else's pr0n browsing habits. Eeew.
                            Indeed, TMI, TMI!!!
                            I'm trying to see things from your point of view, but I can't get my head that far up my keister!

                            Who is John Galt?
                            -Ayn Rand, Atlas Shrugged

                            Comment


                            • #15
                              Quoth technical.angel View Post
                              CROSSDRESSER.COM

                              Wish me luck!
                              Firstly, that was way too simple, how did I never run across it?
                              And, 'Luck'...
                              "I call murder on that!"

                              Comment

                              Working...
                              X