+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
Wireless Networks Thread, Can't block PHPProxy sites. in Technical; I'm having a little trouble with kids using PHPProxy based web sites to get round content and site blocking setup ...
  1. #1

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223

    Can't block PHPProxy sites.

    I'm having a little trouble with kids using PHPProxy based web sites to get round content and site blocking setup here at one of my schools. Basically I can't see anyway to detect that PHPProxy is being used. The webrequests look fairly indisquinshable from normal requests and do not give any indication of the true web address being viewed. Dansguardian does pick up with the content filtering occasionally but as the mime types and meta tags are stripped so its letting a lot through.

    Anyway, best way to see would be to try it. I've got it setup on my external webserver to test various proxy rules against it. If you want to experiment you can go to Here (or by IP) and give it a try. Let me know if your filter catches it. I'd be interested to know how.

  2. #2

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,374
    Thank Post
    625
    Thanked 951 Times in 653 Posts
    Blog Entries
    2
    Rep Power
    318

    Re: Can't block PHPProxy sites.

    Without the filter going through the actual HTML response and looking for PHPProxy identification, if any, I think the only way round it may be to use a different level of access control whereby users can view ONLY the sites in an allowed list. Highly inconvenient for research, but... PHPProxy looks like a pig to block

  3. #3
    StewartKnight's Avatar
    Join Date
    Jun 2005
    Posts
    1,587
    Thank Post
    2
    Thanked 27 Times in 21 Posts
    Rep Power
    29

    Re: Can't block PHPProxy sites.

    can you not filter for the term "proxy", and if you catch anyone on it, ban them for a week. Thats what I do here using Securus

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223

    Re: Can't block PHPProxy sites.

    Well yes I suppose I could add 'PHPProxy' to Dansguardians word blacklist. Its a bit evil though because it'll randomly block pages that mention it. (Sourceforge and Freshmeat mainly). Likewise, that doesn't help me if someone decides to alter the index.php a little and remove the offending text.

  5. #5

    TechMonkey's Avatar
    Join Date
    Dec 2005
    Location
    South East
    Posts
    3,237
    Thank Post
    218
    Thanked 387 Times in 288 Posts
    Rep Power
    158

    Re: Can't block PHPProxy sites.

    If it's the one I'm thinking of there is a common install path that is used that if your filtering system can filter that out it works 90% of the time. Other wise it's the old case of filtering as you find.

    Edit:
    Sorry I lied, I think I was thinking of CGI-Proxy. The only consolation is that both ROT13 and base64 often can't be processed by web servers so pages don't display. If they take that covering off then the url bits should be detected. I'll have a look though.

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223

    Re: Can't block PHPProxy sites.

    Its not. You can stick it anywhere on your webserver. The main php page is called 'index.php' too.

  7. #7

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223

    Re: Can't block PHPProxy sites.

    Sorry I lied, I think I was thinking of CGI-Proxy. The only consolation is that both ROT13 and base64 often can't be processed by web servers so pages don't display. If they take that covering off then the url bits should be detected. I'll have a look though.
    Uses the PHP standard library pack() function to achieve this. If the server has PHP it will be able to encode the urls. True I can decode the urls recorded in my logfiles but realistically I need to know where to look first. There's an awful lot of sites that generate http://somesite.com/index.php?RANDOMSTUFF type urls.

  8. #8

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,374
    Thank Post
    625
    Thanked 951 Times in 653 Posts
    Blog Entries
    2
    Rep Power
    318

    Re: Can't block PHPProxy sites.

    There are also sites that use query string to store session IDs. Usuall this is PHPSESSID but can still be changed.

    The binary number seems consistent throughout PHPProxy requests. I haven't looked at PHPProxy code but perhaps it could be relied upon for identifying it?

    Quote Originally Posted by Direct connection
    http://vle.bishopbarrington.net/

    GET / HTTP/1.1
    Host: vle.bishopbarrington.net
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: keep-alive
    Cookie: DokuWiki=98981ffabf977ebcd54e60a296f0604f

    HTTP/1.x 200 OK
    Date: Tue, 31 Jan 2006 14:06:30 GMT
    Server: Apache/2.0.46 (CentOS)
    Last-Modified: Fri, 23 Sep 2005 23:11:20 GMT
    Etag: "238280-186-87081600"
    Accept-Ranges: bytes
    Content-Length: 390
    Connection: close
    Content-Type: text/html; charset=UTF-8

    Quote Originally Posted by Via PHPProxy
    http://evildomain.dyndns.org/p/index.php?q=dmxlLmJpc2hvcGJhcnJpbmd0b24ubmV0&hl=1111101001

    GET /p/index.php?q=dmxlLmJpc2hvcGJhcnJpbmd0b24ubmV0&hl=1111101001 HTTP/1.1
    Host: evildomain.dyndns.org
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
    Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    Accept-Language: en-us,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Connection: keep-alive
    Referer: http://evildomain.dyndns.org/p/
    Cookie: flags=1111101001

    HTTP/1.x 200 OK
    Date: Tue, 31 Jan 2006 14:33:05 GMT
    Server: Apache/2.0.54 (Gentoo/Linux) DAV/2 SVN/1.1.3 PHP/4.4.0
    X-Powered-By: PHP/4.4.0
    Set-Cookie: flags=1111101001; expires=Tue, 28 Feb 2006 14:33:05 GMT; domain=evildomain.dyndns.org
    Last-Modified: Fri, 23 Sep 2005 23:11:20 GMT
    Etag: "238280-186-87081600"
    Accept-Ranges: bytes
    Content-Length: 537
    Connection: close
    content-disposition: inline; filename=
    Content-Type: text/html; charset=UTF-8

  9. #9

    Join Date
    Aug 2005
    Location
    Birmingham, UK
    Posts
    490
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Can't block PHPProxy sites.

    can you filter by the html of the page? (ive never set up or used filtering software so i dont know) because there seems to be a common phrase:
    Code:
    <form name="poxy_settings_form"
    I know its customisable, but how many people are going to go thru the hassle and it would filter all the ones which are not edited...

  10. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223

    Re: Can't block PHPProxy sites.

    Code:
    The binary number seems consistent throughout PHPProxy requests.
    Its the settings of your options. The state of the tick boxes bascially. So yes, it can change.

    can you filter by the html of the page?
    Yes, that should be doable.

    how many people are going to go thru the hassle
    If it was me, I would..

  11. #11
    Sirbendy's Avatar
    Join Date
    Nov 2005
    Posts
    2,298
    Thank Post
    8
    Thanked 202 Times in 153 Posts
    Rep Power
    109

    Re: Can't block PHPProxy sites.

    Gah..PHProxy/Proxify etc...pain in the arse...

    We have kids who'll merrily go home and install it on their own web-servers. Pig of a thing.

    Thats how I dealt with it...based on the content of the code. I'll look forward to trying it with the new filter, when we recieve the replacement to test in place of SWS 3.0.

    After 5 years of SWS/IGear..we're getting something that works...

  12. #12

    Join Date
    Jun 2005
    Location
    Elgin, Scotland
    Posts
    387
    Thank Post
    1
    Thanked 4 Times in 4 Posts
    Rep Power
    22

    Re: Can't block PHPProxy sites.

    Hey, that's not fair. If SirBendy gets a replacement for SWS/iGear then I want one too!

  13. #13
    Sirbendy's Avatar
    Join Date
    Nov 2005
    Posts
    2,298
    Thank Post
    8
    Thanked 202 Times in 153 Posts
    Rep Power
    109

    Re: Can't block PHPProxy sites.

    ahahaha! Well, MCS has been saying for 6 years that "it's cr*p. Nasty. Evil.".

    At the last tech meeting with NGFL, both Steve and I said "look, it's sh*te. If you go to BBC during breats cancer week, it bans the site because of "breast", yet if you go to google images and type in "hardcore donkey p*rn" or whatever, it goes right through".

    We also upset them by mentioning that we'd tested open source alternatives on the network, on a spare box in place of the SWS box in our own time..their faces dropped. I think they realised that come hell or high water we'd had enough, and decided that for once, they'd work with us.

    So, come the next meeting soon, they've said we can test out some alternatives..they'll bring 3 or 4 to the table, and we can pilot. Needless to say, the other schools in the area were quite eager too!

    It's always the same at the meetings though..25+ techies, and "any other business?"..nobody speaks up, then we wade in with "well, yes..a *few* points.."..heh.

    It comes to something when even the more tech savvy kids look at SWS and say "why not smoothwall?"

  14. #14

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,800
    Thank Post
    110
    Thanked 582 Times in 503 Posts
    Blog Entries
    1
    Rep Power
    223

    Re: Can't block PHPProxy sites.

    Well just to update. In an entertaining game of virtual chess against myself I managed to block and avoid the block setup several times. I'm now at the stage where I can prevent the inital page loading. Which is great.

    However I then preceeded to mail mailing myself a link to an encoded url (google). This allows me to 'start' using PHPProxy without going to the inital setup page. I can't do anything to stop this in the web proxy blocking so I'm looking at stopping myself in the antispam filter somehow.

    The battle continues.

  15. #15
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,946
    Thank Post
    235
    Thanked 48 Times in 44 Posts
    Blog Entries
    2
    Rep Power
    45

    Re: Can't block PHPProxy sites.

    Give yourself what for Geoff!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Proxy sites
    By whatwherewhen in forum Links
    Replies: 33
    Last Post: 28th October 2008, 03:14 PM
  2. Proxy sites now using 443
    By steele_uk in forum How do you do....it?
    Replies: 36
    Last Post: 5th October 2008, 03:45 PM
  3. another 1 to block
    By in forum Links
    Replies: 33
    Last Post: 15th December 2006, 02:14 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •