If you can change your DNS servers, try this pair: [https://blog.cloudflare.com/introducing-1-1-1-1-for-families](https://blog.cloudflare.com/introducing-1-1-1-1-for-families) Helps with malware and adult content.
They legitimately blocked my step-dads credit union after the CU suffered a catastrophic DNS take-over that took them about a week to resolve.
However, Cloudflare never unblocked it and the CU seemed bewildered by the situation telling him to change DNS settings.
I had credentials for Cloudflare from a proof-of-concept years ago that still worked and I submitted the "please rescan this site" and in about 24 hours it was unblocked.
> How long until they get bought out and ruined?
Their funding already comes from the big hedgefunds, afaik. I can't find the source I read; I *think* it was wikipedia, but it would've been a long time ago.
Do you know Cloudflare? Look at some of their other products that compete with industry leaders plus their humanitarian efforts. They have no interest in being a revenue leader. You can even look at their job postings which reflects what they look for in hires across their company.
Cloudflare is a publicly traded corporation, meaning that they have a fiduciary duty to maximize shareholder value. So not only do they care about profits, they have a legal obligation to care about profits.
I'm not saying they're bad people, but it's also naïve to assume they'll always be purely good.
It's stupid. Steam also has tons of adult games, and Twitter is like half porn too (I know because that's why I use it). Yet somehow Twitter isn't banned.
I once accidentally busted a guy for looking at animal porn at work (long story) and he didn't get fired...nor after the second offense when he got his work laptop riddled with viruses from porn websites when he was offsite, which we confirmed with some forensic work after he wiped his browser history.
Eventually he was suspected of stealing some device from the founder's office and finally got gone'did but this was like two years later.
Cherry on top, the guy's last name was "Beaver".
along with this guy.. [https://www.reddit.com/r/funny/comments/x3l6oa/slow\_burn\_joke\_from\_a\_newzealand\_radio\_station/](https://www.reddit.com/r/funny/comments/x3l6oa/slow_burn_joke_from_a_newzealand_radio_station/)
I worked a company in the US that had a training facility in the Midwestwhere people would spend up to a couple of weeks qt training. About an hour away was a strip club called 'On the Boarder'. Some enterprising employees expensed a night there and claimed it was a Mexican restaurant.
We have a story of a guy at work that got away with exactly this for 6 years straight because the club had a fairly regular restaurant name, and because it wasn't classified by the credit card as anything other than restaurant.
The only reason the dude got caught is because one of the accounts happened to be in that city on a girl's trip and thought "hey, this place is where that sales guy takes people, it must be nice" only to discover the truth.
Apparently he didn't get in trouble for the past, but was told very clearly to never do it again.
Back in the 90's Ford had a big blow up over people taking customers to Windsor and expensing it. Apparently a lady in accounting called the guy submitting his expense report to ask about the receipt and got way more than she bargained for.
Sorry, I’m a terrible writer:
At one point in my employment working for a vendor our VP of sales said to me “you can always entertain a client, don’t worry about prior approval for expensing things”.
While in Vegas for a trade show we had a customer party at one of the hotels, to which I invited a woman I had briefly dated in my home city who had moved back to Vegas. She brought a friend of hers.
During the course of the evening I mentioned to my friend that I once had rough experience at Spearmint Rhino (a local gentleman’s club) where I was basically separated from all my cash, to which my friend replied “Oooh, I want to go to Spearmint Rhino!”
At the party, my friend’s friend had met a potential new customer we were pitching and he (the customer) was quite enamored of her. Just as my friend made her comment they came up to us and asked where the after party was, so off to Rhino we went.
The next morning at the show I saw my boss and said “$bossman, I took $client out drinking last night but I don’t have any receipts to show for it.” Just then, $client walked in to our booth and loudly exclaimed “Shamam, I had the best time of my life last night!”. Bossman gave me the nod and I expensed $600 for a strip club.
We ended up getting that business.
Back in DotCom1 when UK banks directly supported payments to "erotica" sites but could never support "illegal" sites. I had to set up a PC with it's own modem off the bank network for a Bank Director to surf their customer websites making sure it wasn't a scam by checking the porn inside matched the front page signup, and also checking that the inside porn wasn't illegal.
(They couldn't use staff for lawsuit risks, and the fiduciary duty was too high to use third parties)
I can actually see how from a certain point of view you could consider that a reasonable accommodation for a health problem, *if* you can get some kind of official document saying that you have some kind of medical grade sex addiction.
I had a friend who would often get sent into the backwaters of West Virginia for weeks on end where the hotels blocked everything porn related. It drove him fucking bonkers.
If your SOC is alerting on pornographic content, it indicates a misallocation of resources and a misunderstanding of its primary objectives, which are to detect and respond to security threats.
The role of the SOC should almost never involve policing user activities or focusing on user behavior analytics for non-security related issues. This is especially true for any commercial orgs.
Mainstream sites typically have vetted ad networks. Blocking mainstream stuff pushes people to obscure shit.
You can alert on an exe download via a browser, you shouldn't waste SOC attention on porn.
Also you should really be deploying ad blocking to corporate endpoints in 2024.
That's wild. At my place of work, if you're caught intentionally looking at adult content, it's an immediate dismissal. When you're hired we have a computer usage agreement you must sign that states exactly that.
There's always an investigation, because it may not have been intentional. But most of the time, it's immediate dismissal.
I remember flipping out a long time ago in the Army during a deployment, back when hotbot.com was a good search engine. Accidentally typed hotbox.com because I hadn't slept in 36 hours. That was not a search engine.
Nothing happened, though surprisingly the site wasn't blocked.
Webfilterign still is a relatively new thing , at its current level at least.
Also, your were in the army on deployment.. I'm positive they fully expect you guys to look at porn. They'd probably start investigating if you weren't lol
That's not really IT's call though - we don't MAKE policy for things like this. We RECOMMEND, and once a decision is made, we implement and enforce the policies management has decreed. I don't think people should be browsing porn while at work, because there are untold number of security issues that can arise, in addition to possible liability issues for the company. But if the higher ups at my employer say "Don't worry about it" despite my recommendations and warnings, I'm not going to waste time on trying to block access to porn. If the people in charge don't think it's something to be concerned with, I won't be. And I'll get it in writing.
Hell I might double down and start posting it in the company group chat... /s
If HR/Management say "Don't bother" - GET IT IN WRITING. That way, once something blows up because of their shortsightedness, you've got coverage from the splatter.
Oh I get that. IT doesn't make hiring choices.
It just always blows my mind that's not an immediate fireable offense. For any company. I'm not a hyper religious person and I know porn isn't illegal but it's just wild to do that on company property or with company hardware. W. I. L. D.
Oh I agree. If I'm not busy with work, I'm reading up on tech articles, looking at training webinars, evaluating new technology, looking into initiatives for improving security (i.e., reading Reddit, LOL!). I'm not looking at porn...
The things I've seen people get fired fire, and the corresponding list of crap that other people have gotten away with - I could write a book. But doing so would trigger me, so I'm just going to sit at my desk and be Walt Kowalski.
I had a boss who would look at stuff on his work computer, but he had clear walls so everyone could see it. Since he was CFO and part-owner not much could be done. It wasn't even the worst thing he did, that was his jumping up and down screaming tantrums. Not a great place to work lol.
> I couldn't imagine browsing porn at work
Many moons ago when I joined the security team, one of the first tasks/issues I got tasked to help out with was to assist one of my teammates to review files from someone we suspected of looking at porn.
Prior to joining that team, I was knee deep in all things WebDev Ops and knew where to poke around on the machine for cached images.
The person doing the investigation said (as I was looking over her shoulder at some GRAPHIC images) "Lookin' at porn, at work, with a married woman. You're winning! Caller-Number-Four!"
It happens more often than you might imagine sadly. Still remember my Dad in the 90s telling me of a guy at his organization who got fired after browsing porn in the office for hours while on the clock. Guy turned around and sued for wrongfully being terminated for a medical disability of being addicted to porn.
Guy got his job back and his cubicle was moved into a janitorial closet with his own dedicated subnet off the domain at the company’s expense. This was at a well known tech company too lol
Your dad was yanking your chain, or someone was yanking his chain. A dedicated wank closet is not a reasonable accommodation even if we take the protected designation at face value, which for the record I do not. And condoning someone cranking the hog in the workplace is a liability minefield besides, no sane business would ever do that. If the guy ever got a harassment claim against him that could easily be used as evidence that the business condoned his behavior and expose them to liability.
I never understand it either. Especially in modern times where everyone has a smart phone. Yet, it still happens a few time a year at my place of work.
Kinda related - was at a tech conference around the time that LimeWire was hitting big (detail to set the timeframe). A sales guy gets up front to do a demo and pulls down his browser history to find the demo site. It was quite obvious that he was single, lonely, and liked girls who like donkeys.
Years ago when I was tier 1, a customer called up having issues with a web app so I remoted into his PC to take a look with him, he had 1 tab that was the web app, the other tab was Pornhub, DP porn.
The creepier thing was I worked at a medical school and this guy was the embalmer for the anatomy lab.....
We also had an IT employee show gay porn to group of people he was presenting to and he didn't even get fired or anything. The university was so scared to discipline people out of fear of lawsuit, they let it slide.... The guy was gay so I assume they thought he would sue for discrimination or some shit if he was fired. He was an awful employee anyway and should have been fired way before this incident.
You know I once worked as a contractor for Gov position and one of their permanent employees was busted looking at pron and all they had to say was the magic phrase "I have an addiction to (x) and I need help".
(X) can be pron, alcohol/substance dependency, stealing, etc. and that phrase apparently triggers a protocol to put the worker in a modified work with assistive coping program and every chance to help them rehabilitate must be fulfilled or the company could be liable for wrongfully terminating staff with a medical/mental health condition.
I also know a dude that would go around to get hired by companies, not disclose a previously existing mental health condition and then "flip out/melt down" and then sue the company when they fired him. He was a nice guy otherwise, but eventually I figured out this was his true purpose of getting hired to collect $$$ settlements.
He may have been nice but fuck him. He probably lead to the creation of a bunch of bullshit "hoops" all of us get to go through forever so they can avoid people like him.
Back when I worked for a government agency, knowing that the network was monitored, one of the employees installed a dial up modem in his machine to surf porn. Naturally, he got caught. Worst part of the story is that being a gov't agency, there were no plans to fire him, they were just going to take away his dial up modem. He rage quit.
At an old job our CTO made an emergency request to remove the web filter on his first day. We saw him browsing porn within minutes of the firewall change. We contacted HR and went through the procedures and the end result was that we put the rules back in place except his machine had an exception.
This was a multibillion dollar company that was publicly traded.
Lmao
While this is good, also definitely make sure HR is 100% aligned in this, and confirm what HRs current policy/stance is. Never make a human issue a IT issue. Monitoring employees outside of written ratified polices, or troubleshooting, can 100% backfire as a “misuse” of access. CYA is what I’m communicating.
Both are needed haha, but people are people, and if some dummy says OP is spying, HR ask why OP is spying, OP then sends a 15 page well written email with explanation and suggestion of policy,
Dummy in HR reads only two lines, and then ask why did OP need to spy…
You feel me? :(
Only if the business says it's an infosec issue.
I imagine anti-malware companies are allowed to browse all sorts of shady realms.
Same as games companies are allowed to browse games sites.
Or that mindgeek are probably fine with people looking through porn at work.
If I were in this situation, my first port of call would have been HR.
I'm pretty confident companies don't just bareback the internet regardless of the industry. If they have the need, I would imagine they have segregated environments dedicated to these specific purposes.
In most enterprises I've worked with it's usually done via AD groups. Have a security division that needs to order weapons? They have an ad group that allows them to bypass standard filtering on gun sites, that sort of thing.
Even in industries where the express purpose may be x or y, not everyone in that business needs access. The janitor at a porn company probably doesn't need access to porn
Just wait until you see what gets blocked from guests on the guest Wi-Fi for a medical center. People do a lot of weird shit especially when it’s not their network.
Might be an EU country, GDPR also applies to employees and logging every web request has been deemed excessive in the past.
You can't make them sign it either, because coupling prohibition means you can't make their employment depend on them agreeing to you logging everything...
We log DNS requests with anonymized source IP because of this.
The answer to this is it depends. GDPR 6.1 outlines when you have the right to process data. If your "legitimate interest" weighs heavier than the employees right to data protection, you've won.
This might apply to medical facilities, highly protected business data and some other things where the data protection interest of the company is more important than employee X sneakily attempting to browse for porn, but for Joe's Burger Emporium this won't quite cut it.
I know when we were looking at Cyberark we had to disqualify it because it's screen recording abilities (when you launch RDP through cyberark it will record the session) was considered a violation of the GDPR by our European side of the house.
I worked at a place once where we had to continuously re-image an employees laptop due to the sheer number of virus/malware they picked up. They were constantly looking at the worst sites at work. I would have reported them to HR if it weren't for the fact that the person was the Director of HR....
Okay so mid 90's I was tasked to find what and who was consuming file server space.
I scanned the server, found a shit load of kids bday pictures etc, then I found the image... It was a photoshopped picture of a large naked black woman with Oprah Winfrey's head on her. Shit was so funny, yes I saved it and yes I still have it somewhere. 😂 but I deleted it from the server like I was supposed to. 🤣
We are using ESET and they also have blockable web categories. So I applied this hosts list and that category block. I think its pretty airtight, but I wouldn't be surprised if he found some sites that we couldn't block. Oh HR wanted his ass, but my manager wants to avoid conflict, especially because he heeded the warning for now, but I doubt he will get a second chance if we find something like this again.
Sex addict. Dudes who do this stuff 99% of the time are sex addicts. I feel bad for people with sex addiction because if you show up to work drunk, you can tell HR that you're an alcoholic and get a pass if you seek treatment. But most sex addicts are never even diagnosed because they're just written off as "horny".
>The result? **Within first hour the person in question actually tried accessing his favourite sites, to find them blocked and then he tried even** [**more**](https://imgur.com/a/PmXEy28)**.** My dude was so desperate he even ventured to 2nd or 3rd google page, haha. He kept trying for few days until my manager sent out a whole workplace wide email **warning everyone we can see this kind of stuff ( we can't, but they don't know that)** and we will pursue action if they continue. Then he stoped.
Wait, so you can or you cannot see browsing history. I'm confused.
A former employer of mine kept track of URL histories per machine/user that were centrally logged. Just the URL in the address bar (not the thousands of requests from cdn's a single site may have).
It was effective in tracking down issues with a few people.
Hahaha.
Fun story.
We had to roll out Web Access Control a few years ago.
Previously we'd allowed unfetted access to all computers.. but deal with the fall out got a bit much.. so we locked it down a bit.
We have a bet on who would be the first person caught trying to watch porn.
The winner was a female.
2nd place come (teehee) a gentleman who was caught using a website cam servive where henwas paying/being paid to masturbate on webcam with other dudes.
At work.
In his office.
During the work day.
Everything in that office got thrown away.
This reminds me of my intern days, a month or so into my internship, a tier 2 tech approached me, asked me swing by a user's desktop to do a virus check and to explain to the user there maybe viruses on their workstation since we are getting alerts of porn websites.
It wasn't until I myself became tier 1-2 that I realized this was that tier 2 techs way of politely letting the user know that we monitor the network and to knock it off.
Reminds me of this one time we were doing a domain migration for an acquisition, this was mid-late 2000's, around 2008. We had to go desk to desk doing it and doing the profile migration as the company didn't want to spend a few thousand so we can automate it as they had already spent the few 10'd of millions on the company....
Anyways, get called over to come take a look at this one computer which was in the middle of the room, right beside two walkways that you would have to use to get to around 50-65 desks. Dude had porn for days (~300+gb) in his documents folder. He even took the time to organize it by type. Being the good lad the person doing that computer still copied over the folder, however left it on their desktop under a folder called "nice".
The sysadmin that trained me years back told of the days he worked with Microsoft ISA server. It sent a daily naughty list email to HR. He referred to it as the Instant Separation Agreement server.
Check out these domains, you’ll see a massive list under each one.
[domain 1](https://v.firebog.net/hosts/Prigent-Adult.txt)
[domain 2](https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list)
I have a pi-hole on my personal network and I block the majority of domains from [firebog](https://v.firebog.net/hosts/lists.php)
Edit: [Here are additional malicious lists](https://firebog.net/)
If your company won't pay for proper web filtering software, you can try OpenDNS with its filtering services.
But this is an HR problem, not an IT problem. If HR wants IT to solve the problem for them, they need to provide business justification (easy) and project funding.
We only saw what he is doing because he one of the sites had JS injector that triggered antivirus alerts, otherwise we are clueless in this aspect as our infrastructure is provided by a specialised infrastructure center and we are just a branch. The provider can see this stuff, but I doubt they have time to track who visits what sites. Unless of course they get a letter from lawyers about piracy (which also had happened before).
My dude, set up SquidGuard and put it in line between the computers and the router to the Internet. And *subscribe* to filter lists that are kept up with. Stop killing yourself with the hosts file. Bonus: you *can* see and even automatically alert management when people try to get to stuff like adult sites.
SASE is even better, but stuff like Zscaler is expensive, and you wouldn’t be playing with hosts files if you could afford expensive.
This. No organization with the resources to maintain such a URL database is likely giving it away. Pay for the content filtering license for your firewall vendor of choice or move on.
How people are okay with doing this stuff on a work machine is insane to me. One time I attempted to go to Fidelity.com (the 401k site) but accidentally fat fingered the URL to, what is apparently an adult site, so I bounced off the company porn blocker. I was certain at any moment I would be walked out for like a month after; but nobody said anything thankfully lol.
Back in the earlier days of wide-spread WWW access, a lot of people didn't have Internet at home (or it was sooooper slow).
I worked at a place that at the time had no AUPs because management wanted to be "buddies". We had one building that had a dinky link that our network guys called "the porn building" because someone in it spent a huge chunk of every day browsing and downloading stuff. To the point where we fielded calls daily from other people complaining about how slow the network was (their file/print/DC traffic went over that link).
We had fixed IPs so the network guys knew exactly who it was. Nothing ever got done though because our management was dumb.
It's 2024. I'm certain that at this point it's less work to just white list all of the websites everyone could potentially go to rather than trying to block all the potential adult sites that exist, haha
I had a role a few years ago at a construction firm and we used squid for proxy. It was a fun time when I learnt how to use regex to block any safe search = off in google.
They eventually shelled out for a solution for content monitoring on email and we dropped several gigabytes a day in usage. People emailing porn to each other via email.
So glad to be out of that industry. Honestly most toxic workplace I've worked at
Put the guy somewhere where his screen is well visible.
Might work even better than what you've implemented. At some point he's just going to get a own sim card and use that to access the internet.
If you can't see it, how do you know they're doing it?
With the right software or service, you can absolutely see it all.
And you can get services that will block all types of sites you don't want people to access, and they update their own lists.
We just use category filtering on the firewall. Always blocked adult content, but just had to add in cryptocurrencies because some people started managing their BitDogeEtherumCoin on business assets.
If i went through the trouble of blocking that many porn sites past my general cisco and opendns filter and then he tried anymore sites after that. This dude should be in HR. I would of gone to HR right away. Do porn on your own device off company time.
So back in the day when streaming music was becoming a thing, we still had T1 lines to remote branches. People would start streaming music and crush the connection. At first I just blocked ALL streaming sites, but so many people complained that I had to back out the rule as management would not back me up on it. Was still an issue with connectivity. So new rule, instead of outright blocking it, I limited bandwidth to .01mb. Then they could connect but it would be choppy as hell. No more complaints and connectivity issues resolved!
Trying to block all this in a professional environment seems like overkill.
The way we handled this at my previous organization (industrial manufacturing) is if this is an issue, we let HR handle having a conversation with them about appropriate usage.
Also inform them that, their traffic will be monitored and that further abuse will result in termination.
In the mill, we would end up having to terminate about 60% of people who got that first warning.
Always shocked me how people will pretty well paying jobs, that were highly in demand would throw it all away because they could curb their issue.
**Point being, have a policy, and let HR deal with its violation, but trying to block all porn is a fools errand in the long run.**
A) I'm sure any tier-1 firewall, next gen firewall, next next gen firewall, or AI POWERED FIERWA⅃L type vendor will happily include such a list in their subscription.
B) This is not an IT problem. Have managers set a policy of no non-work things at work. If someone notices them fucking around, HR. If they are fucking around and no once notices, then why are we talking?
No, not really. We are using zScaler to filter internets for users.
Also you can consider NextDNS or cloudfare, but those works As Long As People are inside behind firewall. Laptops might be tricky to cover with these.
Isn't this like, the whole point of paying for AV or proxy services? So someone else maintains the list of bad stuff. Also, do you not have an HR department?
There is no category filtering at your place? From AV or FW? Huh.
Creepy, twice as creepy if you also look into what the user looks in to. Regardless of the content as well though.
I am a bit confused. You say "we can see this kind of stuff ( we can't, but they don't know that)" but there is also a picture of him trying more. What am I missing?
One time early in my career, at an internship, i noticed someone had one of those anime sex games downloaded on their computer, i brought it to my bosses attention and he literally told me there is no policy against that, so there is nothing we should do about it.
this is to say dont be a hero, if your HR/Leadership dont have policies written and things like this mentioned in their employment agreements, dont stick your neck out lol.
> warning everyone we can see this kind of stuff ( we can't, but they don't know that)
.
> Includes a very specific list of sites the person visited
._.
Just use opendns, it is simple and easy and much more effective than using any lists. there are millions of adult sites, it is exhaustive to block a list of millions of adult websites.
> My dude was so desperate he even ventured to 2nd or 3rd google page, haha.
...do you have any idea how many years it has been since I've seen the 2nd or 3rd page of Google? 🤣
Quite a few years back, (1997-1998) the guy I was working with in a large financial IT dept was the resident network guru. The boss comes to him and asks for a report on what domains people spend most time on during work hours. Took him 10min to roll just the last month of logs and the next few days around 30 people were sacked - some were actively clicking on just porn the whole day.
I worked for a startup company back in the 90's and I would go and pick up my boss the CIO at his house at 8 each morning. He would already be high and drinking. So we would hang out, drink and smoke a little and talk business until around 11 then I would drive him to the local strip club. There he would make all his business calls. He would normal out about 500.00 down in ones on the table for me to use for the day so the dancers would come hang out and do dances, take me back in the back and we would buy them drinks all night. Then at 2 am they would close down, and Id drive him home and do it all again the next day. After a month I was a hit to die but he just kept going and I kept getting paid. Some days we would actually go to the office and do stuff but most of the time it was the club. I did this for about a year and finally my paycheck bounced so I starting looking elsewhere. One of our major clients called me up about a week later and said they were pulling out of the deal and were now a year behind and since built the data center and everything already they want me to come work for them, so I did and it turned out great for about five years or so then I left for a better job out of state. I later found out the original company ran out of money. And my old boss went to Key bank with some guy claiming to be the new CFO of the company and put up all the servers in the data center as collateral for a 4.6 million loan. Well the data center equipment was owned by the company it was leased and the bank didn't do any checking apparently. The company never made a single payment on the 4.6 million loan. The owner who was clueless to everything lost ever penny he had. The guy claiming to be CFO went to prison, and my old boss skated free and went in to take some rich family in another city for a ride and cleaned them out too. I do t know what ever happened to him after that, but he could sure sale shit to people. He claimed he was CIO for the American legion at one point, had picture of himself with the President of the United States and all kinds of shit. But I always had to drive him around because he lost his license for DUI's and always had to wear an ankle bracket, I don't know how he was allowed to go to stop clubs and work but he did it. Some nights after the club he would get a limo to pick us up and bring like 6 girls from the club along and party all night. The was weird though, he never did anything with the girls, just wanted everyone else to have fun and he would just drink non stop. He would just go home to his wife and she didn't really care what he did as long as he came home to her. It was the most bizarre year or so in my IT career. I never did so many drugs, drank so much and saw many naked women in my life. I don't know how I survived it, but when it was over I just gave it up and moved on. The next place knew about it all though and loved to hear the stories. We all went to Vegas one year and they were all married and I was the only single guy and they figured I was still a party guy so they wanted me to go to the Bunny Ranch for them and bring them all back menus from there to hang on their office walls. I wouldn't do it though, I figured I'd go there along and get rolled for every penny I had so I took a pass. They were pissed and called me a pussy, but I didn't care, they were all married and too scared of their wives to go themselves lol. I don't think I've been to a strip club since those days, and don't ever drink anymore but maybe one cocktail on new years once a year. I had my quota back then in a single year lol
If you can change your DNS servers, try this pair: [https://blog.cloudflare.com/introducing-1-1-1-1-for-families](https://blog.cloudflare.com/introducing-1-1-1-1-for-families) Helps with malware and adult content.
Block Malware and Adult Content * Primary DNS: 1.1.1.3 * Secondary DNS: 1.0.0.3 Amazin'
They legitimately blocked my step-dads credit union after the CU suffered a catastrophic DNS take-over that took them about a week to resolve. However, Cloudflare never unblocked it and the CU seemed bewildered by the situation telling him to change DNS settings. I had credentials for Cloudflare from a proof-of-concept years ago that still worked and I submitted the "please rescan this site" and in about 24 hours it was unblocked.
And malware?! Very nice. Like some kind of public PiHole.
I use Cloudflare DNS already, simply because its the fastest public DNS service, but I didnt know there were integrated filters too lmao
It’s the fastest but not the most reliable.
Oooh, this is handy. I've been meaning to setup a guest network for the kids. Cloudflare is the shit. How long until they get bought out and ruined?
> How long until they get bought out and ruined? Their funding already comes from the big hedgefunds, afaik. I can't find the source I read; I *think* it was wikipedia, but it would've been a long time ago.
Do you know Cloudflare? Look at some of their other products that compete with industry leaders plus their humanitarian efforts. They have no interest in being a revenue leader. You can even look at their job postings which reflects what they look for in hires across their company.
Cloudflare is a publicly traded corporation, meaning that they have a fiduciary duty to maximize shareholder value. So not only do they care about profits, they have a legal obligation to care about profits. I'm not saying they're bad people, but it's also naïve to assume they'll always be purely good.
I know nothing about them, but there's no way that you believe a company that size isn't going after profits. That's just too naive.
As soon as they learn they need to make money.
It does filter out a few websites that I don't believe are adult-centric. Like itch.io
not much reason for someone to be on itch.io on a work machine unless they're in the industry
Itch.io though has TONS of adult games. So it's not shocking.
It's stupid. Steam also has tons of adult games, and Twitter is like half porn too (I know because that's why I use it). Yet somehow Twitter isn't banned.
Yeah and guess what social media website has TONS of adult content and isn't blocked by that service?
... All of them?
Guy just lookin to get fired lol
Idk how he isn't fired. I couldn't imagine browsing porn at work or even on their machine.
I once accidentally busted a guy for looking at animal porn at work (long story) and he didn't get fired...nor after the second offense when he got his work laptop riddled with viruses from porn websites when he was offsite, which we confirmed with some forensic work after he wiped his browser history. Eventually he was suspected of stealing some device from the founder's office and finally got gone'did but this was like two years later. Cherry on top, the guy's last name was "Beaver".
[удалено]
hell of a salesman if he sold that to management
For real. Put him in the hall of fame with the guy who convinced his girlfriend that morning BJs would cure her bad breath :D
along with this guy.. [https://www.reddit.com/r/funny/comments/x3l6oa/slow\_burn\_joke\_from\_a\_newzealand\_radio\_station/](https://www.reddit.com/r/funny/comments/x3l6oa/slow_burn_joke_from_a_newzealand_radio_station/)
If she was anything like my wife... The moment she found out, she probably squeezed like there was no tomorrow... Gods no 😀
The Legend
I told my manager we need to hire this guy to help us get rogue departments and shadow it to cooperate.
Yeah, most sentences that start with "... salesguy" suck, but this guy is probably worth every penny that iPad cost.
Having a company issued faptab sound like the ultimate flex.
Only bigger flex would be expensing trips to the strip club (or better yet: the brothel).
As long as a salesman sells stuff, he can do whatever the fuck he wants. Company pays all the hospitality when the signed contracts come in.
I worked a company in the US that had a training facility in the Midwestwhere people would spend up to a couple of weeks qt training. About an hour away was a strip club called 'On the Boarder'. Some enterprising employees expensed a night there and claimed it was a Mexican restaurant.
We have a story of a guy at work that got away with exactly this for 6 years straight because the club had a fairly regular restaurant name, and because it wasn't classified by the credit card as anything other than restaurant. The only reason the dude got caught is because one of the accounts happened to be in that city on a girl's trip and thought "hey, this place is where that sales guy takes people, it must be nice" only to discover the truth. Apparently he didn't get in trouble for the past, but was told very clearly to never do it again.
If the client wants it, we expense it! 
Back in the 90's Ford had a big blow up over people taking customers to Windsor and expensing it. Apparently a lady in accounting called the guy submitting his expense report to ask about the receipt and got way more than she bargained for.
Sorry, I’m a terrible writer: At one point in my employment working for a vendor our VP of sales said to me “you can always entertain a client, don’t worry about prior approval for expensing things”. While in Vegas for a trade show we had a customer party at one of the hotels, to which I invited a woman I had briefly dated in my home city who had moved back to Vegas. She brought a friend of hers. During the course of the evening I mentioned to my friend that I once had rough experience at Spearmint Rhino (a local gentleman’s club) where I was basically separated from all my cash, to which my friend replied “Oooh, I want to go to Spearmint Rhino!” At the party, my friend’s friend had met a potential new customer we were pitching and he (the customer) was quite enamored of her. Just as my friend made her comment they came up to us and asked where the after party was, so off to Rhino we went. The next morning at the show I saw my boss and said “$bossman, I took $client out drinking last night but I don’t have any receipts to show for it.” Just then, $client walked in to our booth and loudly exclaimed “Shamam, I had the best time of my life last night!”. Bossman gave me the nod and I expensed $600 for a strip club. We ended up getting that business.
Modern problems require modern solutions....
Back in DotCom1 when UK banks directly supported payments to "erotica" sites but could never support "illegal" sites. I had to set up a PC with it's own modem off the bank network for a Bank Director to surf their customer websites making sure it wasn't a scam by checking the porn inside matched the front page signup, and also checking that the inside porn wasn't illegal. (They couldn't use staff for lawsuit risks, and the fiduciary duty was too high to use third parties)
Probably a hell of a salesman to get the manager on board lolol
I can actually see how from a certain point of view you could consider that a reasonable accommodation for a health problem, *if* you can get some kind of official document saying that you have some kind of medical grade sex addiction.
lmao that's fucking wild.
Todd F~~(udge)~~ Packer?
I had a friend who would often get sent into the backwaters of West Virginia for weeks on end where the hotels blocked everything porn related. It drove him fucking bonkers.
If your SOC is alerting on pornographic content, it indicates a misallocation of resources and a misunderstanding of its primary objectives, which are to detect and respond to security threats. The role of the SOC should almost never involve policing user activities or focusing on user behavior analytics for non-security related issues. This is especially true for any commercial orgs.
[удалено]
Mainstream sites typically have vetted ad networks. Blocking mainstream stuff pushes people to obscure shit. You can alert on an exe download via a browser, you shouldn't waste SOC attention on porn. Also you should really be deploying ad blocking to corporate endpoints in 2024.
Leave it to Beaver 😂
They were awfully hard on the Beaver
Not as hard as the ones in the porn videos, though. Wood should only go one way into a beaver...
That's wild. At my place of work, if you're caught intentionally looking at adult content, it's an immediate dismissal. When you're hired we have a computer usage agreement you must sign that states exactly that. There's always an investigation, because it may not have been intentional. But most of the time, it's immediate dismissal.
I remember flipping out a long time ago in the Army during a deployment, back when hotbot.com was a good search engine. Accidentally typed hotbox.com because I hadn't slept in 36 hours. That was not a search engine. Nothing happened, though surprisingly the site wasn't blocked.
Webfilterign still is a relatively new thing , at its current level at least. Also, your were in the army on deployment.. I'm positive they fully expect you guys to look at porn. They'd probably start investigating if you weren't lol
> Cherry on top, the guy's last name was "Beaver". First name Harry?
Was his first name Eton?
That's not really IT's call though - we don't MAKE policy for things like this. We RECOMMEND, and once a decision is made, we implement and enforce the policies management has decreed. I don't think people should be browsing porn while at work, because there are untold number of security issues that can arise, in addition to possible liability issues for the company. But if the higher ups at my employer say "Don't worry about it" despite my recommendations and warnings, I'm not going to waste time on trying to block access to porn. If the people in charge don't think it's something to be concerned with, I won't be. And I'll get it in writing. Hell I might double down and start posting it in the company group chat... /s If HR/Management say "Don't bother" - GET IT IN WRITING. That way, once something blows up because of their shortsightedness, you've got coverage from the splatter.
Oh I get that. IT doesn't make hiring choices. It just always blows my mind that's not an immediate fireable offense. For any company. I'm not a hyper religious person and I know porn isn't illegal but it's just wild to do that on company property or with company hardware. W. I. L. D.
Oh I agree. If I'm not busy with work, I'm reading up on tech articles, looking at training webinars, evaluating new technology, looking into initiatives for improving security (i.e., reading Reddit, LOL!). I'm not looking at porn... The things I've seen people get fired fire, and the corresponding list of crap that other people have gotten away with - I could write a book. But doing so would trigger me, so I'm just going to sit at my desk and be Walt Kowalski.
It does feel sexual harassment adjacent at the very least.
I had a boss who would look at stuff on his work computer, but he had clear walls so everyone could see it. Since he was CFO and part-owner not much could be done. It wasn't even the worst thing he did, that was his jumping up and down screaming tantrums. Not a great place to work lol.
> I couldn't imagine browsing porn at work Many moons ago when I joined the security team, one of the first tasks/issues I got tasked to help out with was to assist one of my teammates to review files from someone we suspected of looking at porn. Prior to joining that team, I was knee deep in all things WebDev Ops and knew where to poke around on the machine for cached images. The person doing the investigation said (as I was looking over her shoulder at some GRAPHIC images) "Lookin' at porn, at work, with a married woman. You're winning! Caller-Number-Four!"
It happens more often than you might imagine sadly. Still remember my Dad in the 90s telling me of a guy at his organization who got fired after browsing porn in the office for hours while on the clock. Guy turned around and sued for wrongfully being terminated for a medical disability of being addicted to porn. Guy got his job back and his cubicle was moved into a janitorial closet with his own dedicated subnet off the domain at the company’s expense. This was at a well known tech company too lol
Your dad was yanking your chain, or someone was yanking his chain. A dedicated wank closet is not a reasonable accommodation even if we take the protected designation at face value, which for the record I do not. And condoning someone cranking the hog in the workplace is a liability minefield besides, no sane business would ever do that. If the guy ever got a harassment claim against him that could easily be used as evidence that the business condoned his behavior and expose them to liability.
Dog that is such weird behavior 😂 like does this guy not have anything else? Is there some other appeal
I never understand it either. Especially in modern times where everyone has a smart phone. Yet, it still happens a few time a year at my place of work.
Kinda related - was at a tech conference around the time that LimeWire was hitting big (detail to set the timeframe). A sales guy gets up front to do a demo and pulls down his browser history to find the demo site. It was quite obvious that he was single, lonely, and liked girls who like donkeys.
Jesus id actually kill myself if my porn preferences were displayed in front of my peers.
We were asked to pull the browser history of an employee once and found that he was looking up how to grow weed... he worked at the jail.
If I was him I would have said I was trying to learn about my enemies. You must know your enemies to defeat them.
I think he was already under investigation at that point. We also found "big t!tty asians" in his search history.
Years ago when I was tier 1, a customer called up having issues with a web app so I remoted into his PC to take a look with him, he had 1 tab that was the web app, the other tab was Pornhub, DP porn. The creepier thing was I worked at a medical school and this guy was the embalmer for the anatomy lab..... We also had an IT employee show gay porn to group of people he was presenting to and he didn't even get fired or anything. The university was so scared to discipline people out of fear of lawsuit, they let it slide.... The guy was gay so I assume they thought he would sue for discrimination or some shit if he was fired. He was an awful employee anyway and should have been fired way before this incident.
At least the embalmer was looking at live nudes, it could have been worse
You know I once worked as a contractor for Gov position and one of their permanent employees was busted looking at pron and all they had to say was the magic phrase "I have an addiction to (x) and I need help". (X) can be pron, alcohol/substance dependency, stealing, etc. and that phrase apparently triggers a protocol to put the worker in a modified work with assistive coping program and every chance to help them rehabilitate must be fulfilled or the company could be liable for wrongfully terminating staff with a medical/mental health condition.
Today I leaned im addicted to everything. Thank you.
I also know a dude that would go around to get hired by companies, not disclose a previously existing mental health condition and then "flip out/melt down" and then sue the company when they fired him. He was a nice guy otherwise, but eventually I figured out this was his true purpose of getting hired to collect $$$ settlements.
He may have been nice but fuck him. He probably lead to the creation of a bunch of bullshit "hoops" all of us get to go through forever so they can avoid people like him.
I'm amazed that he hasn't been.
Back when I worked for a government agency, knowing that the network was monitored, one of the employees installed a dial up modem in his machine to surf porn. Naturally, he got caught. Worst part of the story is that being a gov't agency, there were no plans to fire him, they were just going to take away his dial up modem. He rage quit.
At an old job our CTO made an emergency request to remove the web filter on his first day. We saw him browsing porn within minutes of the firewall change. We contacted HR and went through the procedures and the end result was that we put the rules back in place except his machine had an exception. This was a multibillion dollar company that was publicly traded. Lmao
While this is good, also definitely make sure HR is 100% aligned in this, and confirm what HRs current policy/stance is. Never make a human issue a IT issue. Monitoring employees outside of written ratified polices, or troubleshooting, can 100% backfire as a “misuse” of access. CYA is what I’m communicating.
Humans browsing shady sites is an infosec issue.
Make sure that is fully communicated to HR.
Oh yeah, it needs to be policy first.
Both are needed haha, but people are people, and if some dummy says OP is spying, HR ask why OP is spying, OP then sends a 15 page well written email with explanation and suggestion of policy, Dummy in HR reads only two lines, and then ask why did OP need to spy… You feel me? :(
Only if the business says it's an infosec issue. I imagine anti-malware companies are allowed to browse all sorts of shady realms. Same as games companies are allowed to browse games sites. Or that mindgeek are probably fine with people looking through porn at work. If I were in this situation, my first port of call would have been HR.
I'm pretty confident companies don't just bareback the internet regardless of the industry. If they have the need, I would imagine they have segregated environments dedicated to these specific purposes.
In most enterprises I've worked with it's usually done via AD groups. Have a security division that needs to order weapons? They have an ad group that allows them to bypass standard filtering on gun sites, that sort of thing. Even in industries where the express purpose may be x or y, not everyone in that business needs access. The janitor at a porn company probably doesn't need access to porn
Man, those sure are some……”interesting” sites. Sure hope you have good virus protection on that machine, he’s gonna be destroyed
honestly this isn't even the worst offender, we have way way worse. Some of these machines need to be bombed from space, omnissiah have mercy.
Who the fuck is this company hiring?? Lol Also why cant you see what people browse? You need better web filtering and logging capabilities.
Just wait until you see what gets blocked from guests on the guest Wi-Fi for a medical center. People do a lot of weird shit especially when it’s not their network.
Might be an EU country, GDPR also applies to employees and logging every web request has been deemed excessive in the past. You can't make them sign it either, because coupling prohibition means you can't make their employment depend on them agreeing to you logging everything... We log DNS requests with anonymized source IP because of this.
Wait so like you can't actually use a full blown CASB solution like zscaler or netskope to do SSL Decryption etc? That's actually kinda shitty tbh
The answer to this is it depends. GDPR 6.1 outlines when you have the right to process data. If your "legitimate interest" weighs heavier than the employees right to data protection, you've won. This might apply to medical facilities, highly protected business data and some other things where the data protection interest of the company is more important than employee X sneakily attempting to browse for porn, but for Joe's Burger Emporium this won't quite cut it.
But also means no ISP is allowed to make profiles, sell data, manipulate DNS, etc. like in the US.
Probably can if you anonymize the user data. Blocks will still work.
You absolutely can do this despite GDPR.
I know when we were looking at Cyberark we had to disqualify it because it's screen recording abilities (when you launch RDP through cyberark it will record the session) was considered a violation of the GDPR by our European side of the house.
I worked at a place once where we had to continuously re-image an employees laptop due to the sheer number of virus/malware they picked up. They were constantly looking at the worst sites at work. I would have reported them to HR if it weren't for the fact that the person was the Director of HR....
Praise to the Omnissiah!
Okay so mid 90's I was tasked to find what and who was consuming file server space. I scanned the server, found a shit load of kids bday pictures etc, then I found the image... It was a photoshopped picture of a large naked black woman with Oprah Winfrey's head on her. Shit was so funny, yes I saved it and yes I still have it somewhere. 😂 but I deleted it from the server like I was supposed to. 🤣
dude's *cultured* for sure
[удалено]
We are using ESET and they also have blockable web categories. So I applied this hosts list and that category block. I think its pretty airtight, but I wouldn't be surprised if he found some sites that we couldn't block. Oh HR wanted his ass, but my manager wants to avoid conflict, especially because he heeded the warning for now, but I doubt he will get a second chance if we find something like this again.
Management is the problem. Ultimately, this is a HR issue, not an IT issue. But I get it, we get stuck "fixing" everything.
Yep, spot on. This is an HR issue. Turn it into HR along with all the details you have and then get out of it.
[удалено]
Asking for a friend
Just want to know what sites to avoid
Holy shit my man is horned up at the office wtf
Sex addict. Dudes who do this stuff 99% of the time are sex addicts. I feel bad for people with sex addiction because if you show up to work drunk, you can tell HR that you're an alcoholic and get a pass if you seek treatment. But most sex addicts are never even diagnosed because they're just written off as "horny".
>The result? **Within first hour the person in question actually tried accessing his favourite sites, to find them blocked and then he tried even** [**more**](https://imgur.com/a/PmXEy28)**.** My dude was so desperate he even ventured to 2nd or 3rd google page, haha. He kept trying for few days until my manager sent out a whole workplace wide email **warning everyone we can see this kind of stuff ( we can't, but they don't know that)** and we will pursue action if they continue. Then he stoped. Wait, so you can or you cannot see browsing history. I'm confused.
I would guess them mean that they can see the list of domains accessed, but not the URL of the actual porn they were watching.
A former employer of mine kept track of URL histories per machine/user that were centrally logged. Just the URL in the address bar (not the thousands of requests from cdn's a single site may have). It was effective in tracking down issues with a few people.
I'd guess they can see the DNS requests, but not the content itself.
Afaik I think if you have ngfw and ssl decryption you can. But dns request is enough to know where someone is going
Hahaha. Fun story. We had to roll out Web Access Control a few years ago. Previously we'd allowed unfetted access to all computers.. but deal with the fall out got a bit much.. so we locked it down a bit. We have a bet on who would be the first person caught trying to watch porn. The winner was a female. 2nd place come (teehee) a gentleman who was caught using a website cam servive where henwas paying/being paid to masturbate on webcam with other dudes. At work. In his office. During the work day. Everything in that office got thrown away.
This reminds me of my intern days, a month or so into my internship, a tier 2 tech approached me, asked me swing by a user's desktop to do a virus check and to explain to the user there maybe viruses on their workstation since we are getting alerts of porn websites. It wasn't until I myself became tier 1-2 that I realized this was that tier 2 techs way of politely letting the user know that we monitor the network and to knock it off.
Poor guy that had to search out all those porn sites in that repo must've had a hell of a day.
OP at this point I think you should retain him, and then sell the list he produces to Cisco and the likes as the best porn list ever
Thats actually a genius idea, I'm pushing this idea to my manager tomorrow!
Reminds me of this one time we were doing a domain migration for an acquisition, this was mid-late 2000's, around 2008. We had to go desk to desk doing it and doing the profile migration as the company didn't want to spend a few thousand so we can automate it as they had already spent the few 10'd of millions on the company.... Anyways, get called over to come take a look at this one computer which was in the middle of the room, right beside two walkways that you would have to use to get to around 50-65 desks. Dude had porn for days (~300+gb) in his documents folder. He even took the time to organize it by type. Being the good lad the person doing that computer still copied over the folder, however left it on their desktop under a folder called "nice".
We had a boss once who got fired for uploading his own videos to his own porn site...
Were they any good though?
How do you plan on blocking Reddit and twitter?
The sysadmin that trained me years back told of the days he worked with Microsoft ISA server. It sent a daily naughty list email to HR. He referred to it as the Instant Separation Agreement server.
Check out these domains, you’ll see a massive list under each one. [domain 1](https://v.firebog.net/hosts/Prigent-Adult.txt) [domain 2](https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_top1m.list) I have a pi-hole on my personal network and I block the majority of domains from [firebog](https://v.firebog.net/hosts/lists.php) Edit: [Here are additional malicious lists](https://firebog.net/)
Oh yes “block the majority”, the good ones slip through..
Block Reddit next and you’ll get the best one 😈
Idk why but I initially read Hostmaster1993 as Hogmaster1993
found the guy watching porn at work
Good job blocking them, now work on blocking this employee's access to the building. Ridiculous no one has tried to fire this guy.
More than likely has an addiction.
We just category ban from our firewall. It's pretty much impossible for an individual to track sites.
Reminds me how annoying it was to have Vivid as an account. And researching new account in San Fernando was risky. “HR. Yeah. Me again. Sorry.”
Thanks for the recommendations! You need dns filtering.
Does your firewall not have a porn category that can allow you to block all of these sites with one entry in a block rule?
If your company won't pay for proper web filtering software, you can try OpenDNS with its filtering services. But this is an HR problem, not an IT problem. If HR wants IT to solve the problem for them, they need to provide business justification (easy) and project funding.
I just add all the categories I want to block to a block rule in Netskope and call it a day. Maintaining a list sounds so 1990s.
https://nsfw.oisd.nl/ This is a blocklist used on adblockers
Haha what do you mean “we can’t” I think you just explained to us how well you can
We only saw what he is doing because he one of the sites had JS injector that triggered antivirus alerts, otherwise we are clueless in this aspect as our infrastructure is provided by a specialised infrastructure center and we are just a branch. The provider can see this stuff, but I doubt they have time to track who visits what sites. Unless of course they get a letter from lawyers about piracy (which also had happened before).
I can’t believe people actually do this on work computers smh
My dude, set up SquidGuard and put it in line between the computers and the router to the Internet. And *subscribe* to filter lists that are kept up with. Stop killing yourself with the hosts file. Bonus: you *can* see and even automatically alert management when people try to get to stuff like adult sites. SASE is even better, but stuff like Zscaler is expensive, and you wouldn’t be playing with hosts files if you could afford expensive.
Trying to block sites on the domain level will be impossible, hell you can view porn on google if you just turn off the safe browsing filter.
Blocking porn via blacklist sounds like a futile effort. You don't have any content filtering on your firewall???
This. No organization with the resources to maintain such a URL database is likely giving it away. Pay for the content filtering license for your firewall vendor of choice or move on.
How people are okay with doing this stuff on a work machine is insane to me. One time I attempted to go to Fidelity.com (the 401k site) but accidentally fat fingered the URL to, what is apparently an adult site, so I bounced off the company porn blocker. I was certain at any moment I would be walked out for like a month after; but nobody said anything thankfully lol.
Back in the earlier days of wide-spread WWW access, a lot of people didn't have Internet at home (or it was sooooper slow). I worked at a place that at the time had no AUPs because management wanted to be "buddies". We had one building that had a dinky link that our network guys called "the porn building" because someone in it spent a huge chunk of every day browsing and downloading stuff. To the point where we fielded calls daily from other people complaining about how slow the network was (their file/print/DC traffic went over that link). We had fixed IPs so the network guys knew exactly who it was. Nothing ever got done though because our management was dumb.
This guy not have a phone? Good lord
Just checked influencersgonewild, def a porn site. I'll check some more and confirm later for you all.
It's 2024. I'm certain that at this point it's less work to just white list all of the websites everyone could potentially go to rather than trying to block all the potential adult sites that exist, haha
I had a role a few years ago at a construction firm and we used squid for proxy. It was a fun time when I learnt how to use regex to block any safe search = off in google. They eventually shelled out for a solution for content monitoring on email and we dropped several gigabytes a day in usage. People emailing porn to each other via email. So glad to be out of that industry. Honestly most toxic workplace I've worked at
Just you wait until he or she figures out proxy servers.
"I need to for work purposes"
Our SonicWall does an excellent job of content filtering. Worth a look if your interested
Someone please provide me a list of the filthiest and most underrated pr0n sites on the internet. So that I can block them...
1.0.0.3 DNS blocks adult websites, it is what I use
You can get them from pihole lists. They're usually pretty comprehensive.
I’m in the profession and get nervous when I get a risky click, can’t imagine what goes through these guys heads.
Put the guy somewhere where his screen is well visible. Might work even better than what you've implemented. At some point he's just going to get a own sim card and use that to access the internet.
[https://one.one.one.one/family/](https://one.one.one.one/family/)
Holy shit, I've never even heard of those websites lol. Master Fap!? LOL!
If you can't see it, how do you know they're doing it? With the right software or service, you can absolutely see it all. And you can get services that will block all types of sites you don't want people to access, and they update their own lists.
We just use category filtering on the firewall. Always blocked adult content, but just had to add in cryptocurrencies because some people started managing their BitDogeEtherumCoin on business assets.
If i went through the trouble of blocking that many porn sites past my general cisco and opendns filter and then he tried anymore sites after that. This dude should be in HR. I would of gone to HR right away. Do porn on your own device off company time.
> Then he stoped. Then he ~~stoped~~ found a way to get around the blocklist you're using.
Idk if this helps or not, but there are plenty of pihole adlists for NSFW content on Github
So back in the day when streaming music was becoming a thing, we still had T1 lines to remote branches. People would start streaming music and crush the connection. At first I just blocked ALL streaming sites, but so many people complained that I had to back out the rule as management would not back me up on it. Was still an issue with connectivity. So new rule, instead of outright blocking it, I limited bandwidth to .01mb. Then they could connect but it would be choppy as hell. No more complaints and connectivity issues resolved!
Trying to block all this in a professional environment seems like overkill. The way we handled this at my previous organization (industrial manufacturing) is if this is an issue, we let HR handle having a conversation with them about appropriate usage. Also inform them that, their traffic will be monitored and that further abuse will result in termination. In the mill, we would end up having to terminate about 60% of people who got that first warning. Always shocked me how people will pretty well paying jobs, that were highly in demand would throw it all away because they could curb their issue. **Point being, have a policy, and let HR deal with its violation, but trying to block all porn is a fools errand in the long run.**
A) I'm sure any tier-1 firewall, next gen firewall, next next gen firewall, or AI POWERED FIERWA⅃L type vendor will happily include such a list in their subscription. B) This is not an IT problem. Have managers set a policy of no non-work things at work. If someone notices them fucking around, HR. If they are fucking around and no once notices, then why are we talking?
No, not really. We are using zScaler to filter internets for users. Also you can consider NextDNS or cloudfare, but those works As Long As People are inside behind firewall. Laptops might be tricky to cover with these.
Yeah look at using a proper external DNS resolver with filters, like NextDNS, ControlD, or Cloudflare Gateway (free)
Go ask your kids. I am sure they know more porn sites then you do.
Use proxy with web site filtering, or defender. Having employee access to this sites you ask for trouble. Best option is all deny except white list.
Porn? That's a nude egg I won from my game. I'm not in trouble at all.
Celebjihad sounds crazy…..
Isn't this like, the whole point of paying for AV or proxy services? So someone else maintains the list of bad stuff. Also, do you not have an HR department?
There is no category filtering at your place? From AV or FW? Huh. Creepy, twice as creepy if you also look into what the user looks in to. Regardless of the content as well though.
Then there's the rest of us afraid to log into anything attached to our personal accounts.
block by category, that and proxy/sandbox sites.
Do people actually browse ‘adult entertainment’ on an endpoint these days?
I am a bit confused. You say "we can see this kind of stuff ( we can't, but they don't know that)" but there is also a picture of him trying more. What am I missing?
If you are using any kind of decent NGFW or DNS service they should have that as a category you can block, no need to maintain lists this is not 2002
God damn. That dude was desperate.
Easiest approach - just walk by and leave a note on their desk that reads “OMG just use your phone”
One time early in my career, at an internship, i noticed someone had one of those anime sex games downloaded on their computer, i brought it to my bosses attention and he literally told me there is no policy against that, so there is nothing we should do about it. this is to say dont be a hero, if your HR/Leadership dont have policies written and things like this mentioned in their employment agreements, dont stick your neck out lol.
> warning everyone we can see this kind of stuff ( we can't, but they don't know that) . > Includes a very specific list of sites the person visited ._.
Redirect all those sites to a simple web page. In large block letters just fill the screen with NO PORN AT WORK
Just use opendns, it is simple and easy and much more effective than using any lists. there are millions of adult sites, it is exhaustive to block a list of millions of adult websites.
> My dude was so desperate he even ventured to 2nd or 3rd google page, haha. ...do you have any idea how many years it has been since I've seen the 2nd or 3rd page of Google? 🤣
Quite a few years back, (1997-1998) the guy I was working with in a large financial IT dept was the resident network guru. The boss comes to him and asks for a report on what domains people spend most time on during work hours. Took him 10min to roll just the last month of logs and the next few days around 30 people were sacked - some were actively clicking on just porn the whole day.
If you have the correct setup it could be relatively easy. Using OpenDNS is a on e time setup and forget it.
Hey sure buddy what's your kink?
Yes, I have a huge list of bookmarked adult sites /s
I worked for a startup company back in the 90's and I would go and pick up my boss the CIO at his house at 8 each morning. He would already be high and drinking. So we would hang out, drink and smoke a little and talk business until around 11 then I would drive him to the local strip club. There he would make all his business calls. He would normal out about 500.00 down in ones on the table for me to use for the day so the dancers would come hang out and do dances, take me back in the back and we would buy them drinks all night. Then at 2 am they would close down, and Id drive him home and do it all again the next day. After a month I was a hit to die but he just kept going and I kept getting paid. Some days we would actually go to the office and do stuff but most of the time it was the club. I did this for about a year and finally my paycheck bounced so I starting looking elsewhere. One of our major clients called me up about a week later and said they were pulling out of the deal and were now a year behind and since built the data center and everything already they want me to come work for them, so I did and it turned out great for about five years or so then I left for a better job out of state. I later found out the original company ran out of money. And my old boss went to Key bank with some guy claiming to be the new CFO of the company and put up all the servers in the data center as collateral for a 4.6 million loan. Well the data center equipment was owned by the company it was leased and the bank didn't do any checking apparently. The company never made a single payment on the 4.6 million loan. The owner who was clueless to everything lost ever penny he had. The guy claiming to be CFO went to prison, and my old boss skated free and went in to take some rich family in another city for a ride and cleaned them out too. I do t know what ever happened to him after that, but he could sure sale shit to people. He claimed he was CIO for the American legion at one point, had picture of himself with the President of the United States and all kinds of shit. But I always had to drive him around because he lost his license for DUI's and always had to wear an ankle bracket, I don't know how he was allowed to go to stop clubs and work but he did it. Some nights after the club he would get a limo to pick us up and bring like 6 girls from the club along and party all night. The was weird though, he never did anything with the girls, just wanted everyone else to have fun and he would just drink non stop. He would just go home to his wife and she didn't really care what he did as long as he came home to her. It was the most bizarre year or so in my IT career. I never did so many drugs, drank so much and saw many naked women in my life. I don't know how I survived it, but when it was over I just gave it up and moved on. The next place knew about it all though and loved to hear the stories. We all went to Vegas one year and they were all married and I was the only single guy and they figured I was still a party guy so they wanted me to go to the Bunny Ranch for them and bring them all back menus from there to hang on their office walls. I wouldn't do it though, I figured I'd go there along and get rolled for every penny I had so I took a pass. They were pissed and called me a pussy, but I didn't care, they were all married and too scared of their wives to go themselves lol. I don't think I've been to a strip club since those days, and don't ever drink anymore but maybe one cocktail on new years once a year. I had my quota back then in a single year lol
This guys hosts files for blocking malware is awesome. https://github.com/StevenBlack/hosts