Home › Forums › Chat Forum › Serious IT help needed!
- This topic has 285 replies, 94 voices, and was last updated 15 years ago by eth3er.
-
Serious IT help needed!
-
andywhitFree Member
Sounds like you’ve copped it due to mleh image links then….
Tricky one!
RooleyMoorFree MemberSurely all they have to do is open up the page from mlehworld’s forum and right click view source…
(this is from my profile on here, which links to an image held externally to the singletrack site)
<div id=”useravatar”>< img alt=”” src = “http://www.gravatar.com/avatar/77f885b7950f8eb87d725b72bab69a99?s=80&d= http%3A%2F%2Fwww.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D80&r=g” class = “photo avatar avatar-80” style = “height:80px; width:80px;” /></div>
and search for all the img tags
that way, hopefully they’ll see that those links loaded automatically from the site and you weren’t trawling pr0n.
toonsFree MemberThe mlehworld avatars will be cached locally on your hard drive (saves downloading them every time you visit the webpage), hence the connection to 14 sites in one minute etc. That’s why your IT dept. thinks you’ve downloaded Dead polar bear pron!
Take a look in the internet cache it should be very colourful!!
Even if you deleted the internet cache within IE 7, index.dat holds a list of all the website you’ve ever been to!!!
druidhFree MemberOh FFS – if they don’t know the page URL, what hope do they have? Fact is, mleh is fairly self-policing when it comes to avatars etc and any nasty ones get blocked as NSFBN (Not safe for Barrys Nephew). Having said that, there’s obviously no guarantee what other images are on the same (linked) site, but if you don’t go looking for them, then you’ll never find them.
Now then, about this adultfriendfinder stuff – possibly linked from Hotmail?
And what about those ads?
RooleyMoorFree Membertoons – Member
The mlehworld avatars will be cached locally on your hard drive (saves downloading them every time you visit the webpage), hence the connection to 14 sites in one minute etc. That’s why your IT dept. thinks you’ve downloaded Dead polar bear pron!
Take a look in the internet cache it should be very colourful!!
Even if you deleted the internet cache within IE 7, index.dat holds a list of all the website you’ve ever been to!!!
that’s why I use Firefox!
torsoinalakeFree Memberdruidh – I initially thought that a mleh banner was hosted on scotsroute, but it wasn’t, so edited it out (I jumped to conclusions, much like a certain IT department). I didn’t think it looked like the type of domain to be serving up panda necro porn.
As for the adultfriendfinder stuff, don’t forget that the avatar linked from a random servers could be redirected at any time. So when your browser asks for hxxp://www.haxx0rsrus.com/kittenguts.gif it will get the AFF URL and run off after that.
coffeekingFree MemberI’m fortunate to work in a place that doesnt really monitor what sites you view and when. They dont appear to ban any IPs etc, but this does raise some interesting points. Due to work commitments and other reasons I’m about to stop using STW and a couple of other forums during the day, but I know that having searched for raelly random stuff like ceramic insulators I’ve “revealed” some stuff I’d not be comfy with on a work PC – it’s all too easy. And you have no way of proving you didn’t go hunting for it AFAIK. This leads me to think that ultimately the companys IT dept have to take responsibility for allowing content through, but overall I dont see why the end user should be blamed – if you need net access for your job you run the risk of downloading something.dodgy.com, the company must accept that, or prevent it themselves.
TandemJeremyFree MemberI very much doubt it came from Mleh – for the simple reason it hasn’t happened to anyone else. Zedsdead – contact Yojimbo on mleh – he is the uber it geek overlord and should be able to help
ZedsdeadFree MemberThanks people, at least I have a better understanding of how this stuff works now. Seems to be better than our IT dept’s understanding!
I’ll let you know how I get on tomorrow. 9am is the meeting…
sq225917Free Memberknock em out.
Then on Monday phone in sick, claim stress with HR and take a good few weeks off, remembering to pop in and see your doc spouting off all sorts of anxiety symptoms.
Sounds about fair.
chewkwFree MemberWell the bottom line is that the system in your company is infected by malware. The IT people might deny it because they will be rather embarrassed for not updating the security system, so better to blame others by throwing in bunch of IT jargons … I doubt most IT admin is really that up-to-date with malware prevention. Normal AV is not enough.
🙄
samuriFree MemberI’ve mainly kept out of this because it would just add to the noise but as someone who enforces browsing policies and often carries out investigations such as those you’re experiencing….
I have not, in over 10 years of working in the security field, come across a user who has dodgy images on their PC which can be explained through a virus. Not once (and the company I work at at the moment has over 20,000 employees). Which is why I ignore it as a reason for your problem. It is almost certainly the result of images being shared through some website or other whether it be mleh or something else.
Your IT team is certainly at fault for the major part though.
No up to date AV? They should be sacked.
They allow people to visit these sites (even by accident)? They should be sacked.My advice from this point is to make it clear you have never intentionally downloaded any of the images found and can produce a list of all the sites you normally visit which while not being work related, can also not be considered in breach of your company policy. If these images were downloaded through those visits then take a slap on the wrist, offer to alter your browsing habits and keep your job.
chewkwFree MemberThat website is apparently not on my list of ban website with malware … hhhhhhmmmm … but then I only have 12283 ban sites on my Spyware (freeware) database. Oh well … I am not going to visit the site just in case it try to mess up my system.
😯
stufieldFree MemberSounds like you’ve got a virus or malware on your PC: http://digg.com/d14rWV – be glad you’re not in the USA
druidhFree MemberJeebus. It’s no virus and there’s no malware. It’s an image hosting site. So, he saw some images from it – but NOT anything incredibly dodgy, it’s just that someone at his work decided to see what was on the site and found some nasty material. That’s no “proof” that he was looking at those images.
I could link to an image on that site in this post and you’d never know.
stufieldFree MemberThat’s ridiculous, that’s like saying I’ve looked on flickr, and then his boss saying well someone else has taken some ‘arty’ shots you must be a perv…
druidhFree Memberstufield – Member
That’s ridiculous, that’s like saying I’ve looked on flickr, and then his boss saying well someone else has taken some ‘arty’ shots you must be a perv…
Correctomundo….
retro83Free MemberI assume your company uses a proxy for web access, in which case it will surely have recorded the exact files you accessed, not just the domain.
I’d be asking for the logs containing the exact paths accessed.
Bit late to be suggesting this, given the time of your meeting tho 😥
Good luck
Edit: something like this:
[root@dell ~]# tail /var/log/squid/access.log
1238745865.869 12 193.195.25.60 TCP_DENIED/407 2084 GET http://www.google-analytics.com/__utm.gif? - NONE/- text/html
1238745875.015 47 193.195.25.41 TCP_DENIED/407 1963 GET http://securityresponse.symantec.com/avcenter/threatcon.zip - NONE/- text/html
1238745875.016 0 193.195.25.41 TCP_DENIED/407 2135 GET http://securityresponse.symantec.com/avcenter/threatcon.zip - NONE/- text/html
1238745875.061 44 193.195.25.41 TCP_CLIENT_REFRESH_MISS/200 3212 GET http://securityresponse.symantec.com/avcenter/threatcon.zip administrator DIRECT/88.221.26.26 application/zip
1238745965.182 0 193.195.25.60 TCP_DENIED/407 1927 GET http://www.singletrackworld.com/forum/edit.php? - NONE/- text/html
1238745965.290 97 193.195.25.60 TCP_DENIED/407 2099 GET http://www.singletrackworld.com/forum/edit.php? - NONE/- text/html
1238745966.510 38 193.195.25.60 TCP_DENIED/407 1879 GET http://vimeo.com/moogaloop.swf? - NONE/- text/html
1238745966.959 61 193.195.25.60 TCP_DENIED/407 2051 GET http://vimeo.com/moogaloop.swf? - NONE/- text/html
1238745967.047 6 193.195.25.60 TCP_DENIED/407 1912 GET http://www.google-analytics.com/__utm.gif? - NONE/- text/html
1238745967.310 35 193.195.25.60 TCP_DENIED/407 2084 GET http://www.google-analytics.com/__utm.gif? - NONE/- text/html
johniFree MemberIf he was at my place of work, they would probably just give him informal warning and restrict his internet access to previously agreed sites.
ZedsdeadFree MemberSo I’m back.
And no further forward.
They presented em the list (which I posted) and said ‘IT say you have looked at all of this’. I say ‘No I haven’t’. They have the same list as me and that’s it!
The dodgy images mentioned before were not in fact me but a member of staff who was told I’d been looking at something. She went on her PC and picked 3 files at random. So that’s where that comes from.
I tried asking them how can 17 sites be accessed in 1 minute? ‘You can open multiple windows’ was the reply. I’m gobsmacked!
I asked them about their AV not being up to date and put it to them that could it be malware, a virus, adware, something else? They don’t know? I then had to wait outside for an hour and a half while they got IT to check on things.
I go back in and I’m no further forward! They don’t have any answers for me and I have none for them.I’m then told to go home again, IT need more time and I’ve to go back on Monday at 11am.
This is making me extremely stressed now.
I met a friend who attempted to explain how IE (which is IE7 I’m told and will be out of date as IT don’t update it and IE8 is now vailable) can have malware on it which will mean it can do things in the background and I would never know. I still don’t really understand it but it sounds plausible.
On Monday I’m taking someone in with me to be a witness, I couldn’t today as there are only 2 people in there I would trust both who were not in.
All I want to do is get back to work!
ZedsdeadFree MemberOh, and the two people interviewing me know even less than I do about these things. So whatever IT tell them they will take as word.
coffeekingFree MemberJust ask them as many questions as you can that they can’t answer that prove that they cant prove you actively sought the images. When they realise they cant prove anything (and they owe you that at least) they may back down.
ZedsdeadFree Member…and another thing – I asked if there was any pattern to it, is there a site which seems to trigger it?
No, there isn’t.
BigButSlimmerBlokeFree Membersounds to me like they haven’t got a clue.
your IT department are useless and so your management team for listening to them without understanding what is going on.
tell them you want IT at the next meeting. i’d also advise getting legal advice.ZedsdeadFree MemberI have no way of getting legal advice before Monday now though.
I agree that it sounds like they don’t know what is going on either though.
druidhFree MemberForget the whole malware/IE7/AV thing, it’s just clouding the issue.
The 17 sites in a minute thing is easy. I could put 17 links in this post, and when you browsed it, you’d actually be opening 17 sites.
Sounds like it’s as I assumed. They have a list of sites and then someone in your IT section has just opened some images at random. That doesn’t mean that you were looking at those specific images.
sq225917Free MemberWell druid if you can do that why not star ta thread somewhere, that no one else posts on that does exactly that. The Zed can take a clean pc at work browse that thread, and hey presto, point proven, no pawn looked at.
ZedsdeadFree Member“Sounds like it’s as I assumed. They have a list of sites and then someone in your IT section has just opened some images at random”
That is exactly what they did. They admitted that to me.
SwelloFree MemberAre you allowed representation in your meeting? If so, take someone who is very IT savvy if possible. Sounds like your management have no clue about what they are talking about. I work in the IT Security field myself and part of my job is designing content filtering setups for large multi-national and Government organisations that are designed to stop this kind of thing happening in the first place – so I understand the issues involved. Any clued-up Security guy can easily spot the difference between this sort of situation and actual inappropriate usage – you need to make sure that you get access to someone who understands what they are talking about…
ZedsdeadFree MemberThe chap I’m brining in knows more than I do.
When I asked them ‘how can something like this get through?’ they replied ‘we can’t stop all sites, we are adding to the list all the time. These sites will now be added’
I held my head in my hands at that point. There appears to be the bear minimum of security…
torsoinalakeFree MemberI’m at a loss for words. There is absolutely no need for them to be putting you through this. Your IT dept doesn’t know their arse from a shotgun barrel.
I’m unemployed at the moment – would they like me to come and show them how the internet works?
All I can say is keep your chin up, and enjoy the time at home on their expense. Either way, as has been said before, get some form of representation, or ask for a third party to review the evidence.
P.S. I agree with druidh – ignore the malware issue, this is completely normal browser behaviour.
matt_outandaboutFree MemberZedsdead – where are you? If there is a local STWer who knows their beans on this, could they pop up on Monday at 11am?
I would also get in touch with a union if you can asap.
I would also be making a note of exactly what is said, what evidence is presented etc etc
geoffjFull MemberZed – are you in a union? They should be able to help if you are. If you aren’t tell your employers you are postponing the meeting until you can get some legal advice / representation. Suggest Tuesday and then spend Monday trying to get some proper legal help.
On a practical note, this single page is made up of content / links / analytics from at least 4 different domains – stw, vimeo, doubleclick and google analytics.
Guardian home page is about 8
Mleh Forum Page – well at least one of the links looks INTERESTINGhttp: //dontclickthis.whatingods.name/1168702253-CatDefendsFoodFromDog.gif
http: //farm4.static.flickr.com/3086/3196531617_922354d212_t.jpgI’ve got a screen grab of the log – that is where your problems are – stumo’s avatar hosting on Mleh.
Email me stw’at’mtbperthshire.co.uk if you need some direct help / explanation.
JulianAFree MemberBit late tonight but do the Citizen’s Advice Bureau work on Saturdays?
Doubt they’d be able to offer much if any more advice than people have here, but it’s another angle…
Really hope you get this one sorted to YOUR satisfaction as it sounds as though you are having a shite time of it.
Julian
TandemJeremyFree MemberZedsdead – wherabouts are you based? IIRC it is central scotland somewhare is it not? surely one of the chaps on here who understands these things could help / go to the meeting with you?
geoffjFull MemberZed – it’s easy to explain what has happened.
Try not to worry – email me direct if you want something in writing.
The topic ‘Serious IT help needed!’ is closed to new replies.