this post was submitted on 09 Jul 2023
373 points (97.7% liked)

Asklemmy

43945 readers
834 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 25 points 1 year ago

My school had a web filter to block YouTube and various other sites that they didn't want students to go to. On the block page, there was a "report site blocked incorrectly" button, as well as a password override for admins to do a one time bypass.

One of my classmates registered a domain that all it did was log the IP address of whoever visited it. He then attempted to visit the site from class, it was blocked, and he clicked the report button. Later on one of the IT admins reviewed the report to see if the site should be unblocked or not, by visiting the site. My classmate then had the public IP address of the IT admin.

This IT admin must not have been very good, because he had a password unprotected, open, telnet port pointing to his computer. So we were able to telnet into his PC and poke around. He had an Excel file on his desktop with the web filter override passwords for every school in the district. That Excel file was promptly shared to as many people as who asked for it and we thought wouldn't rat us out.

We gloriously had unrestricted Internet for several months before the teachers caught on. We were told that anyone who used this password would be found out, and that the school was going to have a "volunteer" community service day for 4 hours on Saturday, picking up trash around the school. Anyone who attended would be pardoned for using the password, anyone who didn't attend and who was found out for using the password would have been "punished" (very ambiguously defined). I did not go to the volunteer day, nor was I punished in any way. I do think that it was just a bluff and they didn't have good enough logging to tell who actually used the password.