Topic: Blocking yahoo messenger

[kryptos]

Hi All

Does anyone here tried blocking yahoo messenger?

Thnx
rocel

[raem]

kryptos

Dansguardian will do it, and a lot of other things/sites too if required.
See my old howto or look at dungogs site for the free or paid for versions (ie without or with server manager panel). Note that dansguadian is quite easily configured from the command line and once initially setup requires very little (almost no) ongoing adjustment anyway.

[kryptos]

Hi Ray

Dansguardian is already installed on my server and it work great. But with yahoo messenger i think it will not pass through Dans. I think it uses another port to connect to the net. What i want is to block this using iptables the problem i don't know how. Im not very familiar with iptables. If there is someone out there that can provide with some example that i could use.

Thnx
Rocel

[raem]

kryptos

> But with yahoo messenger i think it will not pass through Dans.

Have you tried blocking it ?

[kryptos]

yup!  even banning the IP address of the PC has no effect.

Regards,
Kryptos

[raem]

kryptos

Did you try blocking the login site, if messenger cannot login, then it cannot be used.

[kryptos]

hi Ray!

yahoo messenger is not a site its a messaging program just like MSN messenger that connects to the net. That will enable user to chat with other user. We want to block it as this makes user unproductive.

Regards,
Rocel

[raem]

kryptos

> yahoo messenger is not a site its a messaging program
> just like MSN messenger that connects to the net.

I'm well aware of what it is, and as you say "it connects to the net".
Part of that "connecting to the net", is to automatically (in many cases)login with a username and password, in order to be able to use the account.
So if you block the site (in Dansguardian) that the Yahoo Messenger login function/script tries to connect to, then the user will not be able to use Yahoo Messenger as they cannot login.

Do you get it now !

[kryptos]

In dansguardian if you add an IP adddress in Bannediplist does it ban on all sites? Ive done already banning the PC's ip address but it still access yahoo messenger....

[raem]

kryptos

Access (login) with Yahoo Messenger.
Analyse your Dansguardian and/or squid log files to see what site is accessed.

Add that site URL to the bannedurllist config file in Dansguardian. See also bannedsitelist.

Yahoo Messenger login should then be blocked.

Read this old howto for details about the config files (towards the end).

http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/dansguardian%20instal%20&%20configure%20HOWTO%20for%20sme%20server.htm

[mmccarn]

Ive done already banning the PC's ip address

You're thinking backwards -- banning the PC's IP address will only prevent users from opening web pages hosted on that PC.  Ray is trying to get you to ban the IP address of the yahoo server that the PC must contact in order to 'login' to yahoo messenger.

In this (non-contribs) post on blocking chat programs http://nscsysop.hypermart.net/no_chat.html they say that you should block access to

Code: [Select]

# Yahoo! Messenger: msg.edit.yahoo.com/*
# (Yahoo! Messenger: Might also need to block messenger.yahoo.com /*and http.pager.yahoo.com /* Be sure to type in the http on that last URL).

[kryptos]

hi,

i tried using blanket block from bannedsitelist to make sure no sites(including that of what yahoo messenger uses) can get through. Still i can login to yahoo messenger.

regards,
Rocel

[raem]

kryptos

> i tried using blanket block from bannedsitelist to make sure
> no sites(including that of what yahoo messenger uses) can get through.

You need to tell us exactly what entry you are making and in exactly what file.

Is Dansguardian installed & running ?
To find out do
/etc/init.d/dansguardian status

Do other sites get blocked ?

Did you restart dansguardian after making the change ?
You must restart it or the config change won't take effect.
Do
/etc/init.d/dansguardian restart

Is your transproxy port correct
To find out do
db configuration show squid

What value is listed for TransparentPort ?

[kryptos]

Hi Ray,

>Is Dansguardian installed & running ?
>To find out do
>/etc/init.d/dansguardian status

dansguardian (pid 4029 4028 4027 4026 4025 4024 4023 4022 4021 4020 4019) is running...

>>Do other sites get blocked ?
yes, all sites



config show squid
squid=service
    EnforceSafePorts=no
    SafePorts=21,70,80,81,119,210,443,563,980,1024-65535
    TCPPort=3128
    TCPProxyPort=80:3128
    TransparentPort=8080
    access=private
    status=enabled


Regards,
Rocel

[raem]

kryptos

>>Do other sites get blocked ?
> yes, all sites

That's a puzzling answer.
You are saying that all sites get blocked, so no-one on your network has any access to web sites ???
Yet you are saying people still have access to yahoo messenger.

What I meant was, do other sites (ie external web sites that contain inappropriate material or are listed in bannedsitelist etc) get blocked, to prove/know that dansguardian is actually working & running correctly.

You didn't answer the other questions.
You need to tell us exactly what entry you are making and in exactly what file and what commands you issue after making the changes.

Did you restart dansguardian after making the change ?

Also are you sure you have not put the IP of the workstation into an exception list, therefore allowing unimpeded access ?
Does the workstation that you are trying to block access to yahoo messenger get blocked by dansguardian if you surf to sites that contain bad content (again to prove Dansguardian is actually functioning and blocking that workstation when it should do so) ?

[raem]

kryptos

> Dansguardian is already installed on my server and it work great.

You don't say what version of dg you have installed or how you configured it and your system.

You may need prevent dg from being bypassed.
Here is a useful post from
http://forums.contribs.org/index.php?topic=33775.msg145309#msg145309

Remove the local net to deny access to full squid proxy:

Create custom squid.conf template "20ACL10localhost":
mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf/
cp -pR /etc/e-smith/templates/etc/squid/squid.conf/20ACL10localhost /etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL10localhost

Edit the custom "20ACL10localhost" replaceing the code w/:
acl localsrc src 127.0.0.1
acl localdst dst 127.0.0.1

Expand SQUID template:
/sbin/e-smith/expand-template /etc/squid/squid.conf

Restart SQUID:
service squid stop
service squid start

[kryptos]

Hi Ray,

>That's a puzzling answer.
>You are saying that all sites get blocked, so no-one on your network has >any access to web sites ???
>Yet you are saying people still have access to yahoo messenger.

I am working on test server right now. One PC for server-gateway mode and a workstation. I have to test it before i will implement it the production server.

>What I meant was, do other sites (ie external web sites that contain >inappropriate material or are listed in bannedsitelist etc) get blocked, to >prove/know that dansguardian is actually working & running correctly.

I have said before i blocked all sites. Configure dansguardian bannedsitelist file and modify a portion see below:

#Blanket Block.  To block all sites except those in the
#exceptionsitelist and greysitelist files, remove
#the # from the next line to leave only a '**':
**
 |------->just remove the pound sign here



After that i do /etc/init.d/dansguardian restart
Then open firefox  as expected it blocks every site i enter on the address bar.

>Also are you sure you have not put the IP of the workstation into an >exception list, therefore allowing unimpeded access ?
yes, im pretty sure

>Does the workstation that you are trying to block access to yahoo >messenger get blocked by dansguardian if you surf to sites that contain >bad content (again to prove Dansguardian is actually functioning and >blocking that workstation when it should do so) ?

when i access it says "Blanket Block is active and that site is not on the white or grey list"

[kryptos]

Hi Ray,

Version number
dansguardian-2.9.8-2


>Remove the local net to deny access to full squid proxy:
Done this already but still won't block yahoo messenger

One thing i have noticed about this program when i monitor it through netstat is that it changes it port connection everytime i block the port it uses. It uses known port like 21, 23, 80,5050 ....etc  and even smtp port.    


regards,
Rocel

[raem]

kryptos

Some years ago adding sites that Yahoo Messenger accessed to the bannedsitelist was effective.
I did some testing & reading overnight, and obviously the newer versions are more adaptable. Literature suggests it does try to use ANY port available, therefore making blocking difficult.
Monitoring var/log/dansguardian will still show you what sites are being accessed and adding these to the bannedsitelist can still block some of the plugins and render Yahoo Messenger less useful, but login (& IM it appears) is still possible.

Good advice from these forums and elsewhere is to disallow installation of Yahoo Messenger ie lock down your workstations so users cannot install those types of programs.

[JohnG]

Sorry for being late to this, but since DansGuardian is a web content filter it therefore has no effect on Yahoo Messenger. Yahoo Messenger is not the web and uses totally different ports.