Topic: Blocking yahoo messenger

[raem]

kryptos

> Dansguardian is already installed on my server and it work great.

You don't say what version of dg you have installed or how you configured it and your system.

You may need prevent dg from being bypassed.
Here is a useful post from
http://forums.contribs.org/index.php?topic=33775.msg145309#msg145309

Remove the local net to deny access to full squid proxy:

Create custom squid.conf template "20ACL10localhost":
mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf/
cp -pR /etc/e-smith/templates/etc/squid/squid.conf/20ACL10localhost /etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL10localhost

Edit the custom "20ACL10localhost" replaceing the code w/:
acl localsrc src 127.0.0.1
acl localdst dst 127.0.0.1

Expand SQUID template:
/sbin/e-smith/expand-template /etc/squid/squid.conf

Restart SQUID:
service squid stop
service squid start

[kryptos]

Hi Ray,

>That's a puzzling answer.
>You are saying that all sites get blocked, so no-one on your network has >any access to web sites ???
>Yet you are saying people still have access to yahoo messenger.

I am working on test server right now. One PC for server-gateway mode and a workstation. I have to test it before i will implement it the production server.

>What I meant was, do other sites (ie external web sites that contain >inappropriate material or are listed in bannedsitelist etc) get blocked, to >prove/know that dansguardian is actually working & running correctly.

I have said before i blocked all sites. Configure dansguardian bannedsitelist file and modify a portion see below:

#Blanket Block.  To block all sites except those in the
#exceptionsitelist and greysitelist files, remove
#the # from the next line to leave only a '**':
**
 |------->just remove the pound sign here



After that i do /etc/init.d/dansguardian restart
Then open firefox  as expected it blocks every site i enter on the address bar.

>Also are you sure you have not put the IP of the workstation into an >exception list, therefore allowing unimpeded access ?
yes, im pretty sure

>Does the workstation that you are trying to block access to yahoo >messenger get blocked by dansguardian if you surf to sites that contain >bad content (again to prove Dansguardian is actually functioning and >blocking that workstation when it should do so) ?

when i access it says "Blanket Block is active and that site is not on the white or grey list"

[kryptos]

Hi Ray,

Version number
dansguardian-2.9.8-2


>Remove the local net to deny access to full squid proxy:
Done this already but still won't block yahoo messenger

One thing i have noticed about this program when i monitor it through netstat is that it changes it port connection everytime i block the port it uses. It uses known port like 21, 23, 80,5050 ....etc  and even smtp port.    


regards,
Rocel

[raem]

kryptos

Some years ago adding sites that Yahoo Messenger accessed to the bannedsitelist was effective.
I did some testing & reading overnight, and obviously the newer versions are more adaptable. Literature suggests it does try to use ANY port available, therefore making blocking difficult.
Monitoring var/log/dansguardian will still show you what sites are being accessed and adding these to the bannedsitelist can still block some of the plugins and render Yahoo Messenger less useful, but login (& IM it appears) is still possible.

Good advice from these forums and elsewhere is to disallow installation of Yahoo Messenger ie lock down your workstations so users cannot install those types of programs.

[JohnG]

Sorry for being late to this, but since DansGuardian is a web content filter it therefore has no effect on Yahoo Messenger. Yahoo Messenger is not the web and uses totally different ports.