Jump to content

Websense blocks Geocaching.com


Kit Fox

Recommended Posts

Well this is new phenomenon. Anyone else having this problem?

 

Yes, same here. I opened another thread while yours was being published.

 

Here's my info:

 

We are using Websense at work and this morning I see that "www.geocaching.com" is blocked. The reason is something like "malicious website". They don't provide more details.

 

It seems you put up some javascript/ActiveX/whatever that made your site become blacklisted in the worldwide Websense database.

 

Until this is resolved, nobody behind a Websense filter (with this category being enabled) will be able to see your site.

 

I've been told that once the problem will be fixed, Websense will unblock the site (but that may take a couple of days afterwards).

 

Please make sure to take actions! I can only use wap.geocaching.com at the moment...

Link to comment

Well this is new phenomenon. Anyone else having this problem?

 

Yes, same thing here. Fortunately with proxy sites like ibypass.net Websense isn't much of an issue. I was wondering whether Websense did the blocking, or whether it was just my employer... good to know it's not just me.

Link to comment

Well this is new phenomenon. Anyone else having this problem?

 

Yes, same thing here. Fortunately with proxy sites like ibypass.net Websense isn't much of an issue. I was wondering whether Websense did the blocking, or whether it was just my employer... good to know it's not just me.

 

I spoke with the security group and it's definitely coming from Websense (and he showed me the page from the Websense website that proves gc.com has been added to their database). This is all automatic, so once the problematic code has been removed, all should come back to normal.

 

Oh, and "ibypass.net" is also blocked here...

Edited by cron
Link to comment

Well this is new phenomenon. Anyone else having this problem?

 

Yes, same thing here. Fortunately with proxy sites like ibypass.net Websense isn't much of an issue. I was wondering whether Websense did the blocking, or whether it was just my employer... good to know it's not just me.

 

I spoke with the security group and it's definitely coming from Websense (and he showed me the page from the Websense website that proves gc.com has been added to their database). This is all automatic, so once the problematic code has been removed, all should come back to normal.

 

Oh, and "ibypass.net" is also blocked here...

 

I always thought it was odd that our net admins blocks sites, but not the proxies that enable us to get to blocked sites... and I actually find it interesting that geocaching.com isn't flagged by websense as a "games" site -- especially since http://www.geocacher-u.com/ and gpsgames.org are both flagged as "games".

Link to comment

My experience with such "defenders" is that they will rarely explain why certain content/code offends them so much.

 

I wouldn't be so quick to "blame" anybody at Geocaching.com for doing anything underhanded/malicious or threatening.

 

Point blank ask websense what is so wrong with the code they are seeing.

Link to comment

I have websense at work too. Since I am out with a sick kid today I can't verify if my work blocks it, but I guess since others have it blocked mine probably does too. Arrrgggh. My employer has the most restrictive web policy I have ever seen. I have tried bypassing the filters before and all proxies that I have tried are blocked too.

Edited by supertbone
Link to comment

I logged in Websense.com and got this

 

Site Lookup Tool

 

URL: http://www.geocaching.com

Category: Malicious Web Sites

Database version: 92931

Database date: 27 Nov 2007

 

 

If you feel this classification is INCORRECT...

 

I felt it was INCORRECT, of course, and submitted a request for a review of the category.

 

For me, the most appropriate category is "Social and Lifestyles: Hobbies". Still, it would be even better if geocaching.com is left out of Websense.

 

Even if Websense removes geocaching.com from the category "Malicious Web Site", I think it will be moved to some other category... And from what I've been reading here, probably some of you will be denied access. :anicute:

 

Here's the result:

 

Your URL submission has been received and is currently under review. Categorization updates should be available in the next scheduled publication of the database. A new database is published every business day, five days a week, Pacific Standard Time.
Link to comment

I have websense at work too. Since I am out with a sick kid today I can't verify if my work blocks it, but I guess since others have it blocked mine probably does too. Arrrgggh. My employer has the most restrictive web policy I have ever seen. I have tried bypassing the filters before and all proxies that I have tried are blocked too.

 

You could run your own proxy server on your home PC, if you have the know-how to set it up. That's what I do. There are also pay-for-access proxies that may not be blocked by Websense. I have a feeling that since gc.com is definitely in the Websense database, it's probably only a matter of time until it gets tossed into a category that's restricted by employers. Games would definitely be a no-go for many employers, Hobbies might stand a chance with a few....

 

Maybe you can get your network admins hooked on Geocaching so they'll want to white-list the web site! :anicute:

Link to comment

I work for a very large northwest aerospace firm (that I won't name :anicute: ) and got the message below today. I don't think we blocked any new categories so it must be some new code that was added.

 

ACCESS DENIED

The external Web site you have requested is blocked due to additional virus filtering.

URL: http://www.geocaching.com/my/

Filter Category: Malicious Web Sites;Security PG

Company name blocks web site categories that contain inappropriate content, those that contain malicious code, and those that provide services that may be unsafe to the Company name network and or its resources.

 

Virus filtering is implemented any time a website has been compromised. When the site is no longer infected the block will be removed and access to the site will be restored.

 

If you think this site has been blocked in error, please contact Security Monitoring and Response via email:Click here, explain if business impacting.

Link to comment

Blocking websites depends of "your" URL blocker software configuration. Your IT team can (hopefully) permit or deny dedicated categories. And depending of the product database it's blocked or not.

 

These databases and the URL category is managed by the software developer. We use the ISS Proventia URL filter and geocaching.com is categorized with "travel". And we permit travel websites :-) and if we would block it I will put geocaching.com to the whitelist ;-D

Thank god I'm a network admin!

 

Martin

Link to comment

If you think the website is not correctly categorized your IT team should check this and normally they are able to request a category update. Here you can check the ISS database http://filterdb.iss.net/urlcheck/

 

But...

nost companys do not allow their employies to suft for private use. Be carefull when contacting your IT ;-)

 

If geocaching.com runs special Java or Active-X scripts it's also possible that it's blocked. It's all in the hands of your network admins to do more or less security settings....

 

Martin

Link to comment

I went on to Websense.com and they have a tool in their support section that will allow you to do a site look up and ask for re-classification. On the site look up page you can suggest a new classification from a list. To use it you will need to create a free account.

 

I did a site look up of geocaching.com and www.geocaching.com. Please note if you leave off the 'www', geocaching.com is listed as a hobby site, but if you add it the site is listed as malicious. I suggested it to be reclassified as 'Society and lifestyle: hobbies'. I am sure it could also be classified in 'games' or even 'travel' if you stretch it. In the mean time I would try leaving off the 'www' and see what happens.

 

I hope that TPTB have already done this since blocking the site would obviously hamper our use of the site, but also lower ad revenue since there would be less traffic.

Link to comment

I have been blocked out from gc.com for weeks now (the firewall on my employers PC)

 

get this in the firewall

 

Attempted Intrusion "HTTP MS IE Object Element Data DoS" against your machine was detected and blocked.

Intruder: www.geocaching.com(66.150.167.150)(http(80)).

Risk Level: Medium.

Protocol: TCP.

Attacked IP: localhost.

Attacked Port: 1200

 

Maybe Websense have picked up the same problem in the code?

 

The Strandums

Link to comment

I have been blocked out from gc.com for weeks now (the firewall on my employers PC)

 

get this in the firewall

 

Attempted Intrusion "HTTP MS IE Object Element Data DoS" against your machine was detected and blocked.

Intruder: www.geocaching.com(66.150.167.150)(http(80)).

 

Maybe Websense have picked up the same problem in the code?

 

The Strandums

 

Yep, that is most likely it. I had the same issue with the symantec at my work. Fortunately i can manually remove the block on my local PC because my employer allows that.

 

geocaching.com uses some perfectly valid HTML which can cause a problem for IE 6. Kinda ridiculous to block a website for this, IMO.

 

Explanation:

http://www.symantec.com/avcenter/attack_sigs/s21422.html

 

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

This signature detects attempts to exploit a vulnerability in Microsoft Internet Explorer which allows an attacker to issue a denial of service attack on the victim host Internet Explorer Web browser.

Additional Information

A denial of service vulnerability has been reported in Microsoft Internet Explorer. This vulnerability is related to how the browser interprets properties of Object elements. The Object element is normally used to specify an external object to invoke such as an ActiveX component, Applet, etc.

This condition may occur when a malicious web page specifies an Object element with a data property that has a value of "?" or "#" in addition to specifying a type property that refers to an image type (such as "image/gif"). The vulnerability will reportedly cause the browser to crash due to an infinite loop.

Link to comment
Well this is new phenomenon. Anyone else having this problem?
The main GC site got blocked at my work today, but the forums still worked. Go figure....

 

The forums still work because they use a Groundspeak.com address, not a geocaching.com address. Groundspeak.com is listed in the Websense database as an IT site.

Link to comment

On the other hand, on the same database...

 

URL: http://www.Groundspeak.com

Category: Information Technology

Database version: 92932

Database date: 28 Nov 2007

 

URL: http://www.Waymarking.com

Category: Hobbies

Database version: 92932

Database date: 28 Nov 2007

 

URL: http://wap.geocaching.com

Category: Travel

Database version: 92932

Database date: 28 Nov 2007

 

URL: http://forums.Groundspeak.com

Category: Message Boards and Forums

Database version: 92932

Database date: 28 Nov 2007

 

So far, Wherigo.com and travelbugs.com are not categorized by Websense.

Edited by SUp3rFM & Cruella
Link to comment

Blocked by WebSense here too.

 

It seems Geocaching.com got into the Malicious Software category because the website was trying to write something to the client - this isn’t an arbitrarily assigned category. Unfortunately, IT security aren’t likely to open up a Malicious Software category site url - at least not where I work.

 

I’m not saying the GC developers did anything wrong (they’ve been doing a fantastic job) - it just is what it is in this security paranoid world and Web Sense is going to block what it sees as an intrusion. Sux!

 

I guess it’s wap.geocaching.com for me :laughing:

Link to comment

I've contacted Websense and have asked for more information on their listing, so hopefully they'll let me know so we can correct the issue. I'm sure whatever they've come across is just a false-positive and it should be very easy for us to fix.

 

In the meantime, I'll investigate the "HTTP MS IE Object Element Data DoS" that was reported to see if I can find out where this is coming from and remove it as well.

 

:laughing: Elias

Link to comment

Hmm. Looks like MarcusArelius and I share an employer. (I'm glad to see (well not really) that it's a generalized thing. I thought it might be something personal. Hoping for that unblocking.

hairball

 

Hey M/A betcha didn't know they were here too.

Edited by hairball45
Link to comment

I wrote to our tech guys who contacted Websense. Meanwhile they reclassified geocaching.de from "Games" to "Hobbies". Thanks!

 

Before reading this threat at home I contacted Groundspeak, they just wrote back that they're working on it. Many thanks!

 

So, let's hope this issue will be worked out soon. Meanwhile we could discuss the sense of wanting to try to censor the Internet, but that wouldn't belong here! Only thing I know : If I want to, I just bypass Websense, it's only a matter of patience and time.

 

Greets,

 

Thierry

Link to comment

Hmm. Looks like MarcusArelius and I share an employer. (I'm glad to see (well not really) that it's a generalized thing. I thought it might be something personal. Hoping for that unblocking.

hairball

 

Hey M/A betcha didn't know they were here too.

 

Actually, I did. I bet you're in Heath, Ohio.

 

BTW, our employer lets us surf from work on our own time (e.g. lunch). I think that we use websense too.

Link to comment

I work for a very large northwest aerospace firm (that I won't name :( ) and got the message below today. I don't think we blocked any new categories so it must be some new code that was added.

 

ACCESS DENIED

The external Web site you have requested is blocked due to additional virus filtering.

URL: http://www.geocaching.com/my/

Filter Category: Malicious Web Sites;Security PG

Company name blocks web site categories that contain inappropriate content, those that contain malicious code, and those that provide services that may be unsafe to the Company name network and or its resources.

 

Virus filtering is implemented any time a website has been compromised. When the site is no longer infected the block will be removed and access to the site will be restored.

 

If you think this site has been blocked in error, please contact Security Monitoring and Response via email:Click here, explain if business impacting.

 

I think I work of the same one - only in the south east. Very bummed when that poped up. Hopefully it will be taken care of soon.

Link to comment

:D Our IT team looked into this today and came back with the following info:

 

This site has been determined to contain code that may intentionally

modify end-user systems without their consent and cause harm and is

therefore appropriately classified at this time. The site will resume its content-based categorization, once it has been determined to no longer be a security risk.

If you are in contact with the people who run it I would let them know

Andy Thornbury

 

Systems Architect

 

*IRIS Legal Solutions*

Link to comment

I would be interested to see how web traffic to geocaching.com has been changed since this was put into place.

It's probably improved response times for those who can still access the site!

 

Yes, it has improved tremedously. I hope that they leave it in place permanently.

Edited by Team Cotati
Link to comment

Bad attitude from Team Cotati not withstanding, any new information on this from TPTB?

I've sent two requests to Websense asking for more information on this and I haven't heard anything back. Until they respond back to me, there's not much we can do to fix this issue.

 

:lol: Elias

Link to comment

Here's a fresh update.

 

A query in the Site Report Tool over www.geocaching.com returns this:

 

Site Lookup Tool

 

URL: http://www.geocaching.com

Category: Hobbies

Database version: 92935

Database date: 03 Dec 2007

 

So, it's not malicious. :lol:

 

Still, moving into the "hobbies" category will probably prevent many to access it under a network with Websense. The hobbies category is one of those blocked by "default", I guess.

 

Just as Waymarking, like i wrote before, is on the hobbies category. Wap.geocaching.com is on the Travel...

Link to comment
Guest
This topic is now closed to further replies.
×
×
  • Create New...