Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
We are in a school district and constantly receive requests from teachers about students accessing inappropriate sites. It has come to my attention that there is a common theme of these sites using something called croxy proxy. Now, it masquerades as some innocuous website using some of the newer top level domains and some old ones like .io, .space., info., and .site The main domain, in some cases are just a string of characters, for example 8549efeeb2da.space and 7048d1ad4c3f.site. Since most of these sites are un-categorized, I'm very close to blocking anything that is not categorized, but will that be more of hassle to fix valid sites vs chasing hese proxies. This is also, I believe, causing excessive non-existent domain logs in my filter as well. I will see lists of websites, that go no where that look like random names like www.nteuropeanaspencalifornia.net and www.seniorsigmagraphconnect.com. There are literally hundreds if not thousands of these random domains showing up in my logs that go nowhere. Any help is appreciated.
Ok, after some peeking around the web, it looks like most of these Croxy Proxy sites are hosted in the Country of Panama under an organization called WhoisGurad, Inc. It looks like they are using a registrar called namecheap.com. Some of these sites were just registered a couple days ago which is why they would not be categorized. I may try blocking the Country of Panama, as I can't think of anything valid we would use here in the US.
The Country blocking did not help. There are other domains now coming from Palau. What a mess. I wish I could block Top Level domains or even possibly whitelist only certain top level domains. So only allows sites from .com, .net, .org etc.. Maybe I can do something with dns. Still a work in progress
In reply to tomrgsd:
when you do a url categorisation check what does it respond with?
You can create your own policy with croxy as a key word and block it.