A big part of being a security analyst is figuring out why something you admin is blocking what a customer is trying to get to. I actually like those problems because I look at them like a mini-puzzle. The key to these issues, and many others for that matter, is being able to recreate the trouble with your own equipment. I usually tell people, if it’s blocked for me too then I will be able to fix it. The hard problems come when it’s an occasional issue, or only from one part of the network, etc.
Anyway, the latest scenario involved a city employee trying to get to a local high school’s website to get their layout. The site was blocked with the category pornography, which seemed like a miscategorization. After recreating the problem on my desktop I got a hunch, which leads me to the reason for this post. I headed to google and searched “site:xxxxxx.edu nude” and it came back with the results that would make any webmaster wince. Pictured below (anonimized to protect the innocent)…
So that was quickly solved by making the school’s webmaster aware of the injected HTML SEO poisoning keywords and asking our vendor to re-evaluate the site once cleaned. But more to the point such Google searches are a really cheap way to do some manual monitoring for websites under your protection. I personally do searches like these every few weeks, on the off chance one day I will get something other then no webpages found. Don’t forget to submit requests to clear the major search engine’s cache if you’re hit or these results will stick around for a while.
PS I’ll leave it up to the reader’s imagination on which keywords to use.