Results 1 to 2 of 2

Thread: Scarcup internet Censorship avoidance site

  1. #1
    jdh Guest

    Default Scarcup internet Censorship avoidance site

    Hi is anyone able to help or advise on the following problem i am experiancing please.
    I have ZoneAlarm Internet Security Suite installed under a Microsoft XP Professional operating system with IE version 7 and am using the parental controls however, one of the young people who come into our office to use the machines have been gloating of finding a "way around the system" as they put it.
    There is a website called scarcup.com if you type this address into the address bar of the internet, then ZoneAlarm picks it up and blocks it, under hacking/proxy avoidance, however, if you search for the site via google, you are first taken to a page where it says there is an error with the
    site's certificate, and then gives you the option to carry on into the website (although it is not recommended) you can then
    use scarcup.com
    to bypass
    any internet censorship.
    The machines that we have ZoneAlarm on are for job searching and CV writing and used by young people aged 13-19 so we want to be able to leave the option of accessing search engines on there, but also want to ensure that they are safeguarded and prevented from accessing any inappropriate websites either intentionally or unintentionally.
    Does anyone know a way of completly blocking scarcup.com or as they don't have a valid certificate will this site always be like this meaning we would have to block all search engines and portals as well?
    Any help would be very greatly received.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Scarcup internet Censorship avoidance site

    Beautiful you caught a scan before it got you.

    Yes the server certificate does reads as advised by Opera:

    (1) The server's name "scarcup.com" does not match the certificate's name "localhost.localdomain". Somebody may be trying to eavesdrop on you.
    (2) The certificate for "localhost.localdomain" is signed by the unknown Certificate Authority "localhost.localdomain". It is not possible to verify that this is a valid certificate.

    A quick whosis reveals http://www.coolwhois.com/d/scarcup.com
    The dns IP is seen as 209.160.28.45.

    The provider is ONE-GLOBAL / HopOne Internet Corporation with the AS14361

    seesn here at robtex http://www.robtex.com/as/as14361/bgp.html

    This AS 14361 does have reports of Phishs and other bad sites involved in the past.

    The actual IP range for this scarcup.com is 209.160.24.0 thru to 209.160.31.255.
    Open the Zones of the Firewall of the ZA of the Zone Alarm and select the Add, then the IP Range. Select Block in the dropdown for the Zone, enter the first and last IPs and title either HopOne or as desired. Now the entire range is blocked off in the forewall.

    The next step is to add the scarcup.com to the host file (windows\system32\drivers\etc) as "127.0.0.1 scarcup.com " listed after the "127.0.0.1 localhost" entry. Just first make sure the ZA is set not to block changes to host file changes in the OSFirewall or in the Advanced of the Firewall before editing the host file. Once this is added, any dns lookup for this site will always be redirected to your own localhost and thus blocked instead of the windows/browser obtaining a proper domain name from the internet.

    Now it is blocked off two different ways at the computer itself. It is also maybe possible to block this particular IP range or URL in your router, but that is for a different forum and posting.

    Oldsod.

    Message Edited by Oldsod on 07-25-2008 09:40 AM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •