The Google for Education Community Platform

mpartenope4676 · ‎02-12-2024

A non-google post just for we admins. Some lovely student has been charging kids for a promised uninterrupted gaming experience while at school. Apparently this student has customers across the US, bless them. Anyway, this student keeps us on our toes. The newest iteration is somehow something called the rammerhead browser (found on github) is embedded into a page. It loads in a new blank browser tab and then you can use this browser to go anywhere and nothing shows up in the web history for our web filter. After a developer tool session and a HAR analyzer, seems that the rammerhead browser is calling to eolicatalinay.cl. I blocked that URL and we're good for now. I wanted to share in case this wasn't on anyone's radar.

ddelboccio · ‎02-12-2024

Is that the correct link? eolicatalinay.cl doesnt seem to resolve to anything.........

mpartenope4676 · ‎02-12-2024

The HAR file showed multiple calls to URLs that ended with that domain yes but each URL was different. I added screenshots to my original post and I realized that you can actually see it calling to the domain in the second screen shot.

Kim_Nilsson · ‎02-12-2024

I think blocking that top domain blocks all subdomains too, even if the top domain itself doesn't resolve to anything.

--
https://wheretofind.me/@NoSubstitute

Kim_Nilsson · ‎02-12-2024

Blocked that domain both in admin and Securly, and also blocked the search keyword *rammerhead*.

--
https://wheretofind.me/@NoSubstitute

Kelly_McMahon · ‎02-12-2024

Thank you for posting this

mpartenope4676 · ‎03-01-2024

So an update on this. It really became a game of whack-a-mole to block this lovely entrepreneurial student. In the end, we decided yesterday to block sites.google.com all together and then made a custom allow for the URLs below so they only can get to sites published from our domain and the back end to edit a site before it's published. If there is a google site that a teacher wants to use outside of our domain, we'll have to add it to this custom allow list. Only drawback I've found so far is you can no longer launch sites from the waffle on the new tab page. There's a hop at one point before it signs you in to just sites.google.com. Users can go to google drive and click new then more then google sites or go to sites.google.com/new

ps at one point we found an email in vault that including students in domains as far away as Washington State, so who knows, maybe your students are playing games this ours. 🤣🙄

*sites.google.com/?*
*sites.google.com/create*
*sites.google.com/d*
*sites.google.com/new*
*sites.google.com/static*
*sites.google.com/u*
sites.google.com/PutYourDomainHere.org

mpartenope4676 · ‎03-01-2024

PS for your amusement, a smattering of the URLs this student made as we continued to block the string after sites.google.com/

sites.google.com/forthememethedream
sites.google.com/view/bettheschoolcantblockthislol
sites.google.com/view/cheesit
sites.google.com/view/hehehehawww
sites.google.com/view/ikadmlnseesthis
sites.google.com/view/imgoodattech
sites.google.com/view/imgoodwithtech
sites.google.com/view/imgoodwithtechnology
sites.google.com/view/lightspeedfiltersucks
sites.google.com/view/neverbackdownnevergiveup
sites.google.com/view/plzdontblockthislol
sites.google.com/view/technologyisfunforme
sites.google.com/view/technologyisfuntouse
sites.google.com/view/thestakaloonyfam
sites.google.com/view/yourwasting%20yourtimetechnology

Kim_Nilsson · ‎03-04-2024

😂Whack a mole...

Better to slap the student with a couple of hours of detention.

It is a behavioural issue not a technical issue!

--
https://wheretofind.me/@NoSubstitute

mpartenope4676 · ‎03-04-2024

Oh, were that I were an administrator. You should see the state of our chromebooks in the MS and there is no recourse for that either. It's frustrating for sure, but it's not my decision to make, so I have to go this route. siiiiiigh The student purchased a domain over the weekend. 🙄🙄🙄🙄