Detection logs show user trying to access porn
Posted by Tee-hee64@reddit | sysadmin | View on Reddit | 537 comments
So recently the past few days we’ve noticed that numerous attempts by a user to access different porn sites have been made which were automatically blocked by the web control.
It came to a shock to us all that someone would be trying to do this on a work machine.
I’m not sure where to go from here. Whether the user learns they can’t do this and we let it be or to report it to HR.
Llamapocalypse_Now@reddit
You sure they're not just scrolling reddit?
Vvector@reddit
First thing I do starting a new job is create a work-only Reddit account. Never browse Reddit on your personal account on a work device
dbootywarrior@reddit
Even if its your personal device as long as youre connected to the company network they can see what youre browsing unless you got vpn installed
zaphod777@reddit
They can see the domains you're browsing, not the site content / full url unless they've got a custom certificate installed on your device or some other monitoring software that they wouldn't have in a personal device.
TrickShottasUnited@reddit
Dns over https would stop domain detection no?
spin81@reddit
Now if I catch someone installing a VPN then they will get reported to security pronto by this Redditor. IDGAF about porn, but making a tunnel inside/outside the network is a problem.
Lost_Drunken_Sailor@reddit
Is this you?
spin81@reddit
Is this you?
13
Lost_Drunken_Sailor@reddit
That’s
dbootywarrior@reddit
A VPN on a personal device connected to company network shouldnt be an issue. A VPN on a work device is. Correct me if im wrong
hornethacker97@reddit
Yeah spin81 is definitely in the wrong. Probably doesn’t understand what a VPN actually is.
tuxedo_jack@reddit
Why in Dante's seventh through ninth hells would you ever, EVER connect a personal device to a company-owned connection?
I won't even let my personal equipment touch client networks, let alone my employer's.
spin81@reddit
You don't use the guest wifi with your personal phone? Because that's what you're saying.
tuxedo_jack@reddit
Dingdingdingdingding.
There's a reason I pay for unlimited everything and use an unlocked phone, and it's so I don't have to worry about tethering when I'm out and about.
spin81@reddit
Fair enough!
Glittering_Power6257@reddit
Considering my personal phone has it’s own internet connection, that is exactly what I’m saying.
spin81@reddit
Fair enough then!
Lost_Drunken_Sailor@reddit
Sometimes cell service inside buildings is shit. Especially when you’re trying to take a shit and use your phone.
CarnivalCassidy@reddit
Because most of the time it's not a big deal, and IT doesn't go snooping through people's activity for fun.
tactiphile@reddit
To clarify, they can see what sites you're browsing, assuming everything is TLS. All the actual content, including URLs, is encrypted.
Granted, a lot of places have a TLS-breaking proxy. This is why god made cert errors. If you click "continue anyway," they can see everything, and you're on your own.
anomalous_cowherd@reddit
My personal devices are never connected to work networks, even in places where it's allowed.
Apart from WFH which uses an encapsulated Citrix environment. If they decide to take action on things I do on my personal machine outside of that sandbox that would be a big deal - for them, not me.
Commercial-Fun2767@reddit
It always amazes me how different the USA culture might be about work. It’s not different in a good or bad. It’s just funny because we are so similar.
Pitiful-Figure8874@reddit
Hey good idea
sysiphean@reddit
The last company I worked at had Reddit blocked under “pornography:RedGifs.” I had to keep a personal computer (I’m WFH) to google most anything because of how many answers (especially for PowerShell) are found on Reddit.
glasgowgeg@reddit
Seems overzealous, surely they could just block the redgifs domain and it would prevent the externally linked content from loading?
According-Bit-4327@reddit
Not sure it is detected as redgifs weirdly. Checked my own WiFi logs recently since I forgot I had some come up on my feed and saw no attempts to hit redgifs.
sysiphean@reddit
I’m sorry, but it seems you expect thoughtfulness from a team that justifies its existence by the number of blocked pages.
Not that all teams that manage the filters are that way, but this one was.
Lost_Drunken_Sailor@reddit
Reddit is blocked at my workplace. I’m also work from home so it’s easy to just search on a personal PC
unlucky_ko@reddit
This is soo funny i cantt🤣🤣🤣🤣
wardedmocha@reddit
I have a feeling this is how most people look at porn at work. Along with X or twitter. At least where I work nothing is blocked (other than malicious sites) I really hate to think about how much porn is consumed where I work. Its a state college so I am guessing terabytes a day at a minimum.
theunquenchedservant@reddit
"I bet all my coworkers are just gooning all the fucking time" is a wild sentiment.
wardedmocha@reddit
Well I hope its not my co-workers. Students live on campus, I am sure they consume a lot of porn.
Cword76@reddit
I figured that or they logged into their account in Chrome and imported all their bookmarks...may have clicked a few out of habit. Ask me how I know.
monkofbaconorder@reddit
This is why the controls exist, and frankly not your job or worry to fixate on the “why”, just remove the how/where in you corporate environment.
Best bet is the following, depending on your relationship with HR and what are your protocols. 1) Send out a company-wide reminder on your user policy, attaching said policy, and things like porn, hate speech, etc, are not permitted on any and all company devices. …Note: if your user policy doesn’t say it, time to update it immediately!!
2) If it continues, give HR a heads up that you believe someone is violating policy, and what logs/info would they need prior? If they get wishy washy about confrontation, it may not get farther than that sadly.
3) Provided #2 gets you info, monitor/log/report to HR, and wash your hands of it for now. Remember, you shouldn’t confront the individual yourself, unless HR wants you in the room OR HR gives you its blessing to send a “targeted reminder” of usage policies.
itskdog@reddit
What's the company's disciplinary/complaints policy?
Surprised it's a shock given all the stories you get here about IT finding CSAM on a device they were working on, and having to call the police.
Dariaskehl@reddit
The sheer number of calls made by the Geek Squad to the local sheriff over several years.
shudder
anpr_hunter@reddit
Can confirm. Found CSAM while I worked at Geek Squad, was there when they arrested the piece of shit.
anxiousinfotech@reddit
I worked repairing computers at a shop for a few years. I came across plenty of normal, and even abnormal, adult content, but thankfully never CSAM or anything that was illegal. I'm very thankful for that. The shop owners were crystal clear. If I ever did, I was to call police immediately.
And yes, the man who constantly commented on the local paper articles slamming the lack of morality and religious righteousness etc. of everyone else had the most extensive collection of depraved, but legal, content & bookmarks...
Tatermen@reddit
I came across it once back when I worked in a repair shop.
It was in a folder on the desktop, with the thumbnails clearly visible. Zero attempt to hide it. It was reported to the police and they came and collected the PC the same day. Never heard what happened to the guy.
CapOk4599@reddit
Almost sounds like a cry for help. Or very low intelligence
Various_Payment_7956@reddit
what do you mean cry for help ?
c4nis_v161l0rum@reddit
There are some people that do that hoping they get caught. So maybe they’ll be away from people before they hurt someone. Some of those people realize they’re sick and try to get help. Sadly it’s far too few of them.
Various_Payment_7956@reddit
could be.
anxiousinfotech@reddit
It was 100% low intelligence, and probably some self-loathing IMO. There were a bunch of other things he'd scream about in his posts that he and his wife both did themselves.
What I found was just the stuff blatantly visible on a system. I never looked any deeper into anything than I had to. Not my business.
OptimalCynic@reddit
I worked that job through university. One customer was so incredibly obnoxious that when I restored the backup onto his new drive, his porn folder didn't make it across.
Various_Payment_7956@reddit
bro was revealing his truth I guess. Thats one way to get honest with yourself and cope. Say everyone is bad (Which included him too), so it validates him I guess.
c4nis_v161l0rum@reddit
Sorry you had to deal with that. Did they cuff him in front of his wife and kid?
Dariaskehl@reddit
“You will be contacted, Sir. I have no additional information. “
Repeat until their eyes go wide and they walk away.
(Then, the guy that shot the place up and tried to kill dozens of people wasn’t even one of the damn child rapists that can’t run adware!!)
CeldonShooper@reddit
When I was an admin in university around 25 years ago I remember one user creating like 20 subdirectories where he then hid CSAM. No one would have noticed but my colleague was going through backup logs and saw that the nesting level was too deep to store the full path name which resulted in a warning. Police was involved. All in all a pretty ugly situation.
HerfDog58@reddit
I've never had to contact law enforcement, but when I worked K-12, I got called in to assist state police with an investigation at one of the sites I worked at. The issue wasn't images and material, it was communications between an adult and a minor. They were using a Hotmail account, and sending messages only to that address.
They thought they were clever and getting away with it, but didn't know that Hotmail tracked the IP addresses the account was accessed from. I was able to provide information that made the case against the adult airtight. This was 25 years ago; POSes like this were allowed to resign rather than be fired and didn't do jail time, but he did have to register as a level 3 sex offender and was on probation for 10 years.
Geno0wl@reddit
the real clever ones do shared account Email drafting. Where they log into the same email client, create a message but isntead of sending it they save it as a draft, other guy reads the draft and deletes it.
Most email providers don't save drafts after they are deleted.
HerfDog58@reddit
That's basically what they were doing, but with actual messages instead of drafts.
Law enforcement got the IP information for the school building from us, and subpoenaed the ISPs for the adult and the minor. They did the same for the ISP for the cabin where the adult stayed with his family on vacation in Alaska. Once all the access dates/times and IP addresses were correlated, these two had done a better job of leaving a trail than Hansel and Gretel.
aiiye@reddit
We had to make a non zero number of calls to our local PD when machines coming in for repair at the Genius Bar had that content.
c4nis_v161l0rum@reddit
Yeah never had that when I was working retail tech support directly but did have a guy bring in his computer once that was very much in the grey area. Had tons of links to websites of kids underwear and kids underwear and swimsuit models. Yeah. It was creepy AF. And it was obvious this dude wasn’t a parent or grandparent. He got a stern warning from myself and my manager thing if he ever brought in his computer again with that kind of stuff, cops would be involved.
We weren’t allowed to dig into personal files of course but I bet dollars to donuts I would’ve found stuff.
Valdaraak@reddit
Also a reminder that Geek Squad was at one point in time both trained and paid by the FBI to purposely snoop around on systems that came in for work.
tuxedo_jack@reddit
Badge 3812 here, ex-D8 / D59.
Oh, the stories that are still covered by NDAs, even 20 years on.
I'd say "good times," but... well, I have regular therapy sessions for a multitude of reasons, and what happened at Geek Squad was only some of them.
Various_Payment_7956@reddit
Does therapy really help ? or we just built a mental health industry but in reality is a marketing gimmick ?
getting blown up in wars and living with a extreme level of resources, I just think therapy doesnt fix us as humans.
Izarial@reddit
Yep, had to call cops myself at least twice when I worked at GS… we never even looked through people’s files, it was just super badly hidden and then popped in a malware report. Once we saw the file name we were obligated to report and call.
rootpl@reddit
Fucking hell so many comments of people working in GS and calling cops. I've worked in GS for two years here in the UK in Carphone-Warehouse, not once we came across abuse materials.
tj818@reddit
Made those calls many time when I was working there 🤦♂️
keddren@reddit
A long, long time ago we had a guy store it on our company FTP server. That was a fun conversation with leadership.
reinhart_menken@reddit
I fucking hate that CSAM is a system name for some IT procurement documentation software in the govt and CP is a contingency plan. They could just call it SCP then at least it's just giggles and not hard cringe.
Arlieth@reddit
It's also popular during October as Cybersecurity Awareness Month 🫠
jasmeralia@reddit
One of the teams at $WORK had an acronym of CSA. I was so relieved when they renamed the team a few months later. Sometimes people need to check against a "bad word dictionary" before chosing names for things.
DoctorOctagonapus@reddit
I pity anyone who works as a Customer Service Advisor.
JustKeepRedditn010@reddit
One company i worked at abbreviated their Sales and Service team to SS.
reinhart_menken@reddit
I think SS is not as bad, I assume you're referring to Nazis? But US also have Secret Service.
hfsh@reddit
And the Selective Service. And yes, it absolutely is that bad.
dinnerbird@reddit
That would be USSS
anomalous_cowherd@reddit
Our timesheet had a text description for each booking code, and the spreadsheet shortened the longer names.
I booked many happy hours to Anal(ysis) Act(ivitie)s.
missed_sla@reddit
Whenever deciding on a name for something, the best thing to do is search your name on urbandictionary.
damselindetech@reddit
Possibly behind the naming convention of the CompTIA CySA+ certification
Tronerz@reddit
Last year our government put out a bunch of PowerPoint etc materials for Cyber Security Awareness Month with the acronym CSAM everywhere...
Hasuko@reddit
It's an official Microsoft title.
MaelstromFL@reddit
TBF CSAM existed before the acronym for CP was popular!
reinhart_menken@reddit
Okay good I know cause CSAM was new to me in the last year too. I only knew of the abbreviation CP before.
lampm0de@reddit
Happened while I was an enlisted Marine working at a major base. A CWO (Chief Warrant Officer) was caught accessing CSAM. He was arrested, stripped of rank, and thrown in the brig. This was the 90’s before it became mainstream knowledge (outside of IT) that IT is watching what you do.
kirksan@reddit
I smiled at the “shock”. I’d be freakin’ stunned if people didn’t try to access porn/malware/whatever.
OP: Unless you have evidence of CSAM then be thankfully your controls worked and move on. If there’s CSAM tell (don’t ask) HR that you’re calling the cops, and then do it.
DeerOnARoof@reddit
I found CSAM when I was an intern. God damn it was awful
MiataBoy95@reddit
It's more common than you think, some time ago I found a mix of straight and Trans porn pics in the user image folder of one of the shared computers in my company workshop used to view technical drawings and log working hours. It was hilarious when i reported it and the IT guy was shocked.
Prestigious-Stand-24@reddit
Do you remember that saying, "work without play, makes John a dull boy" ? Just let it slide, the tool the company put in place is already doing its work.
dwj7738@reddit
Does the company have an acceptable usage policy signed by all employees? If not, create one and implement it. It's not IT'S position for action. Pass the information to HR, and let them deal with it. Your DNS blocks will stop them.
Real-Ph1r3@reddit
Are these blocks during business hours or is it a laptop they are trying at home? Assuming it’s the former I would maybe log their traffic to make sure anything isn’t getting through, I am guessing it’s not or you would stop seeing the blocks.
I personally wouldn’t take action against anyone for trying to access a blocked website. The block worked.
You could maybe male a policy, have it emailed, and change the warning page that repeated attempts to access a blocked website will be reported to HR and may result in disciplinary action. That will scare most to give up after the first block.
sqnch@reddit
Security controls worked. Maybe orchestrate a thinly veiled reminder to all employees about access work-appropriate content on work machines to give them a heads up without singling them out. Or not.
mtwdante@reddit
This is the human version. Listen to this op.
jokebreath@reddit
This is exactly what I would do and I think the best advice. Honestly, unless I saw it was something illegal or it had been communicated to me that it was company policy to report anyone who ever tried to access adult websites from their work computer, I would have a chuckle and move on.
You have a tool put in place to block access to adult sites, the user tried to access an adult site and the tool blocked him. End of story! Why would I possibly want to waste my time with an issue that has nothing to do with my job?
Should I comb through everyone's web history and flag anything I deem to be inappropriate? If someone is accessing Reddit, should I make sure they're only on work-related subreddits and not anything that may contain adult related content? As someone else said, we're not the morality police, Christ.
Unless it's something egregious like a school teacher repeatedly accessing porn on their classroom computer during class time, everyone saying immediately go to their manager or your manager or HR are insane.
CarnivalCassidy@reddit
It's quite apparent that a lot of people picked this job so they could be a digital hall monitor.
bobs143@reddit
This is the correct answer. They were blocked. Send a reminder to only access appropriate sites on company devices.
I'm not going through logs to see who accessed Facebook, Instagram, Netflix,Hulu, Reddit, Amazon or any other multitude of sites that could be deemed inappropriate. If it affects the users work then that is an issue between their manager and HR.
I would turn over search history only if asked.
Our main job is to keep the machine running. Not spending all day playing the Internet cop.
stinky_wizzleteet@reddit
\^ This. After 20+ yeard in IT I can tell you one consistent thing. People in any company will try to or access porn at work. Sometimes alot. I dont care. I'll never care.
Unless its affecting your job or is illegal close your door and look at porn all day. Dont care.
I've caught people with illegal stuff and lets just say the cops made sure they didnt have a good Monday. Keep in mind I know just what you are looking at and for how long. If your manager asks I'll tell them how much and where. So dont do it.
Otherwise a gentle reminder is really all you need, trust me.
ZweiNor@reddit
Did a network sniffer check once and caught the night guard watching porn. Never had a check without porn hits tbh, and honestly, who cares? Just block the categories and go on with your life. Ain't nobody got time to sit around monitoring that shit.
HotTakes4HotCakes@reddit
Yeah it's the sort of thing where if it happens repeatedly, maybe you do or say something, but it's not like people aren't going to bounce off content controls every now and again.
If you lock a door, you don't call the cops because someone jiggled the handle.
againstbetterjudgmnt@reddit
If some random person jiggles the handle of my house you best believe I'm calling the cops. There's no valid reason for that.
mk9e@reddit
This is a great way to put it. That said, I think it also depends which door someone is jiggling the handle of. IE, I see someone jiggling the handle of a torrenting site, that's a paddling. I feel like it should be obvious not to try and jiggle the handle of an adult website but people are usually both curious and horny.
8BFF4fpThY@reddit
Many times you jiggle the handle of a porn site because it's an embedded ad on a reasonable site.
c4nis_v161l0rum@reddit
No joke. I’ve seen this so often and Ben on legit forums where you might be researching an obscure tech issue. Like come on man. Trying to work here.
mk9e@reddit
My go to test for checking FW filtering is an icmp packet to pornhub. No one has said anything for almost 10 years now but I'm waiting for the day I'm going to have to explain that.
Sea-Aardvark-756@reddit
There are also a lot of sites blocked as adult content which people link to as trolls (lemon party) or even are similar to real sites (a popular one was white house dot com), not to mention the user might have been clicking a link or attachment that forwarded to the site (may be worth looking into in case they need security training). It can also be they (wrongly) use the work laptop for porn at home, bring it to the office, and then it opens the same tabs and tries to load what they last had up, triggering the filter.
It's surprising to me that so many people here assume intent to look at porn at work, it's definitely possible but I would put slightly higher odds on one of the other scenarios.
Qel_Hoth@reddit
It's also entirely possible that the categorization is just wrong.
We had a bunch of rejects on a site categorized as "dating" this week, and tickets to follow. Somehow Palo Alto's algorithm classified a local home builder's website as dating.
No obvious defacement or communications from the company and our employees hit this site frequently.
rainer_d@reddit
Safari in the guest account of macOS refused to access the forum of a popular local cooking recipe site.
I guess forums can be bad because you never know what is posted - but a recipe site?
Sea-Aardvark-756@reddit
Yeah, we've seen medical vendors classified as dangerous material as well, it definitely happens. I've seen coworkers stumble on blocked sites without looking into it further or knowing if it was for legit reasons and just finding alternative sites as well (or looking at it through Archive.org or a personal device), and they weren't hiding anything. Hitting a filter is one of the few scenarios where I always assume innocence until a very high bar of proof is met to require action.
8BFF4fpThY@reddit
We recently had an issue where someone signed into chrome on their work computer with their personal account. It synced their history and set off a billion alerts. We calmly told them that if they sync history, then their home browsing history is available to us as well. They got the hint.
Luscypher@reddit
You report it to your boss and HR, cos the user endangered a policy. If you fail to do that, it means you are not doing your job.
c4nis_v161l0rum@reddit
This. I got flagged once for doing my job. I was researching cybersecurity stuff and the filter flagged it as “hacking”. My boss got a good chuckle out of it.
Valdaraak@reddit
Yea. I think I'd only mention it if the user sees it's blocked and then tries ways to get around the block. If I start seeing evidence of attempted evasion, that becomes actionable.
dougmc@reddit
Clearly, you have not been reading the local Nextdoor group!
Comfortable_Ad_8117@reddit
20 years ago when I was a junior tech, my job was to collect the old laptops for e-waste. I used to find tons of stuff that should not be in a company laptop bag - Like sexy underwear, adult toys, and one time even a small pack of cocaine. - I never reported anyone, just tossed it out and continued on. As for porn, I had a partner turn in a laptop with his on personal sex tape on it!!!!! Again - just deleted it and moved on to the next one. —- As an IT director now, my motto as long as people are getting their work done and a supervisor is not complaining I would let it go. Send out policy reminders, but if the guy is a good worker and doing his job no harm done.
Sarenord@reddit
I do think it’s worth acknowledging that certain users will demonstrate a pattern of attempting to access these things more than once and I’ve certainly had users like that that have turned around and figured out a way around the blocking tools and had a lot of things on their laptop that they shouldn’t when we collected it from them
HotTakes4HotCakes@reddit
That's true but they're already getting the reports, so they're going to see the patterns if the patterns if they start to develop. There's no reason to jump the gun until you start seeing it.
BogdanPradatu@reddit
My company is blocking certain subreddits, it's actually funny cause there's many of them. Subs like sex, anal etc. Are blocked. Also mensrights, I noticed is blocked, but there are like a million adult subs out there and most of them are not blocked, lol. It's funny cause some IT guy probably just manually adds subs to the list, lol, as soon as he discovers them.
Also, I am way smarter than them, I just use infini.wtf to jerk off, they can't stop me!
canadian_viking@reddit
The "not the morality police" argument is a straw man. This isn't about what the user likes; it's about risk assessment. If a user has the poor judgment to visit porn sites on a recorded work network, they’ve just told you exactly how much they value (or understand) company security.
Sure, the filter blocked the site. Are there similar safeguards in place to prevent them from dumping sensitive info into a public AI, or falling for a high-effort spear-phishing mail because they're used to clicking through warnings? Is something stopping them from setting up a VPN or installing a sketchy browser extension? If nobody says anything about this, are you just giving this end-user multiple tries to get past your safeguards? This isn't about reporting a sinner to HR, this is about dealing with a high-risk endpoint actor.
C'mon now. It's naive as hell to be all "They're choosing to look at porn on company devices, but aside from that, I'm sure they'd never do other stupid shit."
I ain't saying to just blow up this user's life and get them fired, but it absolutely needs to be addressed. If you want to give them a warning and an out at the same time, you could just email them with a "Our web control software has detected suspicious activity from your computer. This violates our Acceptable Use Policy. We're assuming that you didn't do this yourself, which means we now need to do a full scan of your computer for viruses, malware, or other unauthorized software in order to prevent this from happening again in the future. Thank you for your understanding."
Atomwalker2022@reddit
I would just have all porn sites redirect to a different server and have it display a static page stating the site was blocked and is not allowed on a work machine. Simple, automated and doesn’t call them out directly.
Crow-Caw@reddit
If it's happened repeatedly then no. It's not a matter of being human it's about protecting the company and it's employees and it's customers. Anyone knows it's wrong to do and can lead to malware or even worse. Report it to hr, that is their job.
mtwdante@reddit
I see a failure to instruct people here. Do you report him after he tries once? Twice ? So you decide after how many times.. is your job to report him to hr or protect the systems?
Crow-Caw@reddit
The first time. It's actually crazy anyone is defending this.
Doomstik@reddit
Or gonwith the satan version and figure out whoch machine it is then remote in and open a notepad telling them you can see everything they are doing.
BroaxXx@reddit
On the one hand I kinda agree... on the other hand I feel that if someone's doing this it's an actually huge red flag and an actual concern.
Stonewalled9999@reddit
generally the people this memo applies to ignore it / don't realize its about them,
mtwdante@reddit
You put it big ok the screen, your activity is monitored, this is website represents a security risk. Further atemps will be reported to the incident response team to be handled based on company policy regarding atempts of using forbidden content.
Easy,
it4brown@reddit
Any response given by a human, is by definition a human version.
The employee is in breach of company policy and should be swiftly and firmly reminded of said policy while being made aware of potential punishment. This is not a question of "is porn bad" it's a question of company security. No one wants to deal with a cyber incident because Jim from investments wanted to get his rocks off at 9AM on a Tuesday.
RollTide1017@reddit
Holy crap! I'm glad you are not my IT boss. You know how many times I have bounced off our access controls, and I work in the IT department. My place of work blocks most video game websites and I will forget at times. Google a video game, click a link and bam, website blocked message. Glad I'm not being sent to HR or repermanded by my boss everytime like you seem to want.
I'm really surprised at the responses in this thread and how many are saying to report the person. You know, techniclly they did not ever look at any porn, just the blocked message.
The tools worked and stopped the user from accessing the site. IMO, it ends there. If I ran down every user that hit our access control it would be all I ever do. The tools are working, why would I care beyond that? I'm not paid to be the HR police.
Seems like some just want to show the user the power they have. Honestly, I don't want our user thinking about how much we can see. I don't want them feeling like we are looking over their shoulders. I've worked in those kind of enviroments before, it's not enjoyable.
You have those tools in place for a reason, don't create unnecessary work for yourself.
it4brown@reddit
Conversely, I'm glad you don't work for me.
Details matter. A tool should work, but an employee should adhere to policy so the tool is not the only safeguard.
The employee demonstrated an inability to get the hint via block message and continued to try to circumvent policy. That shows this isn't a "bumping against access controls". It's a concerted effort.
Users are your first line of defense, not the last. Stop treating them and their actions as expendable. Data breaches are increasingly a user training issue, so train them and demonstrate consequences.
mtwdante@reddit
You are not the Internet police. Your job is security. You did your job by blocking that. Next step as I said would be to improve the message and deter people from doing it in the future. Reporting them to hr/manager just creates issues. Your job as enginees is to solve issue not create others.
TreborG2@reddit
Yes to this, improve the message.
If possible the message should read this is explicitly forbidden, and that trying adult sites may be reported to HR for further action.
it4brown@reddit
My job is to protect the company. Anybody with half a brain understands that security is more about user training and less about tools.
mtwdante@reddit
How do you train him if you report him to hr or he gets fired? You used to be trained with a stick on your back?
it4brown@reddit
The employee presumedly received training and HR/Manager will own responsibility to ensure he receives additional training. Fired or not depends on the company policy.
mk9e@reddit
I see this take. If it's a one off to something obvious, I'd personally let it go. I mean, that could be someone just not thinking or maybe some kind of web hook reaching out somewhere naughty. If it looks intentional or repeated, that's where I'd send it up the chain to HR. The motivation being moreso about someone trying to circumvent obvious security controls.
No_Adhesiveness_3550@reddit
Pedantic
R0CK1TMAN1@reddit
You’re a dickhead.
bong_crits@reddit
Double check for malware, especially browser plugins which have been hijacked (deprecated / supplychain attacks) - This can also be a good talking point that lends some culpability / excuse. This should be your first response to seeing traffic like that because its the most actionable to an actual security threat.
captainsalmonpants@reddit
Also an opportunity for a wellness check on the individual. Human sexuality is normal, lack of impulse control or clear boundaries is the issue here. Basic needs may not be getting met, or intoxicants / brain damage may be at cause.
Creative-Package6213@reddit
Why did it take so long to find this! This would be my first thought as well.
whythehellnote@reddit
Rather than blocking with a generic message, just pop up a screen with large flashing text saying
$USER_NAME -- you wanker, do it on your own time!
Comfortable-Bunch210@reddit
In my IT career the most difficult things I’ve had to is be “that guy”, who has to audit someone’s computer usage. But frankly, if I halfway like you as a person, I’d pull you aside before I made a formal issue of it. Conversely if I didn’t like you as a person your usage reports get documented and forwarded to the appropriate people.
bjorn1978_2@reddit
Just leave a folded paper note on the computer. «Please, no porn. HR is a pain in the ass to deal with on this shit, and I do not have the energy to deal with them. - brg your friendly IT guy»
User will break a sweat (if there is more then rocks upstairs), and user is warned. If it happens again, it will be a HR problem.
JohnnyRetsyn@reddit
Yeah, this will do.
Many years ago I went to the bathroom and left my workstation unlocked. I came back to my desk to find notepad open with the text "aren't you a domain admin?" typed there. Nothing more needed to be said and I never have left my workstation unlocked since that happened.
psychopompadour@reddit
When I did this on the service desk years ago (went to the bathroom and left my screen unlocked),I came back to find that every picture on every website had been replaced with random photos of Nicholas Cage. Never did that again. (And it took me like 15 min to figure out how to get rid of it! Eventually realized it was a chrome plugin. I never claimed to be smart, okay)
NSA_Chatbot@reddit
Hasuko@reddit
Various work places I've been at had various unlocked station pranks. Getting Busey'd: having your wallpaper changed to a particularly crazed picture of the man himself, a department wide email stating you loved MLP, various harmless things like that.
Drew707@reddit
We Hasselhoff'd them.
vanderaj@reddit
We had a "Mr Security" email to the entire team. We made up terrific crap and posted it as the person who had left their computer unlocked. The other one I liked was using the Windows rotate screen hotkeys (control-alt-right, control-alt-left, control-alt-down, etc) to rotate the screen. It's really annoying to fix this if you don't know what they are, or using the computer sideways to open up the display control panel to undo it.
thecomputerguy7@reddit
Not my idea but it was the “I’m bringing in donuts for the team” email at a previous job. Some users couldn’t remember “lock your computer” but they learned “you’re buying donuts?” After someone asked for the millionth time.
TheFondler@reddit
My go-to is a David Hahasselhoff background.
Chansharp@reddit
my favorite was the cenafy extension. hearing the john cena theme song start blasting days later was hilariouis.
naturalorange@reddit
Back in the windows XP days where theme files where a thing someone made a monstrosity of a theme that made everything the same color pink. Text, backgrounds, shadows, windows, desktop, toolbar, start menu, dialog boxes. It basically rendered it unusable. The saved in the IT support shred drive. All they had to do was win+r and open the file.
Arlieth@reddit
At Amazon there is a company directory called Phonetool with badges that you earn for participation in various events or initiatives and your memberships in various groups. Like LGBT employees often join Glamazon. Ham radio users join Hamazon. Etc.
However, there's one group that's a mark of shame and if you're on it, YOU NEED TO REMOVE YOURSELF FROM IT IMMEDIATELY. "I <3 goats"
This means someone caught your laptop unlocked.
Frothyleet@reddit
You're not, right? Like, you're not logging into your workstation with a domain admin account?
Recent_Carpenter8644@reddit
Even logged in with a normal domain account, my computer has web pages open with admin access all day long. Dynamic locking works great.
Frothyleet@reddit
Primary threat vector isn't walkups. It's about containing blast radius; the difference here being whether an attacker (whether via an oopsy by the user or an actual 0 day) has immediate unfettered tier 0 access to your entire infrastructure, or just a single compromised computer.
Same reason you don't have GA rights on your daily driver M365 account. The difference is between a potentially impactful compromise and instant, catastrophic ownership of your entire tenant by an attacker.
JohnnyRetsyn@reddit
It was not a large company with break-glass accounts and "least privilege" ideals.... so yes, I was absolutely a domain admin with my regular ID. Mistakes were made.
I've moved on from that job.
Frothyleet@reddit
Obviously this is in your past, but to be clear, that's not at all a large company thing. I'm not talking about setting up PAWS and properly delegating different admin accounts for all sorts of administrative tasks and setting up PAM and yada yada... I'm not even talking about not using local admin on your workstation.
I'm just talking about creating "myaccount -a" for when you actually need domain admin privileges. Nearly 0 effort or inconvenience, massive improvement in security posture. It's a basic security measure.
doubled112@reddit
What else would I log in as? Just like my Azure account is Global Admin.
It's fine, this is fine. Right? Right?
Security department knows, has been told, and this is how we do it. Terrible idea, but lowers the friction in my faily life.
Frothyleet@reddit
Unless you do not have the authority and ability to make IAM changes (i.e. create separate administrative accounts for yourself), this is absolutely on you personally as an IT professional, not your security department as you imply.
But you may just be responding facetiously in which case, right!
Disastrous_Meal_4982@reddit
It is until it isn’t. 🤷♂️
f0gax@reddit
At a place I worked years ago, the penalty for leaving an unlocked PC was either having your wallpaper changed to Justin Bieber or an email being sent to the company "fun" list stating your undying love for the Biebster.
bjorn1978_2@reddit
I posted my managers car on the internal for sale pages 🤣 We had a good laugh about it some time later…
Gaunerking@reddit
Whenever this happens, we post a ‚Hey, I will bring a cake tomorrow‘ in our General Chat with the Users Account/device.
Good reminder/learning experience and Most of the time: cake 4 everyone!
flying_unicorn@reddit
My old team would send an offer to buy happy hour for the IT team.
meshugga@reddit
Well, that's kinda costly, and you guys might have caught him on the wrong financial foot. You never know.
flying_unicorn@reddit
We never expected anyone to actually buy drinks, and he knew it. He was more upset someone sent a message from his computer.
meshugga@reddit
Ah. Oh well.
Morkai@reddit
Yep, we did this but it was shouting coffees for the whole floor.
flecom@reddit
hah, we did the exact same thing but sub cake for donuts
toeonly@reddit
I like to set the desktop background as my little pony.
SuperBry@reddit
My old team had a tradition of putting messages about liking turtles.
It was funny, but we never got cake out of it 🤔
TooOldForThis81@reddit
Ha! We did something similar with a department head. We went to Amazon and added a bunch of dildos to his cart.
19610taw3@reddit
We used to send out offers to buy lunch.
Even when I work from home and I'm in the house alone I still lock the screen.
vass0922@reddit
We would send emails to the internal sysadmins group processing love for another admin.
People quickly learn not to leave desktops unlocked.
notHooptieJ@reddit
yeah, dont do this.
if they cant control their porn issue, they're going to end up in HR because a female coworker sees it.
then your ass will be in a sling for 'covering up' sexual harassment liability.
MolassesDue7374@reddit
My HR department would throw a fit about being excluded and would be no fun to work with either 😂
WendoNZ@reddit
You HR department is fun to work with? ;)
bjorn1978_2@reddit
All depending on how much they decide to give a shit about sonething as stupid as this. They might be happy to learn that soneone was given a propper spanking without their involvment.
hdjddjiieeshs@reddit
This feels like a silly idea.
If someone is stupid enough to use their work computer to browse porn are you really going to put your job on the line to protect them? Follow the process, notify your line manager, get them to deal with it by policy.
cryonova@reddit
100% the right response
cryonova@reddit
No this puts you liable for not reporting an incident that should be reported to HR. Don't put your own job at risk for random users depravity.
xblindguardianx@reddit
please do not use this advice. What if the guy was super irrational about reading the note and gets aggressive. What if their kid was the one sneaking on their computer because he has a pw post it note at his home office (that's an even bigger issue honestly). The employee would then have no idea what your talking about. Company newsletter email reminder about appropriate content on work computers should be more than enough. If it keeps happening after the non-confrontational warning then it goes to HR.
TheThoccnessMonster@reddit
This. And walk up and say it to them, no note imo. It gets the severity across and adds a bit of embarrassment for your both so they can see their actions directly caused you to have to come do this.
They won’t do it again.
OCGHand@reddit
What about users who WFH what would you use to manage end point so they don’t access pron on company computers?
c4nis_v161l0rum@reddit
This. Although some poor soil who had YT playing music is now gonna feel threatened. lol
But this is the way to go. Maybe even drop by the user’s desk if you know them and say something lien “See the email that went out today? Just a reminder.” That’s even a bit more hint of “you’re not slick. Don’t be stupid.”
livestrong2109@reddit
Now fuck that, hand it out as a printed flyer and leave 5 copies on his desk.
missed_sla@reddit
I would do this once. A second time would be an RGE.
sequesteredhoneyfall@reddit
What's an RGE?
missed_sla@reddit
Resume Generating Event
6SpeedBlues@reddit
Had an actual acceptable use policy. Get legal and HR to sign off on it, then make the employee acknowledge. After that, termination.
Not only does accessing this kind of content as significant risk to the various systems (malware and such), but they are leaving being digital markers of the company on those sites. That risks the entirety of the brand.
ram0042@reddit
Plot twist. Userbase is the sole businessowner in the homeoffice.
DominusDraco@reddit
Last time this happened I sent an email to their boss and said "I wont go into specifics, but please remind your staff that IT can see ALL websites being accessed from work devices." The appropriate person will get the message.
Z3t4@reddit
Maybe better remind them that all network use is being monitored and audited...
fresh-dork@reddit
i am tempted to say "email the guy and say to stop trying to get to pornhub on company equipment", but that's probably not a good plan.
8BFF4fpThY@reddit
Casually: "Just so you know, we can see your browsing history..."
bwrca@reddit
Or send them a direct email but make it look automated.
ineyeseekay@reddit
I would ask myself, "What's the user's role?" I could see a security or network role attempting stuff just to see, maybe...
The security controls did work. Not sure the issue... You have block lists for this very reason. Does an attempt to access a blocked site = the same as successfully visiting a site you shouldn't? In any case, a generic company-wide reminder or even just an generic reminder of policy/training to a relevant DL (secops, network, IT, whatever) and bcc the user...
TheOnlyKirb@reddit
That's what I did just the other day. This is the correct route
Mr__Ed@reddit
This is the way.
Moenbryda@reddit
I'd report it to HR just because the person's an idiot who's gonna end up with viruses on their computer from trying to visit sketchy websites.
mtwdante@reddit
If you punish everyone who does a mistake and fire them, they will never learn. You will always have new people who do this mistake.
_siilhouette@reddit
I mean this is more than simply black and white. You're not necessarily wrong, but this also opens the door to a snowball of compliance issues due to people seeing others getting away with something.
I'm sure they signed a paper upon hiring and when receiving the device. The lack of intelligence shows when they are continously trying to watch PORN on a WORK provided device even though they're being alerted it's blocked.
Look outside the box at these actions, not only is that ridiculous to try, but the fact that are still trying - - after their security software is trying to tell them "hey buddy, your network administrator blocked this content on this device" or whatever the hell their specific software states - - shows how they feel about not only doing the logical thing, but also authority.
Get rid of them.
nerobro@reddit
The big name porn sites are some of the safest sites on the internet. For your computer at least.
tankerkiller125real@reddit
They invest an absolute insane amount of money into site security and stuff. It makes sense, but it's still wild.
I think that a lot of people tend to forget that porn is often at the very bleeding edge of security, compliance, etc. technologies.
nerobro@reddit
First do accept credit cards. Nearly the first with streaming video. When was the last time you heard of the user/credit database from a porn site leaked? (I can't recall that happening.. in the last 10 years..)
They are constantly under attack, both from their own users (who don't want to pay) and from people who just don't like them.
And in the end, if people start noticing their computers work worse after visiting the site, they stop coming back. EVEN THEIR POPUPS are polite.
Adium@reddit
Maybe that’s where all the confusing in this thread is coming from. That whole industry places a very high priority on their IT needs and security, something a lot of us can only dream of
smooth_like_a_goat@reddit
...which are blocked, therefore...
Moenbryda@reddit
That's fair, my brain just went to them trying any old site when the first few didn't work.
EDDsoFRESH@reddit
Calm down 2005
hkusp45css@reddit
How about "I'd report it because if you know about and don't, it's often seen as worse than the original offense. Also, that person is a security risk. Also, that person is a civil liability risk. Also, that person is whoilly unprofessional. Also, that person has HORRIBLE executive function and values if they think this is something where the consequences are commensurate with the payoff."
PanicAdmin@reddit
you are an administrator of systems, not an administrator of people. Don't judge overlapping your morality (it's not law, it's morality) over the morality of someone else.
Don't be a prude dude.
TheSizeOfACow@reddit
"hello, is this HR?" "Yes it is. How may I help you?" "I'd like to report our network restrictions are working as designed" "...... Oooooohkay..?" "...." "...." "Yeah... I hear it now. Sorry"
PoolMotosBowling@reddit
We do not check web filter logs unless a manager requests it. Nobody has time to be nosing around what people are doing online.
Just block all the necessary categories and move on. Trust it's working.
tehgent@reddit
Redirect all of their dns to point to my little pony, and wait for the help desk ticket
donnymccoy@reddit
IF (User == Sales) {ignoreWarning = true;}
Necessary-Humor-6005@reddit
if (user.role == "Sales") {
logEvent("Network anomaly");
blameIntern();
closeTicket("User educated themselves");
} else {
forwardToHR(user, attachment="Full browsing history.pdf");
}
Alternatively, have you tried turning the user off and on again, or are they still stuck in “private browsing mode”?
// This is not advice. This is “best practice”
donnymccoy@reddit
I have travelled a lot in my 30 years and while I never dabbled in the use of company devices for extracurricular activity, one recurring theme everywhere I went was that sales always does.
Crazy-Rest5026@reddit
I think this is a conversation first before HR. Don’t need to go to HR level. But just enough to scare the fuck outta him
Psychological_Top683@reddit
I think even with the tools to safe guard protocol on not going to those sites, maybe there is an intervention on humans to do a trick that by pass that protocol my opinion.
Beginning-Still-9855@reddit
If you work in a corporate entity that is blocking porn then it is your duty to inform your line manager or whomever else you are meant to contact. A lot of comments say to be lenient, but it says in the OP that they were blocked and just kept trying - that's not accidental.
If their device has been compromised then obviously that's a different thing and will be discovered.
At the end of the day, if someone is found to be doing something really dodgy and it's discovered that you let it slide then you will be screwed.
Switch-Vivid@reddit
Freaky ahhhh employee lol I’d report it to HR! I use to show HR logs of people trying to access porn sites
After-Vacation-2146@reddit
If you want to save face, send an email from your account but make it look automated saying “due to a high volume of potentially suspicious traffic was detected from your device. Please read the acceptable use policy within 24 hours or network access will be cut off” and never think about it again. Unless it’s causing other problems, no need to involve HR. Your job is ti keep the network operating and secure. If you can get that done, then you are doing a good job. A simple wake up call is all you really need to do here.
bbbbbthatsfivebees@reddit
It happens. This will not be the last time you see it. I see it at least once a week, usually more depending on if I'm looking at firewall logs for something unrelated.
Look, your security controls worked and there's nothing more you could really do. If your company policy requires that you report it, collect your direct supervisor and proceed straight to HR without passing go and without collecting $200. Otherwise... I don't do anything about it, it's already blocked so there's no need.
DrCoffeeveee@reddit
With so little joys in life these days, just let them have it.
xx_rider@reddit
I can't see the logs, don't know what they were accessing but keep in mind that many advertisements go back to the website they are advertising.
Users can't control what advertisements are on the website they visit when they are searching for stuff. We would get this all of the time on computers in Hospitals/Dr Offices, other health services that were searching for information on health conditions/stds etc.
Tall_Reaction518@reddit
I had this happen before.
Bring it to your manager, (s)he will decide what to do.
My manager notified HR who wrote them up.
We never had repeat offenders.
ArshiyaXD@reddit
Someone in our company uploaded porn after somehow installing an using onedrive on his private notebook with the desktop sync funktion
CeC-P@reddit
Anyone with that poor of impulse control is the type of fly off the handle, have other addictions that affect their work, and cause massive problems for your company in general. It's less about what they did and more about the type of person they are. I'd report em to HR immediately.
bionic80@reddit
We had mandatory reporting requirements at a previous job. if ANYONE tripped a web filter we were to provide attempted acces time, content, and user to HR. It was all fun and games until a C level got caught out trying to use his company laptop to access porn sites
GreatRyujin@reddit
Doesn't have to be the case, but consider the possibility that they got redirected by clicking an ad.
s4_e20_spongebob@reddit
More than once and to different sites? Sus
Dabnician@reddit
a lot of the free movie/tv show piracy sites have ads that go to porn, the could have just been doing good old piracy and a rouge site sent them to porn.
Nyther53@reddit
That's still unnaceptable behaviour on a managed device and\or company network.
BisonThunderclap@reddit
And it's pretty in line with average employees in my experience.
There's some employees you could sit down and tell them with HR that this is a business device not to use for personal reasons.
And they'd still use it to start illegally streaming the latest movie at noon.
Dwonathon@reddit
I bring my work laptop home almost every weekend to hook it up to my TV and illegally stream sports lol.
BisonThunderclap@reddit
That's what my boss used to do. His managers thought it was funny to keep dismissing VPN alerts. Then somebody got the business an internet strike for torrenting a TV show.
CharcoalGreyWolf@reddit
That’s called “violation 2” in the “can include or lead up to termination” part of the employee handbook.
iiTz_SteveO@reddit
I dont care enough about a company to enforce said policies. Mister Sr. Network Engineer. Do your job and go home, drop the loyalty act to a company that would replace you on a whim.
missed_sla@reddit
Fuck the company, but my job requires me to keep the computers safe and working correctly, and you visiting those sites puts my job at risk if I don't enforce policy. So when you do finally visit that one site and ransom everything you have write access to, there will be an audit done on the EDR/SIEM to see what your computer has accessed and the history of your bad behavior being noticed and ignored will cost both of us our jobs. Nah, fuck that. I'm interested in keeping my job. You can pound your pud on your own time.
CharcoalGreyWolf@reddit
I don’t involve myself in enforcement out of some misguided idea of loyalty, Mister Jack of All Trades. I do it because then I don’t have to clean up after the next infection, breach, ransomware because enforcement kept someone from causing it..
Dabnician@reddit
too many people here want to be managers over end users instead of acting like their job description/title.
im pretty sure most of us dont have "spying on end users" as one of them.
TheNoobHunter96@reddit
But it's not your job to decide what's acceptable or not, nor should it be your worry
missed_sla@reddit
I'll nail you for piracy just as quick as I'd nail you for porn. Keep the malware shit on your own computer.
Old-Flight8617@reddit
And you can still find some TV shows on some adult content sites. Just gotta put up with the porn.
Dabnician@reddit
I just use private torrent sites, then stick those on a seedbox/plex server hosted in non US datacenters.
mccrackey@reddit
rogue*
Dabnician@reddit
its still early and i dont drink coffee anymore
Otis-166@reddit
It still coffee and I don’t drink early anymore.
digitaltransmutation@reddit
tbh have you seen the ads that microsoft pushes to their homepage? The average defaults-only user is never more than 2 clicks away from foot fetish material.
WWGHIAFTC@reddit
Just the ads loading could potentially trigger it. Depending on the embeded sources.
Brilliant-Race8606@reddit
That happened to one of our guys who was streaming normal shows on a spare laptop in the middle of the night (24/7 operations but night time was generally dead). Security camera footage and the testimony of a female coworker who was on nights with him confirmed no one was actually watching porn. Just some ads which we later blocked
brutesquad01@reddit
The dumbass user that is likely to click on a porn link is likely to click on more than one.
Trust_8067@reddit
They should never be going to a site at work that would host porn ads.
ThrowRAcc1097@reddit
Saw this A LOT when I worked IT at a hospital. Our logs would show it even if they never clicked the ad.
Dwonathon@reddit
We have it set up so when someone clears their history, it just exports it as a CSV and sends it to us, then clears the history. lol. Thats the only time we check.
Savannah216@reddit
Send a generic all staff email “recently we’ve noticed an uptick in attempts to access adult sites. These will be blocked” etc.
It will stop after that…
AnythingGuilty5411@reddit
I worked a smaller surveying company years back. A PhD single-man divorced constantly had porn on his folders masked as something else.
A tech was troubleshooting something and he saw a folder open and made me (Sr Engineer) aware. I told the tech to do heavy malware and AV scan, then wipe his entire HDD. We asked him to upload his working files to OneDrive, and just told him we were replacing his laptop.
Our job was to make sure that the system or our network was not compromised by anything he downloaded. Not judge him on what he was watching. After we gave him his new-to-him laptop, we politely suggested he not download anything non-work related as per our tech guidelines. And we left it at that. No shaming, just an embarrassing situation and people staying in their lane.
Beyond this, we’re not going to mention that we found more stuff on his new laptop a year later and let HR know. Long story story long, the guy kept his job and I believe he’s still there at the company.
nyckidryan@reddit
Friend ran an MSP, and one client asked him to drop by his house to fix a few things there too.
Apparently dad and son were into the same kind of gay porn, but neither knew what the other was doing. 😆 He didnt say anything to neither.. just cleared the malware out and installed, uh, protection. 🤣
AnythingGuilty5411@reddit
The apple doesn’t fall far from the tree as they say…
IAMA_Ghost_Boo@reddit
Sit at their desk and hone with them about life as an IT person. "Yeah our system even tells us if people try to access stuff they would only be doing at home" then look him dead in the eyes and don't blink.
mrDanteMan@reddit
Trying that on a work computer is pretty bold, it’s honestly hard to tell what people are thinking. But if it’s getting logged, it could turn into a bigger issue at some point. I’d at least pass it up to higher-ups instead of ignoring it, so it doesn’t fall on you later.
HumanInTerror@reddit
Analyzing the content filtering logs? In 2026? I think you aren't busy enough...
Ambellyn@reddit
Don't be a chicken, grab it by the horns and tell this person to stop trying to access these websites.
It's such a bs when it comes to the users side "oh someone in the company has done x thing and now we are retracting y function"
nobody1701d@reddit
Play the “No.No. No!” Dennis Nedry video
ThrillzMUHgillz@reddit
It’s explicitly defined in most policies not to attempt to join these sort of sites.
The company I work for is decent sized. But we have a small IT Team. So most of the company know us fairly well. Good relationships.
This allows us to sorta nudge and remind the person depending on the content. Something like this I’d send a friendly reminder email along the line of “remember, this device is for company use” type of thing. I’m sure he’d realize immediately. If it continues I’d notify his manager and let them take care of it. I’m sure the manager and HR would request logs.
I’ve sent a couple nudges. And it’s always been a funny/friendly reaction.
Only have I ever had to notify a manager. But the content being searched for was so bad he was walked out the door by security within an hour I made the call.
RadioStaticRae@reddit
I'm not shocked anymore, it's inevitable with the lack of technology literacy and social boundaries in today's society.
It becomes an HR issue as soon as it's noticed regardless of whether it's first, second, or more offense. If there is no human policy in place against this, then there needs to be. The workplace is not an appropriate place nor is work technology the appropriate tool.
DaOfantasy@reddit
report it before they try to get smart and install some sort of work around they found in a shady corner of the internet
descartes44@reddit
Treat this as a security risk. Porn leaves the company open to lawsuits in case someone sees them looking at it. As well, it is a waste of their time when they should be working. Assuming that your company has policies against this, you need to report it to your manager or supervisor (and document that you did). Of all the things we see on a users computer, porn and malware are not ignorable.
EstablishmentTop2610@reddit
“Hey, no judgement, but every time someone tries going to a website and get blocked, it sends us an alert.”
TheGooOnTheFloor@reddit
Tell his wife....
Revelation_Now@reddit
This is typically caused by the web browser caching urls and automatically polling them during address input. Change GPO to prevent browsers from storing history and the problem will resolve itself
nyckidryan@reddit
If it's caching URLs, then wouldn't the URL have to have been typed in to start with? 😉
redstarduggan@reddit
Not if they stumbled upon a website called "Links to avoid clicking on!"
burgersnchips87@reddit
See them in person and whisper in private that you can see what gets blocked, let them know that HR doesn't know but will do if more logs show up.
Techatronix@reddit
Send out a comms. Is this the only person that tries to access blocked websites or something? No matter how you may feel about “porn”, it would be weird to view this end user different.
gamebrigada@reddit
I've run into this before. I reported to one of my managers that so and so was downloading "movies".
His immediate response was to access and open the file I referenced. He had regrets.....
A company wide message reminding people of your acceptable use policy that strictly prohibits it, and a directed message to the individual in private generally works wonders. The individual is generally embarrassed of getting caught, and the rest of the company gets the message that their actions are not just going unnoticed.
boli99@reddit
let us know if there's a happy ending.
cmhamm@reddit
I mean, the goal is to prevent that, right?
cmhamm@reddit
We should be able to look a a little porn at work.
ManagementCommon3132@reddit
Setup a custom block page for those sites warning him IT knows 😂
HumanBodybuilder4218@reddit
I discovered a user doing the same thing. I put an anonymous note on the users desk to cut it out. Activity stopped.
bjc1960@reddit
We work in construction - we don't even look at those logs anymore. We use DNSFilter on the computers and the phones to block. OnlyFans is the big one that people try to access.
Lost_Drunken_Sailor@reddit
It’s the links in bios. You click to see if there is one, copy the OF username, search the username on Google. Enjoy.
Valdaraak@reddit
Construction leads to some funny things with site blocks. "Hey, can you unblock this weed company site? We're pursuing a job with them and need to look into the company."
bjc1960@reddit
So far no one has said "Only Fans" is a site to order generator & compressor repair parts.
2cats2hats@reddit
Put down the hammers to watch 'em get nailed.
ThreeHolePunch@reddit
"What were you doing in the port-a-potty so long, Dave?"
"Watching an informational video on how to lay pipe!"
derscholl@reddit
What the helly
bjc1960@reddit
Some of the offenders were in leadership roles, oddly.
derscholl@reddit
That’s hilarious
sinisterpancake@reddit
Same in manufacturing. One of our sites is notorious for having no cell signal so the end users are granted special usage for their phones on the wifi in a locked down vlan so they can answer phone calls/teams messages/emails/etc. I'm not sure we would have any employees left over there if we took action on the volume of attempted adult site access logs.
texags08@reddit
Same. I saw stuff in the logs day 1 of filter. Thought cool it’s working and went on with my day.
Think in my case it was mainly guest WiFi / phones.
gunsandsilver@reddit
It’s an executive, right?
I was sys admin for a small company and one of the owners had this habit. Popped up in the security logs frequently, and during business hours.
JynxedByKnives@reddit
Not sure why your shocked people do this all the time. Especially as they age and get older and the company doesnt push them out.
Unless theres a strict policy. I would probably dismiss this and if it becomes reoccurring. Give the end user a gentle reminder that he’s getting flagged by the system.
Most places have dns filters in place to block these and social media sites at the front door.
CookedNoods@reddit
idgaf. I'm asked to put filtering in place. The scope of that filtering is defined by corporate leadership. When I've accomplished that my involvement ends. I care if users are trying to access malicious sites because that is something I'm responsible for but as for them accessing content management doesn't like that's management's problem.
budlight2k@reddit
I guess I seen this and i gave a subtle hunt to the user that I do see the firewall looks and what they look at. Then i move to send snips to their manager, then I report it to security or HR.
fraiserdog@reddit
Report to your manager and go on about your day.
LowIndividual6625@reddit
Story time.... 20 years ago and I'm working helpdesk for a large international firm.
We had a "talking head" Economist - a guy who would appear on all of the shows on Fox or CNN or MSNBC to give opinions on the economy. He was very well known and well liked.
I get tasked with replacing his computer and while migrating his files I uncover a massive collection of nude images and this dude had a type; he was into the pale, red-head "Irish chick" sort of look.
The kicker - his office was full of photos of his daughter.... a young, pale red-head.
Recent_Carpenter8644@reddit
Interesting. Given that red hair is inherited, I wonder what the chances are that his wife looked like that too.
hornethacker97@reddit
Men who watch porn either actively seek or actively avoid stuff that looks like people in their lives. He was definitely perving over his daughter.
drcygnus@reddit
walk up to them, ask to speak to them privately. "hey man, we know what kind of websites you are trying to go to. knock it off". is they do it again, get with HR
Dryja123@reddit
Ran into a similar situation except the colleague was able to find content that could get around the filters. Reported it to my supervisor and went about my day.
FireFitKiwi@reddit
Basic reminder email that internet fair use policy also means the sites visited or attempted is logged. Privately advise HR verbally that this is due to an uptick in questionable activity and let them decide on next steps.
Shadyman@reddit
Sorry.
In all seriousness, if it's a work machine, you may try forcing a virus scan, malware scan, and check startup apps remotely. Some malware just open various porn sites 🤷♂️
filip89@reddit
A mobile slop game company my wife worked for had HR send company wide emails to everyone asking them nicely to stop watching porn in the office, multiple times over the course of half a year while she was still there. AFAIK nobody got fired or even repremanded, and nobody was singled out, it was vague company-wide writing, I guess they were still doing their job so they let it slide? To be fair half of them played WoW, CS:GO or Dota in the office for a couple hours a day too so... guess it depends on management?
Personally, I would not report until someone gets called in to replace a broken sticky keyboard.
I have a friend that works in business management economics bullshit (I don't really understand it) but in the evenings when working from home he would have a spreadsheet on 1 screen, and porn on the other, just as background noise, so apparently people do that.
ilyas-inthe-cloud@reddit
definitely report it to HR. this isn't an IT decision to make, it's a policy/legal one. you don't want to be the person who knew and didn't escalate if it turns into something bigger later. document the logs, send them to HR, and let them handle it. your job is to flag it, not to judge it or decide what happens next. the last thing you want is to be sitting in a meeting six months from now explaining why you saw it and did nothing.
rose_gold_glitter@reddit
We have a guy at work caught watching porn on a work machine multiple times. There's accusations he did more than just watch, too.
We couldn't figure out how he was getting around the various prevention methods until we found out an IT employee (now ex) was helping him (and others) by removing restrictions, adding vpns etc. I have suspicions that he helped him access much worse than consensual, adult on adult, material but the moment I tried to investigate the IT person in question "accidentally" wiped the device.
He's still employed because our management is unbelievably weak and ineffective. Not the IT guy - he doesn't work here anymore but for other reasons, because again, even a breach of your role that serious wasn't enough for management to act.
In fact, our director told me to leave it alone and stop going on about it, and that "sometimes guys just need to blow off steam" and I wouldn't understand (I am a woman). I haven't investigated his traffic but he made us remove all restrictions from his devices years ago.
Own-Slide-3171@reddit
Hr issue if you have a policy if not go to your boss and see if he wants to inform his manager
TAL_047@reddit
So your first instinct is to tell on his boss? I know it's a weird subject but come on, if he isn't doing it on the job then just give him a heads up that work equipment isn't for that.
JustNilt@reddit
At the vast majority of employers, doing it on work equipment is by definition "doing it on the job", though.
TAL_047@reddit
....so many users bring their work laptops home
JustNilt@reddit
That changes nothing about the basic reality of acceptable use policies.
DoctorOctagonapus@reddit
If anyone outside of HR should be laying down the law with the user, it's their line manager. That's who they report to, so that's the first person who should be speaking to offending users.
I can't speak for all employers, but many disciplinary policies say that for offences that aren't gross misconduct, the first stage is an informal warning from the manager.
AnonEMoussie@reddit
Definitely the way to go. Your boss -> HR -> include employees manager, and let them decide what to do.
Veenacz@reddit
When we got a website blocked e-mail from ESET, we would check the site and send the user a private e-mail saying that ESET blocked a malicious site and we would ask if the site was work-related so we could put it on a whitelist. They knew we knew, nothing was public, never happened again with the same user.
linoleumknife@reddit
Did ESET not show the user a blocked message?
At an old job we rolled out website blocks through Sophos, but the users got a warning that the site was blocked and had been logged. It made it obvious that porn sites were blocked and we never had to say anything to anyone. They all got the hint that they were going to have to use their own devices if they wanted to spank it. (We did send out a notification about the website blocklists but you know how people tend to ignore those emails)
Veenacz@reddit
ESET just had a small toaster notification and people ignored those all the time. We didn't block porn with a web filter, just had the threat protection on to remediate threats.
mcmatt93117@reddit
Back in the days of machine operators running jobs on our mainframe, worked 3x8 hour schedules so were there 24x7.
They were the only people, ever there from like 8PM-6AM (obviously occasionally an exception, but only IT and facilities had access - data center was in the basement, so 98% of people couldn't get in there during the day either).
Yep. Pulled quite a few DVDs out - think they assumed that we wouldn't be able to see since it was just a DVD. And we couldn't (nor would we really have cared) but man they were bad about leaving those DVDs in there.
And when you'd carry an actual CD to boot UBCD or the like....yep.
tokolos@reddit
Either he signed some form at some point since being employed saying he wouldn't do that, with associated possible repercussions for such action, OR he didn't and there are no repercussions. Shock has nothing to do with the issue. Only. Written. Policy. Matters.
tobrien1982@reddit
Higher ed here. You think people could be mature but noooo. We don’t block anything but staff are given talks to by lovely Susan in HR.
Student network is a cesspool. One could pick up something just from the logs.
kiddj1@reddit
I would just ignore it..
Who actually cares what the end user is doing unless is actually affecting something..
I found a user doing this once and I just gave them a heads up that every bit of traffic is monitored.. I don't need to tell on them.. why would I potentially wanna ruin someone's life over a 2 minute hand shuffle
atomic_jarhead@reddit
I would spend weeks in HR if I reported every time someone tried to access porn. I look at blocked sites but the solace in that is I can see what they aren’t getting into. Then I look at allowed for weird sites. Onlyfans was registering as a social network so it was getting through…until I blocked the site specifically once discovered.
I also block personal VPNs as well for those that think they are getting around the filtering.
auiotour@reddit
I stopped checking these logs. Hard to not look at someone in office differently when they Google shit like hair tranny midget porn. I mean I am all for people enjoying what they want, so long as no harm to others, but I worked with this girl for 3 years and it never left my mind when I saw her.
As others stated, friendly reminder to all employees.
Comunisto@reddit
Found some really weird places on the internet thanks to this kind of event.
n0shmon@reddit
I like to give them a few days of trying to access before sending a message similar to
Every time except once the logs have stopped with no further communication in either direction
derpman86@reddit
Laugh and tell everyone else on your team so they can laugh too.
Your controls are working and old mate probably has figured out there is no way to get pr0n outside of their phone.
If it keeps up either escalate or have a private word.
AnomalyNexus@reddit
Get HR to add it to onboarding training.
Many year back when I was a green joiner to workforce during an onboarding HR had a slide that was literally a screenshot of access logs during laptop handover...here is what IT can see when you browse porn, we've fired for this before, don't.
The screenshot part is crucial. It's not enough to communicate "devices are monitored"...that doesn't translate well for people. Somehow you need to convey...no its actually line by line detail IT can see fuckin everything.
TAL_047@reddit
Jesus Christ, please ignore everyone on the comments section. If possible give a heads up to the guy that work equipment isn't for that.
Redditors are weird, and people are humans. We all make mistakes, even trying to access porn on the work computer. No need to get him written up or even fired for something like this (unless he's doing it on job premises, now that's fucked up)
RabidTaquito@reddit
No. This user is elevating risk to our systems and network by intentionally visiting sketchy porn sites on a work device in the work network. Fuck that. That very much makes it a problem for me and he deserves to be written up. It's not godsdamn hard to not watch porn at work.
vogelke@reddit
Exactly right. A mistake is when you screw up your checkbook, and an accident is when you fall off your skateboard. This idiot is risking a system other people rely on.
TAL_047@reddit
Nah, it's on you for not installing anti virus on their system lol.
Trust_8067@reddit
If you're that dumb in a white collar job where you don't have the professionalism or brains not to look up porn at work, you deserve to be fired.
IslandHistorical952@reddit
Yeah, this whole comment section is mental. If I reported everyone in my company who had questionable websites in their history, I would be the office pariah in a week.
Dabnician@reddit
Some system administrators are really nosey, they just cant stop spying on users every opportunity they get.
Others are really controlling and like to dictate manager policy with the shroud of IT.
The web filter did it's job that should have been the end of it, unless OP actually had a reason to be looking at what users were access during work they are just getting off on spying on people.
chriscrowder@reddit
I've seen enough in my career that I don't want to know anymore. I just do my best to block you from accessing it.
Dabnician@reddit
i find that i see enough with out going to look for it, if im actually working.
the only time i end up having to deal with nosey admins is when the senior sr admin got tired of working on the same project for 3 months.
you can always tell because while you might start with "oh no you found what?" as the first response the next one is usually "why were you looking in that system to begin with".
In this example why was OP even in the web filter logs? were they actually in there to trouble shoot something being blocked when it shouldnt have been or were they just spying on the user because they were power tripping or in a protected age group?
Cloudraa@reddit
maybe they get an alert for repeated detections on the same asset? idk
IslandHistorical952@reddit
Why would anyone spy on users? My whole setup is structured to get as far away from users as possible ...
Dabnician@reddit
Being in the "protected age group" is one reason, not actually working is another, im too busy working to go into the web filter and spy on what is getting blocked, if i see something i dont need to monitor i turn that off to cut the spam out of my logs.
SikhGamer@reddit
You don't do anything.
You don't KNOW anything.
How do you know it is the ACTUALLY the user?
Or maybe some is playing a prank?
Or maybe they got some malware and it slipped past.
Focus on what you know, not on what you think/assume.
digitaltransmutation@reddit
We don't do anything for blocked requests unless the user says the block is a business problem. Same as how we dont investigate every email that ends up in the spam filter. There's just too many for it to be worth the effort.
I do have an executive summary of blocked categories and count and usually mention that ads and crosslinks generate a lot of blocked requests. Somebody checking sports scores will download a bunch of gambling advertisements and this counts in the filter, but that doesn't mean they are gambling.
Altruistic-Map5605@reddit
I once had a client who was complaining of bandwidth issues. After some digging we found a single user watching and downloading porn all day. 8-12 porn 1-5 porn. Every single day.
Turns out it was a C level employee who was best friends with the owner.
The client was below him and was panicked about what to do. He didn’t want to confront the person.
I told him we will just block the porn without telling him. what’s the worst he could do? Ask for his porn back? If he had that level of balls he deserves to have it.
He never asked for the porn back.
TimoWasTaken@reddit
Ping him.
Hi, I'm the network guy in charge of the WebFilter. So, just like burglar alarms... even if you can't hear a siren, the alarms go off and notify the responsible parties. I'm the guy that gets those alarms and you keep waking me up out of my somewhat intentional ignorance. I don't really want to get involved in HR kinda things, I'm a computer guy and I like my little cube quiet, but there are monthly reports, and sometimes the executives read them... so I'd stay off them. So anyways. Nothing on the internet is secret. Nothing.
Thanks. Enjoy your week and sorry to have to send you this.
Odd_Material_1930@reddit
Just send them an email:: “We see what you do on your computer. Bring doughnuts to IT department by 5pm or everyone in your contacts will see as well”
Free doughnuts!
DoctorOctagonapus@reddit
I can see that backfiring in a very bad way. I really wouldn't do this
Odd_Material_1930@reddit
It’s a joke in the form of a common sextortion. Can’t believe I have to explain this on this sub.
RedHal@reddit
Email:
"Dear Horndog,
As a (this time) friendly reminder, sites you attempt to visit whether you are successful or not, are logged and visible to us.
Do with that information what you will.
Regards
The IT Crowd.
P.S. Have you tried switching "it" off?
SirLoremIpsum@reddit
Depends on your team.
If it was a very casual work place I might just walk by the persons desk and "dude. Don't".
If it's a more corporate, professional environment you should have a policy in place and throw it up the chain.
But also like... if it's being blocked it's being blocked right? Do you actively monitor who is trying to access blocked websites?
Well it's gonna happen again! Try putting PCs in a warehouse or something haha.
MormonDew@reddit
Turn off notifications for content violation and only report to HR if required. Nobody has time to babysit web browsing.
dlongwing@reddit
This is one of the reasons I avoid checking those logs. There's information about my users that I absolutely don't want to know. I block the category and move on.
As for what to do about it?
Kind: "Hi folks, we've had some recent ticket submissions about the firewall web filter. As a reminder, we have security systems in place that monitor all internet traffic and block certain categories (hacker sites, adult entertainment, social media, etc.). If you believe we're blocking content in error, please submit a ticket to tickets@domain.com and we'll take a look."
Unkind: "Hey HR and UserXManager, UserX has been flagged as attempting to access pornography from their work machine in violation of the employee handbook. I can provide logs if needed, but out of respect for UserX I would prefer to keep the details on a strictly need-to-know basis."
BOFH: Set up an A record on your DC's DNS to repoint the porn sites to an internal webserver. Host a page there that says something like "UserX, you do know we monitor for this stuff, right? Technically I'm supposed to report this to HR..."
MolassesDue7374@reddit
Sounds like your filter is working.i guess I'm not sure what kind of org you are and that might influence my course of action short of a school..
I'd just leave it be.
If you can query the rest of that person's web history it might be a good look at things you need to block. If you find those it might be worth talking to them but if your filter works they haven't technically accessed what they shouldn't have.
I came into an org that wasn't used to having an IT dept. I put up some up region blocking via up and DNS filtering. For longest time I had a user that would unsuccessful try Facebook every day. About three weeks till she gave up.
dnsfilter@reddit
It takes three weeks to make a habit.
Elensea@reddit
The fact that you are shocked is more shocking.
maximumtesticle@reddit
Dude, right? For some people the only computer they have is the work one.
FarmboyJustice@reddit
One unique solution to this problem was used at an office my wife worked at a long time ago. Every week they published a list of all the websites that had been blocked by the firewall, including which computer accessed them.
InfraScaler@reddit
Just updated your block messages saying these blocks are reviewed by human operators :)
DoctorOctagonapus@reddit
"All internet usage is logged and may be monitored" is a reasonable enough thing to have on a block page.
Mayki8513@reddit
I once put the message "You know I get notified every time you're blocked right? please don't make me embarrass you in front of your team, do you really want to be the office perv? think your boss wants to have this conversation? just stop. you get one freebie, if I see your name again it's going to HR and your manager"
only ever got the 1 attempt 😅
ProfessionalEven296@reddit
Unless you're in charge, this is not your job. If your company has procedures, follow them (if you're blocking content, there should be a procedure behind that specifying what's blocked, why, and the disciplinary procedures related to that).
If no procedure, report to your manager, and let them decide how to approach it. It depends on the category of sites, of course - i.e, if they accessed that site from home, would it be illegal or not. The user isn't getting to the sites, so there's no liability on the company, but failing an internal procedure, my approach would be a quiet comment from a manager that it stops here and stops now. No need to bring HR in just yet.
troy2000me@reddit
Then who's job is it? LOL. Who else would see the attempts? They should have a written policy in place for what to do if this kind of activity is detected.
It's certainly not IT's job to reprimand or whatever, but it is their job to report it to their boss, or HR, or whatever the policy says.
ProfessionalEven296@reddit
Sort of, exactly what I said. The person who spotted the log entries isn't the same person who should be talking to the user.
f0gax@reddit
Very little shocks me when it comes to user behavior.
I've encountered:
dinominant@reddit
I recall a case where microsoft search autocomplete was the cause of some problematic online queries. It could also be exactly what it looks like.
deja_geek@reddit
Follow your companies IT and HR policies. Don’t go outside the lines, last thing you want to do is end up jobless for protecting someone else’s porn habit
King_Tamino@reddit
We had smt like that with a site about wine, basically the same user was trying to browse every morning a bit there and shop. It originally came up because some parts of the site got flagged (ads) and blocked. We blocked the whole site one evening and didn't mention it. A while later during small talk, I let it slip through that we now and then have to block stuff because people are supposed to work (chit-chatted regulary with that specific user(s)). Never came up that I meant them but pretty sure message was recieved
xpkranger@reddit
Lol, I think the partners would riot if we blocked all "non-work" sites. Like Reddit for instance... But Facebook, X and the other have been gone for many years.
mdervin@reddit
1) Do you know the user in question?
2) Is the user cool? Is the department cool? Does the user have the ability to make your life better?
If the answer is more or less to these questions, just take a walk by his office and say "Hey Buddy, be a little more careful next time.
sup3rmark@reddit
and if you're going to give him a warning, do it verbally and not in writing. if the situation escalates, you don't want him saying "but i got this note from the IT guy so i figured i was fine."
chum-guzzling-shark@reddit
People underestimate how being nice (or just a normal person) to the IT guy can benefit you. If you are cool, i might just ignore it and hope the giant block pages scared you enough. Happens again, unofficial warning of some sort like you mentioned.
You're an asshole? Report to HR immediately
DDS-PBS@reddit
Yup, this. I have had users damage equipment through great stupidity and they get all worried. If they're nice I just tell them "we're cool, just try not to do it again".
music2myear@reddit
Or "Hey buddy, never on any work computer or device."
fonetik@reddit
I'd take this step too, but if you're going to pretend to know this user's internet traffic, you should take a closer look at everything that passes the filter as well. If it's 1% porn and 99% sports blogs, there's a bigger issue.
Make it clear that you're not a hall monitor and it's not your job to do anything, but this also sticks out like a sore thumb.
(This person is now your IT guinea pig for any user or computer account changes you need to test since you know he's not doing anything important on company time.)
acolyte_to_jippity@reddit
what's your block page look like? is it a generic "You cannot reach this page"? or does it explicitly spell it out like:
"Access to this website is blocked due to company policy. Block reason: Adult Entertainment/Pornography. to submit an exeption request which will be copied to both IS Security and your Manager to discuss"
If you believe this block is in error, or you require access to this web resource, click
Squeezer999@reddit
maybe he has a virus on his PC
Fireguy9641@reddit
If you have leeway in your company policies, I'd schedule a virus scan with the user telling them their computer has been detected accessing those sites.
If it happens after the virus scan (assuming it was clean and not actually caused by a virus) then it goes to HR.
pablo8itall@reddit
Send an email to the user saying that there might be malware on their device as a number of suspicous sites were flagged from their machine.
Ask them to run a AV scan etc.
Really its just a warning for them to wise up and you can see what they are up to.
machacker89@reddit
this is Brillant and doesn't draw any attention to the user.
blow_slogan@reddit
Hello, welcome to IT. Nothing shocking here. Pornhub is a top 50 app in pretty much every network you'll manage.
deadcatdidntbounce@reddit
Q1: Does the user outrank you?
fastlerner@reddit
Unless you have policy and procedure that require getting HR involved, then web browsing reports are typically an "only when requested" type of thing.
If that's the norm, then you might tighten up the verbiage of the block banner so that rather than a generic "page not found" or "website blocked", they get a warning that explicitly calls out that the blocked activity is automatically logged and reported.
Ill-Error-9962@reddit
If you don’t report it you are also guilty. It’s not up to you to make HR decisions and is bad judgement. Yes, this completely sucks. I’d hate to be in your situation.
Plus the offender made at least one awful decision, what other dumbass stuff will they do if they are free to roam the hall.
tf9623@reddit
To totally save face for the user (I did this a couple of times) is walk up their desk and say "Hey Joe your machine may have been hacked as we're seeing porn and gambling and various prohibited sites being requested and we know that's not you. If I can take your machine I need reimaged just in case." So they save face and they will never never do that again.
Own-Grab9423@reddit
we saw this with chrome sync turned on, so the history would sync from a personal device they were using/logged into
arkaji@reddit
that one egg was forty eggs?
polYtoXX@reddit
Jesus Christ - SysMoralityAdmin God - I love my company: Chef: Take good care of company stuff and data !!! Do what you need to do, as long at the end of day - your work is done !! -> Yes, sir 🫡….count on me !!!
OpenGrainAxehandle@reddit
If you find something illegal, report it. If you're just privy to people being people, learn discretion.
You're really not the police. Unless you are specifically tasked to report all policy violation that you come across, you just do your job; put security measures in place according to policy, and do your best to ensure that they work as intended.
cdoublejj@reddit
it wasn't someone on the team demoing the firewall was it? i'm guessing you know who the user is.
shemp33@reddit
here’s how you handle this.
In the blocking note, put a comment “you have accessed a site that is not currently in our web filter. We have automatically submitted this request for adding, which will be reviewed by HR for inclusion in our whitelist to prevent blocking in the future, thank you very much.
S_Mahina@reddit
Worked in a SOC at a MSP. We saw alot of users go to an Instagram models private site or similar type traffic. Why people do that at work idk, but from the MSPs standpoint it primarily came down to was there a policy that company had and what did the contract say we should do regarding policy violations. I get it if your team wants to let it slide and hope they got the memo and save everyone the embarrassment and paperwork, but it may not hurt to brush up on what your companies documentation says you should do, should your team decide to take action. In short if you take decides to take action your not knarking on them to HR, you are following a written policy and protocol that likely the user signed something saying they knew what that policy is.
JMeucci@reddit
First thing I would do is verify the site they're going to is actual porn and not a false report.
Second thing I would do, if the above is still a positive result, is contact your manager and let them make the decision on the next step. Give them URLs and timestamps.
Your job is to find, verify and report issues.
shemp33@reddit
And don’t spend a half day deciding - lol.
bjorn1978_2@reddit
Tell the user that he will be placed in an open office hellscape with low dividers if he keeps up the porn habit.
oichie_uk@reddit
I had this once, I set up a custom 404 that told “Brian” he was being naughty. Worked like a charm.
PapaDuckD@reddit
Is this like everyone's first day or something? Lol.
Welcome to normal.
TheStig827@reddit
I think the timestamps of their attempts are going to tell a story here:
after 5p: General reminder to the company that content filters are in place and to keep to work work focused content on you work issued machine.
8-5?: IMHO, a more direct hr action should be suggested.
shadeland@reddit
One of my friends is former military. He told me a story about a guy in a guard shed (it wasn't him).
One night on base, this super-new guy was on guard duty. Been in for less than a year maybe? He's like an E-1. It's a secure base, yadda yadda.
Dude is bored and horny and on a DoD computer at the guard station, goes to a couple of porn sites. He doesn't even try to do it on his personal phone or anything.
Of course it's detected and he went to the bad sites that try and download all this malware. I'm sure that computer was burned.
Guy avoids a court martial I think, but barely, I think because he owned up to it. They realize he was just young, dumb, and horny.
jpv1031@reddit
Tell him that's what his iPhone/Android data plan is for....
bjc1960@reddit
I am not dismissing the adult website concern at all. I know why users are going there.
My bigger concern is, "why is a user blocked from a domain that is 2 days old?" We block domains under 30 days old, so if a user is hitting a 2 or 5 day old domain, what was that user doing? Though I have build a website within two days of getting a domain, as we are a small company, that is not typical behavior for legit businesses. It takes them two months to get their act together but hackers have all the scripts.
Aeterice@reddit
Had to get my team taken off these policies 😅, works fine until we start selling pentests to adult sites .. can’t test it if we can’t access it
Commercial-Virus2627@reddit
Is it actually “them” browsing or did someone install a way to forward traffic from their machine? It’s not likely but it’s also not impossible.
Zolty@reddit
You might reach out and ask the user to validate the findings of a scan. Go on the computer and talk to them while running a scan. Say something like "A lot of times these are false alarms or someone clicks the wrong button. We have to follow up on every one when someone goes to a bad site. At the end of the day we only care if there's a complaint but if there is a complaint it gets serious.
oh you're computer looks clean, have a good day. "
That gives them a warning, reminds them of the consequences.
lynnewu@reddit
If you have no published-and-enforced relevant policies, and it's the first time, and the site is vanilla-legal, you might send an email that says something like, "Hey, have you noticed any weirdness with your computer? The firewall is complaining about some incoming web traffic and we're not sure if maybe Windows is messed up or what. Let us know, ok?"
My experience is that one of these messages results in the problem never happening again with that user. We tell them up front, "we are not your nanny, but we do have policies regarding certain types of web content and we expect you to behave accordingly". Seems to work reasonably well and reduces certain difficult HR-based interactions.
mmertens21@reddit
Had a similar issue where I work once. We did report it to HR, but not any specifics, just that a user had tried to access content that violated the company Computer Use policy and was blocked, so as far as HR knew it could've just been Facebook or some other social media we block in the office. So they just sent out a copy of the policy and a reminder that work computers are only supposed to be used for work.
xb4r7x@reddit
Personally, I'd privately reach out to the user and let them know some inappropriate web activity was detected, and that you kindly ask that they not do that anymore, and that if it's detected again you'll need to get HR involved.
RikiWardOG@reddit
what does your written policy state? That's what you do.
LastTechStanding@reddit
Assuming they have a policy… I mean they asking for help on Reddit
RikiWardOG@reddit
Yeah I was being intentionally obtuse. Basically, if there's nothing written down you do nothing. You get approval and add to handbook and have users sign it, then at next violation you follow that guidance.
KingStannisForever@reddit
This could be links in emails - spam or worse. And your colleges might be opening them...
100% sure not something went through?
Erhan24@reddit
Block the URLs if it's not allowed, else ignore. You see a lot of weird things as security and have to be discrete.
Sorry-Rent5111@reddit
On this one you follow your company policy to the letter. If no formal policy ask your Manager. If you have no direct superior then what you need to consider is there any blowback for you if it is discovered you didnt report a company violation.
If small informal company then approach user and tell them to knock it off or you may he forced to report.
We filter but we do not report on findings in logs to HR or Management. On occasion we are asked to pull so Management make a case to terminate or in a couple of cases the cops.
So in closing do your job but don't snitch for the sake of snitching.
Anonymous1Ninja@reddit
Just explain it to them
Worldly_Ad_3808@reddit
So… you’re new to having access to those kinds of logs and activity to review then? When the week has been a long ass year at work, we lighten the mood on Friday afternoons (assuming there’s no management in the office) and do an audit on what stupid shit our users have been trying to see this week… the results range from hilarious to down right terrifying. It’s not just that they are trying to see it though but also the titles of the people who were looking cause how in the hell did you get that job being so stupid as to try and look at this stuff on a company machine on a company network? Dummies. The whole lot of them.
TheLatmanBaby@reddit
Whilst I was an IT field engineer, one of the network team once caught a teacher, a fucking TEACHER, looking up “schoolgirl porn” on a classroom pc.
This was duly presented to the council who
He claimed he was “testing the web filters”. This was 20 years ago and he is still employed today.
The dude was a total weapon and unioned up claiming we fabricated the evidence (despite the fact he initially told us he was testing the filter), which consisted of server logs, Cisco web engine cached images linked to his account as well as the pc monitoring software that was in place.
This software screen shotted the nonce browsing to it, it also caught him somehow bypassing the web filter.
He totally looked like a child molester, walked like a pervert too.
NightMgr@reddit
Porn isn’t part of your job?
The_Wkwied@reddit
What's the point of blocking it? Because you don't want them to view this content on company devices? Fine. Blocking prevents them from viewing it. It is working. Are they bypassing the filter? Regardless, someone showing up on the filter for many different sites warrants a closer investigation to see if they are bypassing the filter somehow.
But, if the content is blocked, and they aren't bypassing the lock, I would not think to raise alarms. Sending out a 'please only use work computers for work stuff' message to them, or the whole org, may be wise. Then if they keep it up, to let them know.
But honestly, if the filters are working and aren't being bypassed, I don't think anything needs to be done by IT at that point. The filters are working.
Evening_Plan_2302@reddit
A man can't even goon on his lunch break these days smh /s
Likely_a_bot@reddit
I tried to access porn multiple times at work. I was testing the web filter rules, but it was an exhilarating game of Russian Roulette.
War_D0ct0r@reddit
Why is this even a question? If your company has a policy, follow it. If it doesn't have a policy escalate that immediately. It people shouldn't be getting these reports, they should be going to HR.
nezroy@reddit
Yeh except, there's different ways to escalate. The correct way is to go to your boss/manager with something like "What is our policy if our blocker detects someone trying to repeatedly access blocked resources?". It is NOT "ZOMG USER X KEEPS TRYING TO LOOK AT PORN LOL"
Lv_InSaNe_vL@reddit
We don't give HR direct access to logs like this because my HR department is full of the exact characters that reddit thinks HR is made up of and will absolutely go after employees because they are bitter ugly people.
OP might be in the same boat. We send HR just the stuff they ask for and nothing else.
Nnyan@reddit
Exactly.
ImCaffeinated_Chris@reddit
My favorite is when they put their personal phone on company guest Wi-Fi and think that's not logged. Oh Linda, we know your dirty habits. Not judging, you go girl.
Frothyleet@reddit
Really? You guys new here?
What do your policies say? Does your AUP say "no porn?" Is it your responsibility to be monitoring and reporting on this kind of behavior?
If not, there's nothing really to do. Your controls worked, employee wasn't doing anything illegal. Your manager may want to talk to HR about sending out some company policy reminders.
gkalmbach@reddit
Can you see the URL? These could be ad networks and embeds and not a user going to adult sites.
Fender_Stratoblaster@reddit
> It came to a shock to us all that someone would be trying to do this on a work machine
Really?
burundilapp@reddit
Quiet word to the user, if it's not illegal activity then employee first, then manager, then if it's causing an actual IT issue or presenting a security risk then HR, otherwise it's just inform the manager and it's then their problem.
Due to the type of work we do we have people trying to access all sorts of sites, could it potentially be a user trying to do something related to something in their role?
devonnull@reddit
So what you're saying is....they didn't finish.
mccrackey@reddit
"No c**, no crime" is what I always say.
chum-guzzling-shark@reddit
its a popular saying for a reason
MethanyJones@reddit
I usually look at the user's helpdesk ticket history. That helps me decide whether I report it to anybody. Ask your co-workers questions about their experiences with them.
If they've been abusing my team then it's worth reporting.
baw3000@reddit
They were blocked, who cares? We're not the morality police.
andocromn@reddit
I got a ticket once titled "please disable the porn filter" I of course followed up to find out which site they were actually trying to access since it came from a C suite. It was actually porn. The investment firm invested in a porn sites.
Cartman1972@reddit
Talk to him, keep it under the radar. If he continues his behavior you still can report him to HR.
ranggull@reddit
First time?
Yeah, it happens a lot. I mean, a lot a lot. I got tired of having the conversation and just went to the VP of tech and said that I don’t want to have to keep reporting people when they get blocked from accessing pron. It’s an HR issue. Our content filter is working. Something that I’ve found is that some ad loadings will register as pron navigation. So if someone is on some shady website and it loads an add for a pron game or pron adjacent site, the content filter will report the device as attempting to access a pron site. Just keep blocking the sites. What are they going to do? Complain that they can’t get to it?
Whenever someone asks to unblock a site, I tell them that they need to put in a request with the URL and business justification and CC their manager for approval. The results are almost always pretty comical
heisenbugtastic@reddit
We have a team that has to look up parts on the Internet. They hit porn sites all the time (usually toys and type, but plenty of just full blown porn). Had to get them polarized screen covers in office. Sometimes there are legit business reasons.
spartacle@reddit
In my past place of work there was a lot of travel of employees and our CISO was contemplating having a list of known and safe porn sites for employees, i left so not sure if that was implemented or not
TheEvilAdmin@reddit
"It came to a shock to us all that someone would be trying to do this on a work machine."
Really? lol. I've seen people put topless women as their desktop wallpaper. Employees are dumb.
I would monitor it for another day (maybe, depends on my mood that day). if it continues, send a report to their manager.
BertAtWork@reddit
I'd report it to HR. If they are dumb enough to do this, what else are they doing that you're going to have to clean up later. I mean once, maybe let it slide, but repeated attempts...
SpiceIslander2001@reddit
We had something similar happen at my company a few years ago. Turned out that the user's PC was compromised. You might want to consider having your security team contact the user and alert him to the fact that your systems detected that it was being used to access porn sites and it was possibly compromised, and act accordingly from there.
Basically,, treat it as a breach of security, which it just might be.
GreenWoodDragon@reddit
I worked at a charity many years ago and as part of my work as a sysadmin installed SquidGuard to monitor and filter web traffic.
It was generally boring until I spotted dodgy traffic from a machine in the reception area. A volunteer had been browsing the murky side of Yahoo Groups. I raised it with my manager who had the chat with him and the guy left soon after.
Gawdzilla@reddit
Bless y'alls hearts. Bless them forever and ever.
paishocajun@reddit
Hey now, let's not break THAT out yet. They're young but at least they have those sites blocked, better than "we got compromised because someone went to xxxgrannysmashers.gilf.ru and the Russkies are holding the domain for ransom"
Gawdzilla@reddit
The naivete depicted in the original post is 1000% appropriate for deployment of a "Bless your heart". It is not said with malice or condescension, but recognition that the Blessed is going through an unfortunate moment (that we're all familiar with) largely caused by their inexperience and/or lack of perspective.
But it's a thing they have to go through and so we have to let them discover the joys of Other People.
It's a blessing of consolation that still allows the discomfort to be experienced, but it's necessary.
Murky-Throat-694@reddit
First of all make sure you got the right user.
A long time ago in a galaxy far away we suspected a user of doing this. He alleged that it was the user on the next desk over, that when he stepped away, would frequently move to his computer. We checked out the suspected user's explanation with security footage based on internet usage logs, and sure enough, we had a desk hopper. He was fired.
WhatThePuck9@reddit
This happens all the time
Proic13@reddit
this reminds me of my internship days, i recall one of the tier 1-2 techs called me over and told me to go to one of the mid level manager's offices and do a "virus scan" with our scanner, explained that the computer may have been infected with a virus and to double check. as my senior explained "he probably clicked on an AD banner that redirected him to an adult site and it trigger our sensor"
thinking nothing of it i did as i was told, when the manager asked what i was doing i explained my purpose there as told by the senior tech, it took a while because i was told to do a "full system scan not a quick scan". we didn't find anything but i was told to tell him to be careful of those advertisement banners as they may redirect you to undesirable sites.
wasn't until years later now that when i became a tier 1-2 tech myself i realized, i can see exactly what sites they were going to, what they were typing.. we didn't have the budget for that "sensor", he didn't have a virus, the guy went to a porn site and this was the IT's way of office-politiking, of letting them know without calling them out on it and to knock it off with that. his "punishment" was a full scan that took awhile to complete. he couldn't do anything while we wait for the scan to complete thereby delaying his workload, this flew over my head until years later when i became the tier 1-2 tech, it was his encouragement not to do that again.
Easy-Task3001@reddit
Many years ago I was working on our web filters and had to take them down for an hour or so to upgrade them. We didn't tell the uses about that and put them into bypass mode so they had complete and unrestricted access to the web.
I was watching the logs and saw a couple of porn hits and mentioned it to the CIO. He didn't care too much so I continued to monitor. As the upgrade went on the 10's of porn inquires turned into about 100 so I again mentioned this to the CIO. He asked me to trace it back. Most of them were coming from one IP address. I found that it was hitting a wifi access point and found that the name of the devices was "Sarah's iPhone". The CIO asked me who Sarah was and I told him that Sarah didn't work on that floor near the access point but that her husband Craig did.
We both headed up to Craig's office and told him to knock it off. He denied it but also shut off his phone and suddenly most of our porn hits went away.
The names used here were NOT changed and Sarah divorced Craig a year or so later. I don't know if it had anything to do with his porn addiction. I didn't trace back the URLs to see what Craig was into and I didn't care.
BrokenPickle7@reddit
I remember my first helpdesk job someone from the maintenance dept called about their keyboard not working and the entire time you could hear a woman getting her cheeks clapped in the background. They just had porn going on the other workstation like it was nothing.
Then last year we were working on a big project and I had a vendor on a teams call. We were waiting for an install to complete when the vendor says "I'll be right back" then mutes himself then it unmutes right away and we hear a woman say "oh yeah come on just stick it in" then starts moaning wildly. I heard the vendor guy say "oh shi-" then muted himself again. Oddly enough no one else said anything.
DarthJarJar242@reddit
You say we. So this is no longer a you decision but presumably a department decision. That means it needs to be by the book. To cover your asses. Figure out what the acceptable use policy says, consult with your manager on how to handle it and let it be handled from there.
benuntu@reddit
In the past, I've sent an email like this to the user:
"It appears that some inappropriate sites were trying to be accessed from your workstation. If this was not you, please let me know and we'll have a complete antivirus scan done on your system."
That usually stops the behavior, and if not then it's time to report it to their supervisor and/or HR.
mabhatter@reddit
I like this it's very diplomatic without directly accusing anyone of wrong.
Ideally, they get the hint that you can monitor their usage and they don't do it anymore.
I think a second step might be to push a generic "acceptable company use policy" to everyone and let a bit of peer pressure nudge people into behaving... without you specifically having to be the tattletale.
Musicatto@reddit
It’s also a risk management issue. Not everything gets blocked, so if they have an image on the screen that someone sees and feels is offensive it could become a harassment claim against the company.
Flabbergasted98@reddit
officially, we report it to hr.
Unofficially, if I like the person, I take him aside and I let him know that our firewalls log all web traffic and he should take a moment to consider what that means and why we might be having this conversation.
SpudzzSomchai@reddit
This for the most part. I am high enough up the food chain to pull someone aside and tell them unofficially. I let them know the next one goes straight to HR.
Everyone is allowed a mistake once.
countsachot@reddit
Why do anything?
satsuke@reddit
As others have said, follow your companies policy.
If you are in a decision making capacity and want to go the extra mile, look at the access immediately preceding the block.
Eg did they click a link that reduced m redirected to someplace unexpected or did they type in a url?
I’d like to think most people know not to attempt to access that kind of thing on someone else’s computer .. but then again
draggar@reddit
I've had this in the past. The first thing I do is make sure they are accessing that and it's not just a shady ad feed (which can work their way into sites).
If they are accessing that, here's the kicker, you know about it so you're compliant if you don't report it. When I noticed it I did my due diligence and let my direct supervisor know so they could handle it (IIRC the person ended up having a meeting and a warning from HR about it - they're still employed with us).
I look at it this way, a lot of these sites had shady scripts and ad feeds and if something happens, and it comes out you knew about it, you can get into trouble for it, too. I'd recommend letting your manager know (if they don't already) and let them handle it. If you are the manager, you may want to consult with your security officer (if you have one).
The good news is that your web control is working. The bad news is that the end user continued to try to access it (even after being told it was blocked).
ZeeroMX@reddit
If the software or device that does the blocking does not have an option configured to send an alert to HR or anyone else, then there is no need to report it to anyone, blocking works as expected.
If there was a reason to have all those incidents reported, then the blocking tool would have that option configured to automatically send a report to all the people who need it.
MeatPiston@reddit
Tired and boring: Reporting abnormal web traffic to management.
Wired: Rig a transparent proxy to append ‘ inflation rule34’ to the end of all their web search queries.
WindowsVistaWzMyIdea@reddit
This should be called to the attention of HR immediately. As someone who's had an employee on my network that was involved with material involving children, I don't mess around with this. Accessing porn puts the company at risk. Another employee could be exposed to it now you have a suit, these types of websites are notorious for malware and other harmful things, and of course the underage material is of particular concern. I've learned over my years not to trust people that can't control their urges during work hours. I don't hesitate one second when an employee is going to sexually explicit material from company resources. Homie don't play dat!
5erif@reddit
At this moment there are 120 comments, and it looks like none of them realize this is an April Fools joke. Who knows, maybe some know but are playing along? Either way, well played, OP.
thereisonlyoneme@reddit
If you like the user, contact them in a side channel. If not, report it to HR.
Tandom@reddit
Can you anon call them? “Hey John, this is Bob in IT. Just a friendly reminder that we can see …every… site you go to and …..attempt to go to.”
Samatic@reddit
If you're the IT manager then I would meet with that person and say I'll let you off the hook this time but if seen again your being reported.
Fritzo2162@reddit
I've been doing this for 30 years and have seen this quite a bit. My advice: be a bro about it. Don't make a big deal about it. Just contact the user directly (phone call is best), tell them you're being alerted to inappropriate content being accessed on work equipment, explain the security risks you have to deal with when that happens, and just tell them not to do that anymore. 99% of the time the user will be scared straight and never do it again. Never bring it up again, and everyone is happy.
If it happens a 2nd time, that's when you have to get firm. People make mistakes, people do embarrassing things when they think they're alone, and it's human nature. If the behavior doesn't change after they realize they're being watched, that becomes abuse.
NW3T@reddit
This is a people issue, not a tech issue, if it's an issue at all.
If the employee is not completing their work, and the managers investigate and find they were looking at porn instead, it doesn't really matter what they were doing - work wasn't getting done, they're in hot water.
If the employee is getting all their work done well, the managers really shouldn't care if they're getting off on bathroom breaks or lunch.
From an IT perspective, as long as the user isn't downloading things to run on their work laptop, or uploading sensitive company data - why should we care?
Professional-Elk6109@reddit
So ideally report it to the HR, they will take it forward, he can clearly see its being blocked but still trying to access, that says something about him
I have been in your position, it might someone who is addicted to it
Not good for the office environment.
TAL_047@reddit
So you'd like to get fired for this? Since you've been in this position. Wouldn't you like for the IT guy to give you the talk instead of your boss?
BankingAnon@reddit
I have gotten someone fired over this, took it to HR directly with evidence. We are a customer facing org, so if someone is trying to access that on a corp machine and a customer sees that, it’s reputational damage.
TAL_047@reddit
This is entirely different, yes I agree in this case
Professional-Elk6109@reddit
I have been in the IT guys position, if it wasn't clear
First of all its stupid to access porn on a corporate system and i guess he wouldn't be blind to see its being blocked and still trying to access it
Almost every companies IT usage policy mentions these stuff that are prohibited
TAL_047@reddit
Lmao "First of all it's stupid to access porn on a corporate system"
Tell me you haven't given user support without telling me you haven't done any user support...
Do you have any idea how tech -blind some users are?? I'm sorry, I actually find it hard to believe you've been in this position. Either you were very lucky or had a small user base
Professional-Elk6109@reddit
REALLY!!!!
So for you employees being Tech Blind is the same as them accessing PORN
Wowww....Looks like you haven't worked in an MNC
TAL_047@reddit
.... Being tech blind by them not realizing there are policies put in place by blocking certain websites and that IT can see who tries to access them? Yes it's the same my guy. This is dark magic for some users, you really have no idea of many people ignore everything "IT" and try to stay away from it as possible
PowerfulDiet7155@reddit
Uh straight to HR. This isn't an IT conversation.
ride4life32@reddit
Honestly first step is really just to make an announcement basically just stating that work computers are monitored and to only do work related stuff on them blah blah. Then if it happens again it's really up to hr at that point. You give the info to HR from there they do what they need to. Should be out of your hands at that point.
ultradip@reddit
"I was just testing the filter!"
Expensive_Plant_9530@reddit
This is no longer your responsibility. Write up a report to your boss and hand it over.
Ideally your boss then takes it to HR or the users direct boss and they decide what, if anything happens from there.
This is a management issue, not an IT issue. The IT components (web filter) did their job.
reubendevries@reddit
If no policy, send an email letting people know your monitoring their internet traffic.
solarplex@reddit
On the other hand, there was an administrator who found out that when the user would search with Bing, that a bunch of porn queries would happen then as well.
Recent_Perspective53@reddit
Is there policy, if so is an HR issue. No policy, side convo, politely tell said person you've seen these logs and request they stop or you'll be forced to go to HR next. Not wanting to involve HR, follow the second option stating this is a polite request to stop.
Not sure why this is a hard question.
tuttut97@reddit
Sometimes ADs will do this. I would talk to the user or maybe if you don't already put in some ad blockers.
Sweet_Mother_Russia@reddit
It’s surprising to you?? lol you must be new to IT.
GrimmRadiance@reddit
Unless you have a policy to report these types of things to HR, then I would tell your team lead or manager and let them make the decision. That way you can’t be held accountable for keeping it to yourself.
Lemonwater925@reddit
Couple of scenarios.
I created a block page that included the username, IP, and local date time. Added a cookie to change the message for X number of attempts in a 24 hour period.
Message stated that all access was flagged and maintained for 7 years.
That dropped the number of users attempting.
Brua_G@reddit
So the user knows it gets blocked but doesn't realize IT can see the repeated attempts.
dopey_giraffe@reddit
I synced my chrome profile by accident once, which synced like 150 porn videos. Good times
Asleep-Bother-8247@reddit
Go to HR. We had a lot of this come up when we switched over to Palo Alto last year. We suddenly were able to see multiple people accessing porn while on the VPN on their work PCs. Everyone signs off on the employee handbook that includes acceptable use of technology. We did our diligence to ensure it was legitimately them accessing porn sites and we sent it to HR, who then terminated the people. One was a contractor and one was a young kid out of college who had started less than a week prior.
I cannot fathom what would posess someone to do this on a work PC, and especially when working from home. Use your fucking cell phone if you need to jerk it THAT badly during work hours.
-King-K-Rool-@reddit
"MailTo: All@corp
Good morning everyone! IT would just like to remind everyone that we are notified each time you attempt to access restricted websites. Please refrain from preforming non-work related activities such as streaming services, social media, and more on work devices."
The dude watching porn will know exactly what "and more means", nobody else will.
No_Yesterday_3260@reddit
This needs to be adressed - If they end up finding a way around it, getting through, it makes the work machines vulnerable from viruses etc.
Inform your manager (or whoever is above you), inform of the situation and risks and have them handle it from there.
Thisbymaster@reddit
Your company should have a policy, if it doesn't have a policy, then note that down. Document that lack of policy and report that.
it4brown@reddit
Good morning "User" -
Our web filtering software has detected and blocked repeated attempts to access websites that are not appropriate for the workplace.
(Include date/times/URL evidence here)
This is a reminder that it is against company policy to use company-issued devices for non-work related activities. Future attempts will be referred to Human Resources for remediation.
Thank you and have a great week.
---
Make sure to CC their manager and BCC HR to CYA.
wowsomuchempty@reddit
Bcc HR is a bit harsh. First email no bcc, no cc.
it4brown@reddit
Not harsh if there is an established policy with consequences.
smb3something@reddit
Depends on whether or not they were on the clock at the time.
rdldr1@reddit
This has to be an HR issue that needs to be reported.
robotbeatrally@reddit
I know him personally, he's a good guy. autofill changed the thing he was trying to type. I saw it happen.
LGP214@reddit
Also be aware that DNS prefetching can cause false positives as well
extraspectre@reddit
Came here to post this. If some site has an embedded tracker or something it could be a false alarm
medicinaltequilla@reddit
I've scrolled reddit so much from work that I can see the "this page blocked" (usually an image from some sub) by my company even though I never opened anything directly.
medicinaltequilla@reddit
Honestly: don't do anything. Let them learn it's not possible. Why be the hall monitor unnecessarily.
throwawayskinlessbro@reddit
First time?
mr_lab_rat@reddit
Depends on the size of the company and who’s responsible for what.
I would get the machine scanned for malware and let the user know the computer usage policy (and that there were attempts to access sites outside of the policy).
This way he knows we know. He can still claim it wasn’t him but malware.
Is it a job for IT rather than HR? Not really but the machine should get scanned anyway, there is the minuscule chance of this being caused by malware, so might as well help the dude out.
That’s what I did in this situation. Was pretty funny to see the guy sweat 😆
juggy_11@reddit
This is an HR issue and not an IT issue.
StarkillerWindu@reddit
Talk to the guy: a. Giving the guy a head's up probably takes care of this issue. b. After hours? If he's not on the clock then he just has to be informed that his web activity is tracked. c. Malware? If he didn't know then it is possibly malware
If there is a policy on this then this becomes an HR issue so better to handle it like the above, but CYA if there is a policy and let the appropriate people know how it was handled. Or if you weren't able to handle it then you have to do what you have to do
justarandomuser10@reddit
How amazing is to have the power right? It’s no biggie. He got horny, it’s not like most of us here never tried porn on work device.
Nnyan@reddit
In all my years I can count on one hand the number of complete idiots that tried to access porn at work. Anyone so oblivious to this is certainly a red flag and not a “no biggie”.
OP follow policy, report tho up the chain.
justarandomuser10@reddit
The sites are already blocked as far as I understand. But if OP is a corporate Jesus of the year like you, by all means report it straight to HR. :)
Nnyan@reddit
I like how you go to extremes but ok. You do you.
wardedmocha@reddit
I am not surprised at all. It happens a lot. Unless your company has a policy on this, my policy would be unless it is CSAM or suspected CSAM. Why does it matter? Yes its a company device, the protections that were put in place worked they did not access it, they just attempted to access it. So why does it matter?
Witty_Formal7305@reddit
Depending on your company policies / industry, as long as its just regular porn, i've seen most places take this as a sign to send out a friendly reminder about acceptable use of company technology / networks and that they're monitored by IT & can result in disciplinary action etc etc.
Unless whoever is doing this is a COMPLETE idiot, usually they get the message and knock it off.
agarr1@reddit
I used to word somewhere that the directors where constantly on it and used to get us to copy external hard drives full to pass around to friends. Absolutely zero shame or awkwardness.
Looking back god knows what was on there if we had bothered to look into it properly.
Personally it depends on where your working, in most places I would send an email out generally to reminding users ALL web traffic on company systems is monitored. If they dont take the hint pass it to the higher ups. Where I am now it education so that would throw in the bin and it would be straight to their boss.
InevitableOk5017@reddit
I would be more concerned the machine may have a virus don’t always assume someone is doing something bad. Your security software worked and is alerting you to investigate further. It also could be they are dumb and letting someone else use their computer or leaving it unlocked. Also hr is not your friend avoid them at all costs.
blueblocker2000@reddit
I would send them a care package of wet wipes, cigarettes and sports drinks, along with a card that simply says "We know.".
sryan2k1@reddit
Super common. Talk to HR, this isn't your job to police.
badaz06@reddit
I'd ask your boss for direction. is there a policy? Do you actively monitor for this or was it something that just caught your eye? Who else knows?
I'm not into the whole Big Brother thing in the least, however if there a potential where I could be in trouble for not reporting something, c'est la vie Joe User. On the flip side is, now that you can see who is going where, what additional expectations will there be? Are you going to have to monitor everyone for going to porn sites? Or alcohol/gambling/gaming sites?
thebeardedcats@reddit
Not your place big dog. You're the security police, not the morality police.
BadSausageFactory@reddit
Make sure they're not browsing to another site that's then throwing the popups. I worked at a place where we had to explain to a manager that popups show as a visited site in IE history.
HeligKo@reddit
Most people just see a computer as a computer, they don't think like we do about them. It is super common to have people misuse company equipment. Just follow policy, and move on. Most places policy would be report to supervisor. HR might need to be notified. In the environments I have worked which are heavily regulated or government we would also open a security incident.
itsbushy@reddit
We had a user a couple years ago asking for help deleting stuff from his company phone that was filled with porn. I don't think it was ever reported. I can't tell you how many scandals I heard about during my sysadmin time but the stories I have could literally take down the CEO of my company along with many of his friends.
Degora2k@reddit
...
code_monkey_wrench@reddit
Awkward situation.
What is your department policy for this? If you don't have one, it seems like a good time to draft one.
Otherwise where do you draw the line? Are you now responsible for monitoring and reporting all content violations? What if you don't monitor consistently or happen to notice every violation?
You already put a system in place to block content. I think you need to determine if this is enough or if someone needs to monitor violations.
unstopablex15@reddit
I bet its a guy. When I worked at a MSP, we saw some vice president level employee watching porn on their work computer via our RMM
CeldonShooper@reddit
I guess someone came from it tho.
unstopablex15@reddit
lmao
doitroygsbre@reddit
I dunno. I would probably start with a message to them saying that IT noticed attempts to access porn sites from their computer, ask them to check their system for any programs that might be causing the issue, offer to help verify their system is secure, and remind them to lock their system whenever they aren’t using it.
And take it to HR if they don’t take the hint.
largos7289@reddit
Depends on how you want to handle it. if it's getting blocked and they are not getting to it, then i really don't see the issue. It's one of those no harm no foul things, It should just stop on it's own. I mean unless someone requests the logs to review, well then it's still out of your hands.
LeeFrann@reddit
Mans trying to goon, let him be
thenewguyonreddit@reddit
I would have a private conversation with the guy and let him know that this came across your desk and that while it’s reasonable to assume a one-time fluke could be an ad redirect from a website, if it continues you will have an obligation to report it.
$5 bet says the problem fixes itself immediately.
Miserable_Pear_6940@reddit
Man if you know the guy id pull him aside and tell him to stop. I hate to see anyone lose their job, but if he’s just some user I think you need to report it It’s definitely an HR violation and potentially a security risk.
What was he looking at anything good?
kidmock@reddit
In the 1990s, our helpdesk was manned with 3 shifts on shared workstations. I once stumble upon porn being accessed by the lone guy on the third shift.
I just sent him a message that said "I know you get bored on the night shift, but cover your tracks better"
There was never another problem
fester250@reddit
Email to user should look like “hello I am a hacker and have been watching your saucy attempts” etc…
Include bitcoin wallet details.
Profit.
Tx_Drewdad@reddit
My question is.... what are they doing that the filter isn't catching?
Definitely needs to be reported up.
KillingTime1212@reddit
HR. If the employee sucks , this is their way to terminate.
Boatshooz@reddit
Was this their computer trying to access these sites or was it their mobile phone? I’d handle the two cases differently.
GroundbreakingCrow80@reddit
What's your policy for company laptop use and what's the procedure for violations?
thebetterbeanbureau@reddit
Message the user? "Bro, come on. Stahp". It's a simple thing to do.
SchizoidRainbow@reddit
If they had self control they’d have waited until they got home
Mister_Brevity@reddit
Just a thought, once or twice I’ve seen the same and it was an extension the user unknowingly added to the browser trying to get free music. Dumb. Not as dumb as porn. Was part of a (failed) byod experiment so we didn’t have browser management. Covid was fun times :/
Thundahead@reddit
have a quiet word
ConstructionSafe2814@reddit
idk. Depending on the relationship you have with the co-worker, you could discretely let him/her know?
Either way, not an IT issue IHMO.
cl0ckt0wer@reddit
email them the logs
GullibleDetective@reddit
Hr issue...