Asklemmy

My school had a web filter to block YouTube and various other sites that they didn't want students to go to. On the block page, there was a "report site blocked incorrectly" button, as well as a password override for admins to do a one time bypass.

One of my classmates registered a domain that all it did was log the IP address of whoever visited it. He then attempted to visit the site from class, it was blocked, and he clicked the report button. Later on one of the IT admins reviewed the report to see if the site should be unblocked or not, by visiting the site. My classmate then had the public IP address of the IT admin.

This IT admin must not have been very good, because he had a password unprotected, open, telnet port pointing to his computer. So we were able to telnet into his PC and poke around. He had an Excel file on his desktop with the web filter override passwords for every school in the district. That Excel file was promptly shared to as many people as who asked for it and we thought wouldn't rat us out.

We gloriously had unrestricted Internet for several months before the teachers caught on. We were told that anyone who used this password would be found out, and that the school was going to have a "volunteer" community service day for 4 hours on Saturday, picking up trash around the school. Anyone who attended would be pardoned for using the password, anyone who didn't attend and who was found out for using the password would have been "punished" (very ambiguously defined). I did not go to the volunteer day, nor was I punished in any way. I do think that it was just a bluff and they didn't have good enough logging to tell who actually used the password.