Jamf Nation Community

Eyoung · ‎04-28-2016

There is a cheating service for membean users that logs minutes on the site automatically. Needless to say, the faculty here are not pleased about this. I have found the most popular culprit in the chrome store (Smart membean) and blocked it via chrome management (we are a google apps for education customer) unfortunately the same kids using a cheat will figure out how to create a non school profile on chrome to keep the extension running.

so.

I know its possible to create an extension attribute to find this sucker and set a policy to kill it.

the extension is here: ~/Library/Application Support/Google/Chrome/Default/Extensions/jkcddaachlfakophhkhafbenfnjpfaeh

looks like the "jkcdd..." string is the name of the extension. My scripting chops stink, anyone care to take a crack at this?

any help would be greatly appreciated.

thank you.

thoule · ‎04-28-2016

You want to find that path and kill it if it exists? I don't have Chrome, but it would look like this, assuming your information is accurate. To just find and report, comment out (add a # sign) to the rm line.

#!/bin/sh
#Todd Houle
userList=`dscl . list /Users | grep -v '^_'`

CHEATERLIST=()
for oneUser in ${userList[@]}; do
    echo "Scanning $oneUser"
    if [ -f "/Users/$oneUser/Library/Application Support/Google/Chrome/Default/Extensions/jkcddaachlfakophhkhafbenfnjpfaeh" ]; then
        CHEATERLIST+=($oneUser)
    rm "/Users/$oneUser/Library/Application Support/Google/Chrome/Default/Extensions/jkcddaachlfakophhkhafbenfnjpfaeh"
    fi
done

if [ ${#CHEATERLIST[@]} -eq 0 ]; then
    echo "<result>No Cheaters</result>"
else
    echo "<result>Cheaters:"
    for oneCheater in ${CHEATERLIST[@]}; do
        echo " $oneCheater "
    done
    echo "</result>"
fi

<insert standard disclaimer here>

View solution in original post

thoule · ‎04-28-2016

You want to find that path and kill it if it exists? I don't have Chrome, but it would look like this, assuming your information is accurate. To just find and report, comment out (add a # sign) to the rm line.

#!/bin/sh
#Todd Houle
userList=`dscl . list /Users | grep -v '^_'`

CHEATERLIST=()
for oneUser in ${userList[@]}; do
    echo "Scanning $oneUser"
    if [ -f "/Users/$oneUser/Library/Application Support/Google/Chrome/Default/Extensions/jkcddaachlfakophhkhafbenfnjpfaeh" ]; then
        CHEATERLIST+=($oneUser)
    rm "/Users/$oneUser/Library/Application Support/Google/Chrome/Default/Extensions/jkcddaachlfakophhkhafbenfnjpfaeh"
    fi
done

if [ ${#CHEATERLIST[@]} -eq 0 ]; then
    echo "<result>No Cheaters</result>"
else
    echo "<result>Cheaters:"
    for oneCheater in ${CHEATERLIST[@]}; do
        echo " $oneCheater "
    done
    echo "</result>"
fi

<insert standard disclaimer here>

Eyoung · ‎04-28-2016

thank you. If I am reading that right. once I get rid of the rm command I should be able to create a smart group based on an extension attribute created with that script for reporting.

thoule · ‎04-28-2016

You can create a smart group where Extension Attribute 'is not' 'No Cheaters'.

This whole thing assumes that the name of that Extension is static. And that it's just a standard file there. If either of those are untrue, the script needs to be modified (the if -f line).

Eyoung · ‎04-28-2016

gotcha. as far as I can find the extension looks to use that oddball string. I would be willing to bet when its revved it gets changed though. But I should be able to tag a bunch before any changes at the very least.

thank you again.

mm2270 · ‎04-28-2016

@Eyoung Just curious, but is it a requirement to allow students to install Chrome extensions? Or even Safari Extensions? If not, one thing I'd consider is pre-creating the ~/Library/Application Support/Google/Chrome/Default/Extensions/ directory and completely locking it down, making the directory owned by root, changing the permissions to something like 700 and setting the immutable flag on it. Possibly even hiding it in the Finder too for good measure. This would, I think, prevent any Chrome extension installations, since it would try to put them into that folder and it won't be able to. I can't be 100% certain about that, but I did something similar for Safari Extensions as a test once and it prevented any Safari extension installs. So it may work the same for Google Chrome.

If you do need them to be able to install extensions, but just not certain ones, then you'd need to stick with the EA approach to report on what's installed and then take appropriate corrective actions.

Eyoung · ‎04-28-2016

I have not seem issues with most extensions, (ad blockers etc...) This one is a pretty blatant cheating tool so it gets the ban hammer. As a bonus it costs 1.30 so that'll annoy the little cheaters when it goes away :-)

thoule · ‎04-28-2016

@Eyoung I see you are not too far away. You may want to attend our JUG meetup May 23rd. Not that we're talking about this issue, but just spreading the word. https://jamfnation.jamfsoftware.com/userGroup.html?id=96&view=info

Look · ‎04-28-2016

If you want to block installation try the following...
Remove the directory and place a zero k file in the same location, Chrome will error out when you try and run it.
If you get this file in place before they install it will prevent installation, perhaps prepopulate the template user with it.

sudo touch "/Users/$THE_USER_TO_BLOCK/Library/Application Support/Google/Chrome/Default/Extensions/jkcddaachlfakophhkhafbenfnjpfaeh"

bpavlov · ‎04-29-2016

Theres a way to block extensions via a config profile for Google Chrome. Do a search on JAMF Nation for more info. Here's one quick discussion on it:

https://jamfnation.jamfsoftware.com/discussion.html?id=13887

http://www.chromium.org/administrators/policy-list-3#ExtensionInstallBlacklist

Chris_Hafner · ‎05-03-2016

A thought for edu's:

We (Brewster Academy) went through this type of thing recently. A number of students were found to be using a multi browser userscript addon called TamperMonkey. In regards to the rest of my post, I am NOT familiar with "Smat membean" and so won’t talk on that particular extension. We also created a similar EA to find each of the four versions of the TamperMonkey extension found on users computers (via chrome, safari and Firefox). We chose to have our faculty speak with each suspect student (as Membean also provided us with a list of suspicious students to compare against our EA).

For our part, we ENCOURAGE students to explore ethical add ons and applications for use within their own learning environments. For this reason we've specifically NOT removed or blocked these features, but as mentioned above, had our faculty advisors speak with each suspect student. For those that were trying to cheat, this method was much tougher than actually completing the simple Membean assignment. With any luck they learned something about technology AND that we (BA IT/Faculty) know when they're doing stuff like that. Then we gave them an opportunity to uninstall the extensions on their “honor”, which was tracked by our EA of course. While a few students needed further engagement, 21 of them were able to provide good examples of how they were using this add on to further their own educational process (generally in the web development sphere).

Just an additional experience, since the original issue posted here has been solved ;-)

@thoule @Eyoung I'll see you all at the next meetup.

Jamf Nation Community

Finding Smart Membean chrome extension