How to ban certain website?
05 December 2006, 10:58 AM
#1
Scooby Regular
Thread Starter
How to ban certain website?
In the new year our firm has decided to tighten up on internet access.
As you can see from my post count, I'm guilty of spending too much time on SN and not on work.
So, what do we need to be able to block some websites. Must be pretty secure because last time we used Windows to block sites, I was bored one quiet afternoon and found a work-around.
I've got to block all the forums I go to, hotmail (MSN is deleted from machines anyway) and those dodgy sites with little games and things on.
If it makes any difference we have a small network of 6 machines just using XP Pro. No posh networking software.
Ta
As you can see from my post count, I'm guilty of spending too much time on SN and not on work.
So, what do we need to be able to block some websites. Must be pretty secure because last time we used Windows to block sites, I was bored one quiet afternoon and found a work-around.
I've got to block all the forums I go to, hotmail (MSN is deleted from machines anyway) and those dodgy sites with little games and things on.
If it makes any difference we have a small network of 6 machines just using XP Pro. No posh networking software.
Ta
05 December 2006, 11:09 AM
#2
Scooby Senior
iTrader: (1)
Join Date: Nov 2000
Location: Wildberg, Germany/Reading, UK
Posts: 9,706
Likes: 0
Received 73 Likes
on
54 Posts
I am no expert but surely a proxy server will do the job for you or you could reconfigure your fire wall to not allow traffic from certain websites, you will be able to contact them but the firewall will block the content returning to your browser from the blocked site, thsi may be the easiest way round it.
05 December 2006, 11:09 AM
#3
Scooby Regular
Join Date: Feb 2004
Location: High Wycombe
Posts: 3,763
Likes: 0
Received 0 Likes
on
0 Posts
The cheapest & simplest way is to edit the hosts file on the local machines.
on 9x machines it needs to be created in c:\%windir%\
On 200x machines its in C:\%windir%\system32\drivers\etc
Basicly the local "hosts" file overrides any DNS lookups for any domain - so pointing a domain to "localhost" just stops you getting out.
My example hosts file for use on employees:
Simply create a file called "hosts" with no file extension (like .txt or whatever), open it with notepad and add your sites.
on 9x machines it needs to be created in c:\%windir%\
On 200x machines its in C:\%windir%\system32\drivers\etc
Basicly the local "hosts" file overrides any DNS lookups for any domain - so pointing a domain to "localhost" just stops you getting out.
My example hosts file for use on employees:
Code:
# Copyright (c) 1998 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP stack for Windows98 # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 127.0.0.1 ebay.co.uk 127.0.0.1 www.ebay.co.uk 127.0.0.1 signin.ebay.co.uk 127.0.0.1 search.ebay.co.uk 127.0.0.1 cgi.ebay.co.uk 127.0.0.1 autotrader.co.uk 127.0.0.1 atsearch.autotrader.co.uk 127.0.0.1 listings.ebay.co.uk 127.0.0.1 ebay.com 127.0.0.1 www.ebay.com 127.0.0.1 hotmail.com 127.0.0.1 www.hotmail.com 127.0.0.1 hotmail.co.uk 127.0.0.1 www.hotmail.co.uk 127.0.0.1 www.zoom.co.uk 127.0.0.1 zoom.co.uk 127.0.0.1 www.channel4.com 127.0.0.1 www.channel4radio.com 127.0.0.1 www.autotrader.co.uk 127.0.0.1 autotrader.co.uk 127.0.0.1 www.bigbrother.co.uk 127.0.0.1 bigbrother.co.uk 127.0.0.1 dealerdirectory.autotrader.co.uk 127.0.0.1 news.bbc.co.uk 127.0.0.1 bbc.co.uk 127.0.0.1 www.bbc.co.uk 127.0.0.1 www.thesun.co.uk 127.0.0.1 thesun.co.uk 127.0.0.1 www.dailymail.co.uk 127.0.0.1 dailymail.co.uk
Last edited by BlkKnight; 05 December 2006 at 11:18 AM.
05 December 2006, 11:20 AM
#5
Scooby Regular
Only problem with that is if they find out the IP address of say news.bbc.co.uk, they'll still be able to connect to that website. We did something with our DNS servers to with limited success.
Getting a proxy software like Microsoft's ISA or Websense is the most fool proof solution.
Getting a proxy software like Microsoft's ISA or Websense is the most fool proof solution.
05 December 2006, 12:20 PM
#6
Scooby Regular
Join Date: Feb 2004
Location: High Wycombe
Posts: 3,763
Likes: 0
Received 0 Likes
on
0 Posts
If the users are being that sneaky as to use the IP they deserve a bollocking!
You could always route the IP through 127.0.01 as well. . .
2003 server . . with 10 cal's £700 +/-
ISA server with 10 CAL's £500 +/-
Box to run it on £500 +/-
Websence (50 user minimum) $1,850.00
Bit excessive for a 6 user company!
I've just installed fedora 6 with squid & squidguard to block unwanted sites here. Installed it in text mode on a P3 850 with 512 ram - does the job.
You could always route the IP through 127.0.01 as well. . .
Getting a proxy software like Microsoft's ISA or Websense is the most fool proof solution.
ISA server with 10 CAL's £500 +/-
Box to run it on £500 +/-
Websence (50 user minimum) $1,850.00
Bit excessive for a 6 user company!
I've just installed fedora 6 with squid & squidguard to block unwanted sites here. Installed it in text mode on a P3 850 with 512 ram - does the job.
Last edited by BlkKnight; 05 December 2006 at 12:23 PM.
05 December 2006, 04:45 PM
#7
Scooby Senior
iTrader: (1)
Join Date: Nov 2000
Location: Wildberg, Germany/Reading, UK
Posts: 9,706
Likes: 0
Received 73 Likes
on
54 Posts
Originally Posted by BlkKnight
The cheapest & simplest way is to edit the hosts file on the local machines.
on 9x machines it needs to be created in c:\%windir%\
On 200x machines its in C:\%windir%\system32\drivers\etc
Basicly the local "hosts" file overrides any DNS lookups for any domain - so pointing a domain to "localhost" just stops you getting out.
My example hosts file for use on employees:
Simply create a file called "hosts" with no file extension (like .txt or whatever), open it with notepad and add your sites.
on 9x machines it needs to be created in c:\%windir%\
On 200x machines its in C:\%windir%\system32\drivers\etc
Basicly the local "hosts" file overrides any DNS lookups for any domain - so pointing a domain to "localhost" just stops you getting out.
My example hosts file for use on employees:
Code:
# Copyright (c) 1998 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP stack for Windows98 # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 127.0.0.1 ebay.co.uk 127.0.0.1 www.ebay.co.uk 127.0.0.1 signin.ebay.co.uk 127.0.0.1 search.ebay.co.uk 127.0.0.1 cgi.ebay.co.uk 127.0.0.1 autotrader.co.uk 127.0.0.1 atsearch.autotrader.co.uk 127.0.0.1 listings.ebay.co.uk 127.0.0.1 ebay.com 127.0.0.1 www.ebay.com 127.0.0.1 hotmail.com 127.0.0.1 www.hotmail.com 127.0.0.1 hotmail.co.uk 127.0.0.1 www.hotmail.co.uk 127.0.0.1 www.zoom.co.uk 127.0.0.1 zoom.co.uk 127.0.0.1 www.channel4.com 127.0.0.1 www.channel4radio.com 127.0.0.1 www.autotrader.co.uk 127.0.0.1 autotrader.co.uk 127.0.0.1 www.bigbrother.co.uk 127.0.0.1 bigbrother.co.uk 127.0.0.1 dealerdirectory.autotrader.co.uk 127.0.0.1 news.bbc.co.uk 127.0.0.1 bbc.co.uk 127.0.0.1 www.bbc.co.uk 127.0.0.1 www.thesun.co.uk 127.0.0.1 thesun.co.uk 127.0.0.1 www.dailymail.co.uk 127.0.0.1 dailymail.co.uk
Trending Topics
I won't tell 'em if you don't.
05 December 2006, 05:01 PM
#9
Scooby Regular
Join Date: Nov 2000
Posts: 1,227
Likes: 0
Received 0 Likes
on
0 Posts
Either:
a) buy a router that has built in website blocking (many of them around)
b) buy a super cheap pc <£200 and put ipcop on it and use that to override dns queries much as BlkKnight is describing but centrally
c) Install a free version of PowerDNS PowerDNS - A modern, advanced and high performance nameserver on your machine and get everyone to relay through it for dns resolution then add entries to restrict dns resolution centrally as BlkKnight described.
It all depends how much you have to spend, how secure you want it and your level of networking knowledge.
Good luck,
Jules
a) buy a router that has built in website blocking (many of them around)
b) buy a super cheap pc <£200 and put ipcop on it and use that to override dns queries much as BlkKnight is describing but centrally
c) Install a free version of PowerDNS PowerDNS - A modern, advanced and high performance nameserver on your machine and get everyone to relay through it for dns resolution then add entries to restrict dns resolution centrally as BlkKnight described.
It all depends how much you have to spend, how secure you want it and your level of networking knowledge.
Good luck,
Jules
06 December 2006, 08:46 AM
#12
Scooby Regular
Join Date: Feb 2004
Location: High Wycombe
Posts: 3,763
Likes: 0
Received 0 Likes
on
0 Posts
A proxy server (of some description) is probably the way forward (as it offers logging, reporting & blacklisting) - but as long as your clients are able to route round the proxy server to get out on the internet - they will always be able to get out.
Trying to enforce company internet policy through systems alone is the wrong approach. People need to be told (and re-told) what they can & can't do. If they persist in doing wrong, then it needs to go down the disciplinary route.
But as yours is a small organisation (bit like mine), things tend to be a bit more relaxed - we have a policy whereby people can use the internet before & after work & during lunch (with some flexibility). With the proxy server I do check the logs periodically and as yes no one has taken the ****.
If you get into a cat & mouse situation, it's just a waste of everyone's energy in the long run.
Trying to enforce company internet policy through systems alone is the wrong approach. People need to be told (and re-told) what they can & can't do. If they persist in doing wrong, then it needs to go down the disciplinary route.
But as yours is a small organisation (bit like mine), things tend to be a bit more relaxed - we have a policy whereby people can use the internet before & after work & during lunch (with some flexibility). With the proxy server I do check the logs periodically and as yes no one has taken the ****.
If you get into a cat & mouse situation, it's just a waste of everyone's energy in the long run.
Thread
Thread Starter
Forum
Replies
Last Post
jobegold@hotmail.co.uk
ScoobyNet General
2
27 September 2015 09:44 PM