SoftwareTipsandTricks Forum

Go Back   SoftwareTipsandTricks Forum > General Computing > Internet
User Name
Password


How to block websites?

Reply
 
Thread Tools Search this Thread Rating: Thread Rating: 45 votes, 3.11 average. Display Modes

  #1  
Old 08-30-2006, 11:16 AM
moses7's Avatar
moses7 Offline
Registered User
 
Join Date: Oct 2005
Location: Home
Posts: 13
How to block websites?

How to I block sites?

I'm trying to block the site youtube.com because the videos consume to much bandwidth.

Can you also help to block videos from the internet like youtube.com's and grouper's.

I tried putting them in the restricted sites and disable internet options but some users use a software named zonedout to remove the sites from the restricted sites.
__________________
Don't do things to others that you don't want them to do to you. If you can't live with them, then don't be hatin' and do them no harm.
Reply With Quote

  #2  
Old 08-30-2006, 11:55 AM
snowmonkey's Avatar
snowmonkey Offline
Registered User
 
Join Date: Jun 2003
Posts: 3,386
I assume you are talking about office environment, right ? What do you run..Router policy, Domain Policy, Proxy or what ...do you have local DNS server ? some more info would help.

Older days I used to force HOSTS policy on user's computer when they logged into the domain and I would set the web site's in questions IP address to 0.0.0.0.......give us some feed back.


Cheers
Reply With Quote

  #3  
Old 08-31-2006, 09:26 AM
moses7's Avatar
moses7 Offline
Registered User
 
Join Date: Oct 2005
Location: Home
Posts: 13
I am trying to block websites for each single workstation.

There's a way to block the homepage of sites but there are many links to get to the site like using google then clicking the site.
__________________
Don't do things to others that you don't want them to do to you. If you can't live with them, then don't be hatin' and do them no harm.
Reply With Quote

  #4  
Old 08-31-2006, 12:16 PM
tones_ie's Avatar
tones_ie Offline
Registered User
 
Join Date: Jul 2006
Posts: 211
Use the host file...I'll assume u have XP

C:\Windows\System32\Drivers\etc\hosts

Once you have found the hosts file, right click it and select Properties. Uncheck the "Read-Only" attribute (if checked). Click OK.

Double click the 'Hosts' file and select "Notepad" from the list of programs to open it with.

Once you have the hosts file open in Notepad, you will see an entry such as:

Code:
# Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost

To block a certain web page from loading, add the following:

127.0.0.1 www.webpage.com

Your Hosts file will now look like this:

127.0.0.1 localhost
127.0.0.1 www.webpage.com

Add as many web addresses as you like in the same fashion.

Once you are finished, go up to 'File' and click 'Save'.

The web pages listed in your 'Hosts' file should be blocked from access. It may be necessary for you to reboot your computer for these changes to take effect.


On a side note regarding the host file....there are numerous sites out there that maintain up to date lists of "Bad / Dodgy" websites for download...its a good way to not get infected with spyware....
Reply With Quote

  #5  
Old 08-31-2006, 08:46 PM
F A B Scott's Avatar
F A B Scott Offline
Registered User
 
Join Date: Sep 2005
Location: England
Posts: 485
Quote:
Originally Posted by oldtimer
Why do you end up there ?



He doesn't.
Quote:
Originally Posted by moses7
...but some users...
__________________
F A B Scott
Reply With Quote

  #6  
Old 09-01-2006, 08:07 AM
moses7's Avatar
moses7 Offline
Registered User
 
Join Date: Oct 2005
Location: Home
Posts: 13
I think the problem with the host file is that it only blocks the homepage of the site and you can still access it through links.
__________________
Don't do things to others that you don't want them to do to you. If you can't live with them, then don't be hatin' and do them no harm.
Reply With Quote

  #7  
Old 09-09-2006, 04:47 PM
psharkauburn Offline
Registered User
 
Join Date: Sep 2006
Posts: 12
Quote:
Originally Posted by moses7
I think the problem with the host file is that it only blocks the homepage of the site and you can still access it through links.

Not really true, but I think I know what you're thinking. The hosts file can route any dns name (eg. www.google.com) to any IP you want. The problematic thing is that the HOSTS file doesn't accept wildcards in the dns name like *.myspace.com. Because of this, you have to have entries for www.myspace.com (main page), browseusers.myspace.com (child page), forum.myspace.com (child page), vids.myspace.com (child page), etc... and essentially blanket all the dns names that the site uses which is really annoying and time consuming but does work. As a tip - when doing this, I always look for the login page dns to reroute as it keeps people from accessing most stuff (eg. login.myspace.com). The better way (in a domain environment) is to use Active Directory Group Policies and IPSEC to deny access to traffic coming from IP Addresses. Step 1 is to identify the IP addresses used by the offending sites (do a whois lookup - www.whois.org). Then create a group policy and under the IPSEC section set the filters to deny network traffic over ports(80) from those IP's. This essentially gives you the wildcard blocking we wanted above (*.myspace.com). While this is extremely efficient, the downside is you cannot block specific child sites, instead all the web traffic. In a downside scenario - i want to allow my users to be able to goto developer.cnet.com for research, but not videos.cnet.com because of bandwidth issues (i made up these sites but bear with the idea). If this was a smaller company with 1 webserver or ip address then the IPSEC blocking strategy blocks all web access to them where the HOSTS file *would* allow us to block videos.cnet.com but leave developer.cnet.com alone. Depending on your position in the company and what you have access to, your perimeter firewall (or the proxy server firewall, or the router's firewall - depending on your network setup) can be set to block traffic from specific IP's achieving the same effect as the IPSEC policy. IPSEC blocks at the end user's computer, perimeter/router firewall's block at your networks internet access point well before the end user computer. No strategy is perfect, good luck with your choices.
__________________
World of Warcraft withdrawl can be as devastating as the flu - seriously, it should be covered by insurance. -PShark

Last edited by The Tool : 09-11-2006 at 07:20 PM.
Reply With Quote

  #8  
Old 09-11-2006, 12:20 AM
psharkauburn Offline
Registered User
 
Join Date: Sep 2006
Posts: 12
Blocking sites and how to defeat the man

Before you can circumvent, you need to know what you're up against

While there are hundreds of software packages out there to help administrators block websites deemed "inappropriate", it usually boils down to only 3 generic techniques used behind the scenes.

* Security Zones - Back in the day, there was only 1 "real" browser for windows - Microsoft Internet Explorer (IE). Microsoft's idea for parental security and casual use was implementing security zones that could be defined with different permissions. Sites could be trusted (full access), in the internet zone (limited access), or restricted (no access). The restricted zone could be password protected allowing administrators to block specific sites, and as so long as the people using the computer weren't logged in as administrators this technique worked fine (especially when used against beginner - novice users). In today's world though, there are a multitude of alternative browsers out there, as well as tools available to disable or reset security zone settings making this the least hardened security measure. You can always tell when this is being used, as a message will appear saying this site has been restricted, or it will prompt you for a password.

* Windows HOSTS file - This is a windows system file that's been around ever since TCP/IP became accessible on Microsoft's platform. It all stems from the fact that people like to use words to remember websites like http://www.myspace.com/ instead of numbers like 131.204.87.90 while computers prefer numbers over words. To turn our friendly words into numbers, everytime you try to connect to an internet resource by name, your computer must first ask another computer what number the name translates into - the DNS server. This question asking from computer to computer (while pretty fast) takes both time, and bandwidth to perform. In efforts to be as efficient as possible, windows created the HOSTS file that allows you to predefine specific name->number assignments. When you attempt to browse to a site, the computer ALWAYS consults this file first as it could potentially eliminate an expensive question it would have to ask someone else. If you search your OS for the HOSTS file, you can view/edit it in a text editor and will see entries like: 127.0.0.1 Localhost. This is a default entry that specifies any attempt to browse to a server "localhost" should be directed towards IP 127.0.0.1 (which happens to be your computers default IP - the loopback adapter). If you add an entry: 127.0.0.1 www.myspace.com - then any attempt to goto www.myspace.com will be directed back to your own IP address with a result of server not found (unless of course your computer is the myspace web server). You can usually tell when HOSTS file redirection is being used when attempts to browse a website *consistently* take you to a different site (or your company's/schools intranet portal). I say *consistently* because there is plenty of spyware out there now that redirects to advertising pages but they usually are not consistent in the redirection - they will cycle thru different sites.

* IPSEC/Firewall blocking - This is the most pervasive blocking usually performed by far. IPSEC filtering can be deployed via group policy to individual computers or can be deployed to the network's internet gateway for blocking at the networks perimeter. IPSEC rules are extremely customizable, and essentially allow any protocol (http, ftp, etc...), on any port (sender or receiver), on any IP address to be filtered. To block a specific site from being viewed, a generic policy only requires knowledge of the sites IP address - and a broad rule can be set: Block/Deny all traffic with destination addression XX.XX.XX.XX, or a specific rule can be set: Block/Deny HTTPtraffic with a destination port of 80 to a destination IP XX.XX.XX.XX. With rules like this set, any traffic matching those patterns will be completely blocked. While IPSEC operates at the operating system level, most routers have internal firewalls (or large organizations have standalone firewalls) allowing similar rules to be established at the network level. The easiest way to determine if this is being used is to simply "ping" the destination's IP address. If you cannot ping them, then the IP's are being filtered (or the server is down); if you can ping, but cannot browse to the site then it is a good indication that a narrow rule has been set restricting the protocol/port. IPSEC/Firewall filtering is very commonly used to block things like peer-2-peer protocols, filesharing, etc.. as it is the easiest way to block applications like Kazaa or eMule across the entire network.

While this list is by no means exhaustive, these are by far the most commonly used techniques to restrict internet access to specific destinations. They are the most common because all 3 techniques are "FREE" to network administrators and don't require any additional hardware or software - just knowledge of Active Directory, Windows OS, and Group Policy. Remember, the first step to successfully circumventing any security measure is knowing what you are up against. I hope someone finds this useful, and be on the lookout for additional blogs contains steps to actually circumvent these techniques, as well as guides to implementing these techniques over networks.

-theShark
__________________
World of Warcraft withdrawl can be as devastating as the flu - seriously, it should be covered by insurance. -PShark

Last edited by The Tool : 09-11-2006 at 07:22 PM.
Reply With Quote

  #9  
Old 09-15-2006, 09:11 PM
nanso Offline
Registered User
 
Join Date: Aug 2006
Posts: 1
I block myspace it was easy this way.. thanks...
Reply With Quote

  #10  
Old 09-16-2006, 01:03 AM
md16185's Avatar
md16185 Offline
Registered User
 
Join Date: Sep 2006
Location: Iowa
Posts: 99
does ur site have limited resources? is that why you're trying to block sites?

Why do so many places block my space, restrict sharing links, etc... There is more online than spyware, adware, and viruses...
Reply With Quote

  #11  
Old 02-13-2007, 11:41 AM
spiderrav69 Offline
Registered User
 
Join Date: Feb 2007
Posts: 1
Does anyone know how to do this using DNS on a Win2k server?
Reply With Quote

  #12  
Old 09-28-2008, 01:54 AM
Monty007's Avatar
Monty007 Offline
Registered User
 
Join Date: Jan 2007
Location: Australia
Posts: 2,247
These links look like malware ect....dont go near them.
__________________
http://www.doddpc.com
MCP
MCDST
SQL 2008 (2778)
Windows Server 2008 (6430)
Reply With Quote

  #13  
Old 09-28-2008, 10:40 AM
F A B Scott's Avatar
F A B Scott Offline
Registered User
 
Join Date: Sep 2005
Location: England
Posts: 485
Quote:
Originally Posted by Monty007
These links look like malware ect....dont go near them.
Which links???

MySpace?

__________________
F A B Scott
Reply With Quote

  #14  
Old 09-29-2008, 12:01 AM
Monty007's Avatar
Monty007 Offline
Registered User
 
Join Date: Jan 2007
Location: Australia
Posts: 2,247
Admin has removed them. They where torrent links that looked very suss.
__________________
http://www.doddpc.com
MCP
MCDST
SQL 2008 (2778)
Windows Server 2008 (6430)
Reply With Quote

  #15  
Old 11-13-2008, 07:50 PM
waresoft's Avatar
waresoft Offline
Registered User
 
Join Date: Aug 2003
Location: Annville, PA
Posts: 219
If you want to effectively block sites, then you will need to set the router for your network to use static DNS servers from http://opendns.org. Setup an account with them. Set your blocking options and DNS lookups will fail for any sites you don't want it to work for.
Reply With Quote
Reply




Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Block one user from the internet with XP Pro nitrox Windows XP 2 11-20-2007 06:26 AM
Block sound from some applications Famer Software Problems and Useful Utilities 1 07-21-2006 10:08 PM
Bad block on HDD BOOM BOOM Hardware Problems 8 05-09-2006 03:39 PM
blocking websites ugh animefreak Internet 3 11-10-2005 11:07 PM
Block images in Outlook Express maggie1012 Software Problems and Useful Utilities 3 01-22-2005 11:40 AM



All times are GMT -5. The time now is 09:59 AM.


Powered by vBulletin Version 3.5.2
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO 2.3.2 © 2005, Crawlability, Inc.