Websites to block...
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Websites to block...

  1. #1
    Senior Member
    Join Date
    May 2004
    Posts
    140

    Exclamation Websites to block...

    Can anyone offer up some suggestions or lsist of websites to block for the avg user...we are implementing some new security policies and blocking sites that seems to allow users to make poor choices. We have websense and it blocks via category for the most part but we want to cut down on other thinsg such as yahoo mail, hotmail and so on...here are some of what i have so far.

    hotmail.com
    mail.yahoo.com
    ezula.com
    iwon.com
    whenu.com
    aol.com
    juno.com
    passport.net
    hotbar.com

    any other sugestions please?thanks, J
    Romans 7:14-20
    14 We know that the law is spiritual; but I am unspiritual, sold as a slave to sin. 15 I do not understand what I do. For what I want to do I do not do, but what I hate I do. 16 And if I do what I do not want to do, I agree that the law is good. 17 As it is, it is no longer I myself who do it, but it is sin living in me. 18 I know that nothing good lives in me, that is, in my sinful nature. For I have the desire to do what is good, but I cannot carry it out.

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Posts
    112
    pogo.com and zones.msn.com were the gaming sites of choice for our users before we began blocking.
    If you receive something that says \'Send this to everyone you know,\' pretend you don\'t know me.

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Be prepared for a very long list. Also be prepared to constantly add/remove sites from your list as it will never be "complete".

    You could also swing this the other way around. Only allow certain approved sites and blocking everything else.

    Or how about installing something that will just block the "bad things"?
    Things like executables, malware in general, mp3, movies etc...
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Hopefully your firewall has a reporting feature that will tell you which websites users are visiting the most (our SonicWALL does anyway). What I do is watch that daily, and when a website makes the list that users shouldn't be viewing, I add it to the filter.

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Here we use a policy....if you violate that policy your are disiplined...I look at the logs...and if you visit sites that are inappropriate...you lose you priviledge of the internet.

    I usually wait til they approach me with ..."I cant get on the net"
    Then I show them the logs...give them the lecture...and it usually never happens again.

    you will continually add sites to your firewall....

    As an alternative I have heard of using White lists (sites that you can visit) as opposed to Black Lists (sites you cannot visit).
    That way you have more control and can add sites that are related to your business.

    Personally...I like the policy and monitoring the logs...but then again each network and setup is different.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Senior Member
    Join Date
    May 2004
    Posts
    140
    You guys are right I think the way to go is White lists. however at this point we cannot impliment such a policy untill we work through the "red tape" that may be 6 months so in the mean time i am trying to cut down on some issues. I am not usingt he firewall but using WEBSENSE.
    Romans 7:14-20
    14 We know that the law is spiritual; but I am unspiritual, sold as a slave to sin. 15 I do not understand what I do. For what I want to do I do not do, but what I hate I do. 16 And if I do what I do not want to do, I agree that the law is good. 17 As it is, it is no longer I myself who do it, but it is sin living in me. 18 I know that nothing good lives in me, that is, in my sinful nature. For I have the desire to do what is good, but I cannot carry it out.

  7. #7
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    Originally posted here by Jason1977
    You guys are right I think the way to go is White lists. however at this point we cannot impliment such a policy untill we work through the "red tape" that may be 6 months so in the mean time i am trying to cut down on some issues. I am not usingt he firewall but using WEBSENSE.
    just whatever you do, make sure you convince top mgtm (ecex level) to send out the email and inform the users. you will have a lot less complaining.
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

  8. #8
    Junior Member
    Join Date
    Jun 2004
    Posts
    9
    I would use DansGuardian http://dansguardian.org/

    Great free content filtering and I think it comes with a list of sites already you just have to backtrack to get the list the way you want it.

    if you can not use something like that make sure you block extensions such as:

    ade .adp .bas .bat .chm .cmd .com .cpl .crt .eml .exe .hlp .hta .inf .ins .isp .jse .lnk .mp3 .mdb .mde .msc .msi .msp .mst .ocx .pcd .pif .reg .scr .sct .shs .url .vbs .vbe .wma .wmv .wsf .wsh .wsc

    Also here at my company we block all webmail sites to prevent users from accessing their personal email.

    http://webmail.(domain).com

    Hope that helps.

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    This is a much bigger question than you think.....

    There are some places you can block whole domains personal access, (I call them the "choke points"), to all things the domain provides such as personal email. The biggies are, (and they have to be done by FQDN because they rotte through numerous IP addresses):-

    login.yahoo.com
    login.passport.com
    myscreenname.aol.com (I think it is).

    By preventing them from logging onto the service you keep them off all the email servers etc.

    But then the Lusers start getting email from other places regardless of the "you will be fired" policy and then these fail. i run through my logs every couple of weeks and search for:-

    webmail
    email
    mail
    login
    pipeline, (a lot of universities use Pipeline to allow access to their personal stuff)
    chat
    messenger

    and then I add the appropriate ones to the blocked list. To start with it is a big job but after a while it gets managable and is worth the time rather than chasing worms around your network.

    You can stop most of the instant messengers by blocking their default ports, (Google them 'cos my old mind will get them wrong).

    If you need more specific help just yell... I have most of this trash blocked and can tell you what I did to kill it.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Senior Member
    Join Date
    May 2004
    Posts
    519
    as your users visit them for the first time you can block them.

    I'd block public mail

    www.gmail.com
    www.hotmail.com
    www.yahoo.com etc

    then porn sites
    script kiddie sites
    malicious sites (how to make bombs etc)
    dating sites (find people online)
    chat rooms/some forums (not antionline)

    block irc, msn all the chat programs you can think of

    one website that isnt blocked where i am is www.kissg.com so dont forget that one heh.

    we do have sites for games like www.miniclip.com open

    you mainly wanna stop people from accessing email sites, chat rooms, porn, online gambling/betting, dating etc

    hope some of these help dude

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •