list of sites to block

ats

Got a bunch of dim wits in for the sumer that can't seem to understand "stay the F off Bebo and the like and IM sites" so I'm just gonna block them on the firewall (sonicwall)

anyone got a list of usual suspects to block or know where i can pick one up?

smilingatyou

boards.ie
lol:)

ats

smilingatyou wrote:

boards.ie
lol:)

true but then i couldn't look at PI all day and brighten up my sorry existence:D

scojones

whatever site you are blocking, make sure you're blocking by IP as well as by words (block the word bebo, blog, etc).

Meebo.com should also be blocked, as should msn2go.com, block the words yahoo and msn too.

SonicWALL's Content Filter List is available by subscription only.

Shane O' Malley

Don't forget all the proxy avoidance sites too.

Hell of a job to do manually.

philstar

well without stating the obvious..porno sites....biggest carriers of viruses/spyware of all....which i found out to my cost:o

now i take cold showers

Shane O' Malley

Came across this, which is a list of spyware and adware sites.

http://dialspace.dial.pipex.com/town/pipexdsl/o/aoxw32/BlueTack/spyware.txt

Not sure how up to date it is, but it is a start.

Shane O' Malley

This site might also be useful.

http://forums.opendns.com/comments.php?DiscussionID=246

Black Swan

Why reinvent the wheel? Spyware Blaster is a free passive blocker programme that blocks thousands of known malware/spyware/adware sites. Also, free Spybot Search & Destroy has a passive blocker function that does this too.

ats

scojones wrote:

whatever site you are blocking, make sure you're blocking by IP as well as by words (block the word bebo, blog, etc).

Meebo.com should also be blocked, as should msn2go.com, block the words yahoo and msn too.

SonicWALL's Content Filter List is available by subscription only.

yeah I'm subscribed to that already so i get their default content filter for the usual filth, its the sites like bebo and stuff i'm interested in the "production loss" sites. I have suggested to the powers that be putting something like websense in but they wont for out for it, we're a small enough site only 50 users.

Shane O' Malley wrote:

Don't forget all the proxy avoidance sites too.
Hell of a job to do manually. .

tell me about it, it's been pretty good so far I tend to just have a word in their ear and they don't bother going into them again, but there's this one bint on work experience and she has this real difficulty understanding "stay the F away from them", i get the whole "do you know who she is" bit coz she's related to one of the partners in the firm so i reply, Yeah shes on work experience and I'm the IT manager and it's my job to secure this network does that clear it up for you. LOL

thanks for the links I'll follow up on them today

IRLConor

ats wrote:

tell me about it, it's been pretty good so far I tend to just have a word in their ear and they don't bother going into them again, but there's this one bint on work experience and she has this real difficulty understanding "stay the F away from them", i get the whole "do you know who she is" bit coz she's related to one of the partners in the firm so i reply, Yeah shes on work experience and I'm the IT manager and it's my job to secure this network does that clear it up for you. LOL

If it's just one or two people who won't respond to stimulus then I'd do one or more of the following:

• Sandbox her, then turn off web access for that sandbox. Obviously this only works if she doesn't really need web access to do her work.
• Reactively add sites she visits to the content filter after manually checking them. This is impractical for lots of people, but shouldn't be too onerous if it's only one or two.
• Deal with her via your and her managerial channels. It should work. If it doesn't, well do you really want to work for a company that will support a work experience student in the wrong over a sysadmin in the right?

NutJob

Starting point
http://www.squidguard.org/blacklists.html

ats

IRLConor wrote:

If it's just one or two people who won't respond to stimulus then I'd do one or more of the following:

• Sandbox her, then turn off web access for that sandbox. Obviously this only works if she doesn't really need web access to do her work.
• Reactively add sites she visits to the content filter after manually checking them. This is impractical for lots of people, but shouldn't be too onerous if it's only one or two.
• Deal with her via your and her managerial channels. It should work. If it doesn't, well do you really want to work for a company that will support a work experience student in the wrong over a sysadmin in the right?

cant turn off web access for her, we don't have that facility in the office, i could put in a proxy IP on her system but there are cases where she does genuinely need access to the web.

I've resorted to checking the firewall logs and her history when shes not around, just writing it down and looking on my pc then blocking it, but as you can imagine its a pain in the arse

Managerial channels suck in this place, I asked 6-8 months ago to implement a formal Acceptable usage policy and its still with the partners (its a law firm )and they cant decide on the gray area of what we can and cant monitor. The way i see it its our system we can do what we damn well like with it, if i want to block sites i can. Also we have no formal HR dept just an office manager and she's as useful as t1ts on a bull to be honest. The problem is that the one thats looking at the sites is the niece of one of the senior partners which means disciplining her m,ay be difficult. this is the type of company that buys PCs for the Senior partners family, pays they cell phone bills etc. and when snotty nosed D4 16 year old calls coz she broke her 3rd phone in 2 months you can't get her the cheapest one available coz its daddy's company and all that crap.

it is a pain to work her and it sucks, but its close to college and convenient to home, free city center parking 24/7 so even on saturdays i can park in the office and head shopping etc.

I'll run through all those lists and take the most obvious ones from it and add it manually, then just monitor her and start reporting her if it gets worse.

CiaranC

What do you care if your users are on Bebo or IM?

ats

CiaranC wrote:

What do you care if your users are on Bebo or IM?

it uses valuable network resources and is a productivity loss. Also IM software can be used to upload and download files and has vulnerabilities that expose our network and as the IT manager it is my responsibility to reduce these risks, i thought that would have been obvious

CiaranC

ats wrote:

it uses valuable network resources and is a productivity loss. Also IM software can be used to upload and download files and has vulnerabilities that expose our network and as the IT manager it is my responsibility to reduce these risks, i thought that would have been obvious

Funny that. Im sitting in the worlds largest tech company here with an IM client that I am expected to use open, along with a proxy which blocks nothing at all.

ats

CiaranC wrote:

Funny that. Im sitting in the worlds largest tech company here with an IM client that I am expected to use open, along with a proxy which blocks nothing at all.

good for you I'm delighted for you.

Oracle

Spybot Search and Destroy has an option to block lots of known bad sites by using it's own hosts file. Plus you can make the hosts file read only too. Not sure if that would be broad enough for your needs though.

_Kaiser_

One thing to note though is the licensing conditions of the software. Not all the suggestions mentioned are free for use in a commercial enviornment.

(I'm an IT Manager too and it's a pain I've come to live with)

Jaden

Block ALL outbound ports except HTTP and HTTPS, the use squid to block access to any URL with certain keywords in it. Also block site that are IP only, and finally a list of known webmail/IM/Productivity loss sites.

Job done.

Cake Fiend

^^ Sound advice from Jaden there, I don't understand why you're not running a proper proxy already. It's not difficult, just throw something like Smoothwall or IPCop on a spare box.

ats wrote:

it uses valuable network resources and is a productivity loss.

Exactly how productive do you expect a kid on work experience to be? I very much doubt that bebo is battering the bandwidth. Something like Youtube, possibly, but it really sounds like you're setting yourself up for an awful lot of work for not much benefit.

If you have that kind of time on your hands, you must have a cushy job!

_CreeD_

If you want to block IM and the like in general and have a spare 2Ghz or so PC give Snort a go (if you're not into Linux there is a windows version, a great guide to set it up is available at www.winsnort.com). Also get the IDS Policy Manager and Honeynet Console for it from here http://www.activeworx.org/Downloads/tabid/54/Default.aspx . All free. Set the Policy Manager to handle your updates and include those at Bleedingedge as they have a lot more policy based rules for things like Myspace/IM/Youtube etc. than the standard definitions. There is a way to turn it into an IPS (Where it not only detects but actively blocks your denied connections) but I haven't tried it. You can however use plain old TCP resets whereby the IDS will send reset messages to the local and remote clients to cut the connection. Besides the policy side it's a great tool for just about any type of network traffic monitoring....and again it's all free.

CiaranC: If your company has that level of resources then they will already have multiple IDS/IPS in place and likely also Proxy your IM traffic through an application layer firewall for that service. Basically if your IT guys know what they're doing and have the resources they can secure it. If a company doesn't have the resources to handle it securely then the OP is right in that it needs to be controlled heavily.

Capt'n Midnight

www.schooner.com/~loverso/no-ads/

save the file - point internet explorer at it
if editing it use write instead of notepad

it has wildcards so you can customise easily