Blocking websites on only certain PC's

I'm just trying opendns.

I've set it to the most restrictive setting and whilst it blocks most porn it does't appear to block it all. It's not blocking Redtube for starters. Even the most avid port addict could subsist on that site alone for quite some time!

EDIT:

I think I happened to pick pretty much the only major porn site it doesn't block and it does actually block the internal videos. Actually it's pretty impressive. It's better than the specialist school filter used where I used to work. I'm going to be recommending this to a client who needs some protection for his family.
 
Last edited:
Here's another idea:

Install screen-viewing software that will allow management to view the screens of any other computer in the office. Then, let the employees know they are being monitored.
They do this at a school I worked at for the students...keeps them busy studying.

Combine that with OpenDNS, and I think you have a winning solution.

:)
 
MobileTechie said:
I think I happened to pick pretty much the only major porn site it doesn't block and it does actually block the internal videos. Actually it's pretty impressive. It's better than the specialist school filter used where I used to work. I'm going to be recommending this to a client who needs some protection for his family.
Click to expand...

It does block redtube completely. Did you clear your DNS cache, I know you hadn't been visiting that site previously though right? ;)

If your client has teenagers you really should be using a router that intercepts DNS traffic and forces it to opendns (tomato, dd-wrt etc). Otherwise it's as easy to circumvent as setting DNS to another free service in the operating system.
 
I tested it before opendns and then afterwards so that probably explains it.

However the turning the router off and on thing seems to bypass it. Sure the requests still go to opendns but now they relate to a different IP address which hasn't got the restrictive settings.
 
MobileTechie said:
I tested it before opendns and then afterwards so that probably explains it.

However the turning the router off and on thing seems to bypass it. Sure the requests still go to opendns but now they relate to a different IP address which hasn't got the restrictive settings.
Click to expand...

Not sure what to tell you. I have set up at least 10 routers that are locked to opendns and intercept any other DNS traffic on port 53. Power cycling reboots it with the same settings.

Hard resetting it will obviously set it back to factory but if parents keep a password on the router config and make it clear that if the router is hard reset for any reason they will lose internet for a week or something. With tomato and dd-wrt it's even possible to change the hard reset routine so that it's not as simple as holding down the reset button for 20 seconds. A hard reset should be pretty obvious anyways when all the wireless connections are down.
 
Last edited:
Yeah but I'm not talking about the router's settings other than its public IP address. I have a dynamic IP, when I turn off my router for a bit and then back on, I get a different IP address. Since my restrictive OpenDNS settings are linked to that IP they no longer apply.

The router is still sending requests to their DNS servers and it's still blocking all other port 53 traffic but that doesn't matter since opendns's default settings are non restrictive and that is the setting thaan unknown IP address not linked to an account gets.

Thus this is all it takes to get around it.

The only way to prevent this as far as I can tell is to update opendns with the new IP by running the updater app. However this can be killed with Task Manager or given a new opendns account or network to refer to all of which negate it.

Btw - thanks for your input on this. I'm not being awkward just testing the system out on behalf of a client.
 
MobileTechie said:
The only way to prevent this as far as I can tell is to update opendns with the new IP by running the updater app. However this can be killed with Task Manager or given a new opendns account or network to refer to all of which negate it.
Click to expand...

Use the ddns options on the router. Everything should be done on the router. Dynamic IP's are not a problem.
ddns.gif
 
Last edited:
FWIW, if someone is at risk of changing router information, they're more likely to know how to change the network adapter's settings (policies notwithstanding).

Default gateway on the NIC supercedes that on the router.

(I was pretty sure but just changed my router to 8.8.8.4 and my NIC to 8.8.8.8. The NIC won.)
 
A company I did some work for was pretty happy with the hosts file and protecting it with SpyBot, which they were using anyway. Though as others said at the router level is the way to go.
 
eHousecalls.ca said:
FWIW, if someone is at risk of changing router information, they're more likely to know how to change the network adapter's settings (policies notwithstanding).

Default gateway on the NIC supercedes that on the router.

(I was pretty sure but just changed my router to 8.8.8.4 and my NIC to 8.8.8.8. The NIC won.)
Click to expand...

Yes you're right. I used those google dns ones myself to test it and it works. But I blocked all port 53 traffic so adaptor DNS settings won't work.

My router doesn't have the ability to update just any dynamic dns, only one built in dynamic dns provider is supplied and it's not opendns. I know I could update the firmware with some non-standard one but this isn't an attractive option for most clients.

Anyway I've found a way to prevent this. I hadn't realised that opendns have another set of DNS servers called FamilyShield. These are
restrictive by default, so if the router is pointed at them it always blocks porn sites no matter what you change your IP to. They also block web proxy sites which is good. However by their very nature they are not customisable.

So now it's quite tough to get around by the look of it. I need to experiment with looking up the ip addresses of porn sites and using them in the URL. In theory that might circumvent it.
 
Last edited:
MobileTechie said:
Anyway I've found a way to prevent this. I hadn't realised that opendns have another set of DNS servers called FamilyShield. These are
restrictive by default, so if the router is pointed at them it always blocks porn sites no matter what you change your IP to. They also block web proxy sites which is good. However by their very nature they are not customisable.

So now it's quite tough to get around by the look of it. I need to experiment with looking up the ip addresses of porn sites and using them in the URL. In theory that might circumvent it.
Click to expand...

Familyshield, nice! I didn't know that. Thanks for the info, it will make setup a lot easier when I don't have to replace routers. :)
 
You must log in or register to reply here.

Similar threads

HCHTech
Website access issues
Replies
11
Views
480
phaZed
phaZed
ThatPlace928
Workarounds for Windows 11 on Incompatible Hardware
6 7 8
Replies
142
Views
17K
Sky-Knight
Sky-Knight
HCHTech
Dell Warranty lookup
Replies
1
Views
132
Markverhyden
Markverhyden
Digital Funland
  • Question Question
Problem on Multi-OS bootable usb made with ventoy
Replies
19
Views
1K
Digital Funland
Digital Funland
HCHTech
GoDaddy again - Outlook error 7ita9
Replies
3
Views
411
callthatgirl
callthatgirl
Back
Top