How can I block a website with moderate effectiveness?

Factual Questions
1

I need to get MySpace and Facebook out of my daughter’s life. The problem is that she is unable to sit in front of an internet-capable computer without “working” on her MySpace page. Unfortunately, some of her classes require internet access, so simply disconnecting the internet is not an effective solution.

I have tried using IE’s Content Advisor, but it did nothing to block MySpace but it did muck up a few things for me.

I don’t need a solution that will withstand a concerted hack by a competent computer engineer. I just need something that will take her a while to figure out. She has no idea what the registry is or how to get there. I think that I can even limit her access to the registry if that became an issue.

My set up: a desktop computer using Windows XP Home SP2. I have three browsers (IE, Firefox, and Netscape). All three would need to be blocked, though I may be able to configure her account not to access FF and Netscape. We use separate accounts on XP and her account is limited. She cannot install programs (though she can download them). She cannot access any administrator account, desktop, or files. My internet access is DSL through a Westell (IIRC, I am at work right now) modem.

My wife and I are at our wit’s end. We are truly concerned that she will not graduate from high school (she is a senior). Please do not make comments about this really being a supervision issue. For what it’s worth, she already is in counseling for various issues including self-destructive behavior and poor decision-making/impulsiveness. This is a situation where technology is not our ally.

2

A quick and dirty fix is to edit the hosts file in c:\windows\system32\drivers\etc

Open the file in Notepad and add lines like

127.0.0.1 www.facebook.com

When you save it, make sure you change the file type to All files - the filename is hosts, not hosts.txt. Make sure the permissions on the file are that Users have Read Only access.

Do be aware that this will affect all users, not just her.

There are better packaged solutions, but this is a very quick fix.

3

I’m not sure I follow you. I found the hosts file on my work computer. I won’t make any changes here, but I am looking forward to doing this at home.

Below some notes (preceded by #) is 127.0.0.1 localhost

Should I add 127.0.0.1 www.facebook.com
and
127.0.0.1 www.myspace.com ?

Then go to save as and make sure it is on “all files”, not text.

No one else at our house uses these social sites, so I don’t care about it’s affecting other users. Will this affect all browsers? Will this prevent her accessing MySpace and Facebook by following a link (like Googling for MySpace and clicking the resulting link)? What happens when she tries to go to MySpace?

4

If you have a router for your internet access, there may be some filtering capability built in the router. I have a linksys router that allows me to block sites by keyword or address (and also internet access by time). I’ve never used it so I can’t tell you if it is effective ot not, but it is there.

5

If you access the internet via a router, (which you need to connect more than one computer to your internet connection) nearly all of them have provisions for blocking particular IP addresses.

This could be defeated by bypassing the router, or via proxy servers. Many HS kids are probably aware of proxy servers as a means of bypassing school imposed filtering.

on edit, what** Dag Otto **said.

6

Or you can just save, and rename the file from ‘hosts.txt’ to ‘hosts’.

It will block that site completely. However, you might need to block some extra domains. For example, myspace might have a subdomain “users.myspace.com”, which you will also need to block.

When your daughter tries to access the blocked domain, it will come up with a blank white page. This will cause her a lot of confusion, so it is probably wise to tell her you are blocking the site and she’s not allowed to use it, etc.

By editing the hosts file you are preventing the browser from looking up the IP address for the URL. You can also block the IP address directly by using the router methods others have mentioned.

7

Another sneaky trick is to implement a batch file to copy your ‘improved’ version of the hosts file into place on every boot, just in case it gets replaced somehow.

8

Isn’t this half of what netnanny and similar programs do? I’ve never had any experience with them and can’t say anything about their cost (to your wallet, to your computing, or to your domestic tranquility). Has anyone used them? Do they make a difference? Are they only implemented by draconian parents?

(I have no kids, but I am a bit leery that of my cats will get me in trouble for looking at kitty porn.)

9

This will affect all network services, not just all browsers.

The hosts file was the original way that the computers on the Internet kept track of what was where. Every computer on the Internet had a copy of the hosts file, and as new computers were added, the hosts file in every exsting computer had to be updated.

As the Internet grew beyond a few hundred computers, this rapidly became unusable, and the a new system was implemented. Every computer was given the address of a DNS server, a special computer which does nothing but keep track of where things are.

When presented with an unknown website name, your computer will query your DNS server (usually at your ISP), which will return the numeric IP address of the site. Your computer then connects to the remote site.

The hosts file, however, still remains in every computer.

And, it still has priority over DNS as well. When looking for a web address, every computer first checks the hosts file; if it finds the name of the web address in the hosts file, it will go to the corresponding IP addres, and will not query the DNS server.

To block Facebook and Myspace, the hosts file should have three lines:

127.0.0.1 localhost
127.0.0.1 myspace.com
127.0.0.1 facebook.com

The IP address 127.0.0.1 is known as the “loopback address”. This is just network shorthand for the computer itself; this is used in situations where you want some network program to reach back and connect to the computer it’s in.

“localhost” is the word name for the loopback address. When some program tries to connect to the web address “localhost”, the computer checks what numeric address that corresponds to, and connects to it. In this case, this is the local computer.

Adding the two other addresses to the hosts file, and giving them the same IP address, means that any requests for websites in myspace.com or facebook.com will also be redirected to the local machine.

If you have a web server on your machine, these requests will retrieve whatever that web server is providing. If not, the request will return with a ‘404 Not Found’ error.

Not that directly entering the IP address of Facebook or Myspace into the web browser’s address field will still cause a connection, as there is no DNS lookup in such a case.

10

Here is a slightly more in depth explanation of that process. ETA: or What Sunspace said.

If you don’t mind paying, you can try something like Net Nanny . I have never used, so I don’t know if it is any good. It seems pricey to me at 40 dollars per year 'tho.

If you don’t mind me asking, what was the problem with the IE content adviser? It looks like it can block specific web sites. That or the host file trick might be your cheapest options.

11

Don’t assume she won’t figure out how to get around a simple block like that. Back when I was in middle school, when the Internet was still a new thing, this was pretty common knowledge, even outside the geek crowd. Anybody who wanted to get around the filters could find a proxy.

12

All it needs to do is to be harder to fix than homework. He’s not looking for an ironclad solution, just one that will stall her long enough so that she finishes her work before doing Myspace.

To the OP: Be sure to block IM programs as well - she can very easily contact one of her friends on IM and have them “troubleshoot” her computer.

13

OK before you go playing with all the tricky stuff, something to look into, set up an account on open DNS (http://www.opendns.com/). Its free, you can basically set up your own profiles of the types of sites to block and even specify certain sites/domains.

In a nutshell you specify a new DNS that open DNS runs on your router or machine. On the router it will block all machines on a network obviously. Sites can be while or blacklisted by signing into your account and changing the profile. I Just found about this a couple weeks ago and have set it up on on a couple of my customers networks and they love it! (well the employees don’t, the owners love it). The site also gives pretty good instructions on setting it up for the non network fluent.

14

A google search for “myspace proxy” or “myspace blocked” returns dozens of easy to use sites that will circumvent all of the methods talked about here. That took me seconds to figure out. Also, never assume that teenagers are rational thinkers. In the few times that I ran into such a situation with my parents, I would spend hours trying to “beat” them, even when what they wanted me to do would take far less time.

I’m kind of a stubborn bastard though. If Drum God’s daughter just needs the temptation to be moved a bit further out of reach, this may work for her. If not, they’ll need much stronger methods.

15

Good point. Could the OP buy himself some time by setting up a locally-hosted file which has the Myspace header and a non-specific error message (e.g. “Sorry, but we’re adding in a new host which should make Myspace run faster. Our expected downtime is 3 to 12 hours”) which might prevent his daughter from immediately realizing that something is wrong?

16

Thanks to everyone for the helpful replies. Looking back, I feel like such an awful parent for trying to manipulate the situation like this. Still, my wife and I are at our wits end.

I have gone to the hosts file and added every MySpace page she seems to favor. I looked over her browser history and that gave me ideas. I know that the kids at school know ways around the school’s blocking of MySpace and similar websites. I don’t know that my daughter has paid much attention to that or realizes that those methods would work at home. If she is caught on MySpace at school, she’ll lose her computer account and then really be up poop creek.

With my modified hosts file, all that happens is she gets a message that makes it look like MySpace is having technical difficulties. That should hold her for a while, until she goes to a friend’s house and finds that MySpace works just fine. If she knows how to beat the school, she may then attempt those methods at home with satisfying (for her) results. If that happens, we’ll try something else.

I have uninstalled all of the IM programs and have blocked her from reinstalling them. It seems to be effective because I know she has downloaded the installers, but they don’t seem to run for her. :smiley:

Thanks everyone. It takes a global village to raise a child these days.

17

We have 2 computers that THOU SHALT NOT TOUCH (Mine and my fathers) and two that are for everyone else to do work on. Work consists of printing out order guides, writing invoices, making UPS labels, looking up addresses etc. But every few weeks I go though IE’s history and block everything I can see they’ve been using it for…NBA.com BLOCKED, myspace.com BLOCKED, ticketmaster.com BLOCKED stubhub.com BLOCKED etc etc etc. Normally I use 127.0.0.1 and it just comes up as a page not found error. Usually the person using the computer figures either the site is down or the internet is screwy. They ask me for help, and Gee, I don’t know what the deal is, strange :smiley: . Anyways, just to throw a little spice in, instead of 127.0.0.1 I’ll change some of them to www.yahoo.com. So you open IE, it goes to yahoo (the homepage), they type in ticketmaster.com and it appears to start loading and yahoo comes back up…hilarity ensues (for me). Sometimes I’ll use yahoo.com, sometimes I’ll just point it to someother random website. Confuses the hell out of them it does.

18

To stop myself from procrastinating (so, she’d have to WANT to be helped, which might not be the case) I use the Firefox extension Leechblock-- for certain hours or after a certain period of time it will lock me out of whatever time sucking sites I deem (like this one!) and reroute me somewhere else. To circumvent it I have to use a password to change the options (I use the password “I’m procrastinating.” which causes enough personal shame and mistyping that it slows me down a bit).

19

Not to mess with it if it works, but can’t you just use the second-level .myspace.com domain?

Unless there are multiple second-level domains used by MySpace…?

Another thought: does she have a mobile phone? You can get MySpace on phones now.

20

This can be like trying to herd cats as most IM software is “port agile” and will select from a list of alternate ports if existing ports are blocked. about the only way to lock down IM software is via a firewall that specifies the application blocked regardless of port.