School Filter

[mazmac24]

Does anyone know ow to over ride the school filters?

[Sparda]

Wasn't there a realy old thread dedicated to this very topic?

[manuel]

As a sysadmin for a school, I would suggest not trying. Chances are if the tech people are anything like me and the rest of our tech department, you will be caught and dealt with accordingly.

We have had a lot of students try many methods and a few were successful until we blocked them and revoked their computer priveledges. It is hard to pass a computer class or many other classes that require research (online) without access to a computer in school.

However that said, Google is your friend.

-Manuel

[manuel]

Wasn't there a realy old thread dedicated to this very topic?

Several if I recall (one of which was lost with the forum relocation).

[Duelus]

*cough* http://tor.eff.org/ *cough*

But really, can't you just wait till your home to get on myspace?

[stingwray]

The easy answer is to use a proxy, although finding one which isn't blocked in the first place is hard. You can use some very well known websites as proxies because of some of the features that they have but it is fairly hit'n'miss.

I would recommend setting your own proxy up at home. All you have to have is a webserver and php installed and you can run PHProxy which is great. As long as your school doesn't scan every page for black listed words you should be fine.

As for the ethics for bypassing a school filter, i think it is acceptable to do so, as long as you cause no damage to school computers or systems and are responsible with you use of it. (i.e. if you school is stopping you from playing games on the net by blocking them and you want to do that, then wait to get home. However if the block is blocking legitamate sites that you need access to then it is fine). Also you should bypass the filter if you have signed anything that basically says you won't do anything, some schools have "policies" which you have to sign before you get access to the internet which may contain restrictive clauses, its always worth checking them out.

[manuel]

...However if the block is blocking legitamate sites that you need access to then it is fine). Also you should bypass the filter if you have signed anything that basically says you won't do anything, some schools have "policies" which you have to sign before you get access to the internet which may contain restrictive clauses, its always worth checking them out.

I have to say if something is blocked and it is something that should not be, simply ask your teacher, your principal or the tech people why exactly is www.xyz.com blocked and explain exactly why you think it is legitimate. Chances are if it is truely a legit site, the filter is just playing it safe. However if you want access to sites such as myspace just because of (... fill in the blank) then that is not good enough.

We expect this for everyone here (staff/students/parents). Just as you might say site zyx.com is needing to be blocked because of porn or whatever.

The point is be responsible, respectful and knowledgable (some key principals to Social Engineering BTW) and you could get what you want.

I know if a student asks me in a clear well thought out question as to why something is blocked (or not) I do listen and do my best to explain. For example, youtube.com had to be blocked partially due to the content, but primarily due to bandwidth considerations. After aall if one person is looking at the content it is not bad, but if there are even just 5 computers on the site, combined the traffic can hog an entire T-1 line thus will not allow necessary traffic through without being worse than dial-up.

-Manuel

[barrytone]

Nice to meet another school admin, manuel_l :)

How to get round the filters really depends on the setup. Which you havn't really provided much information about.

The schools that I work in all run through an off-site filtering system, meaning that I cannot unblock sites. So talking to Techs / Teachers to get a site unblocked may not work, even if they agree to it.

If your school's setup is ok, there is probably everything but port 80 (for web traffic) closed. And there will most likely be group policies in place to stop you from changing the proxy settings.

In short: I'm not gonna help someone get around school restrictions. When I was at school, I did it because I was curious; because I wanted to learn. Not because I wanted to go on myspace or watch porn.

[manuel]

Actually we block port 80 as well, except for our content filter server, which effectively forces anyone and everyone to use the filter. Even if they bring in a flash drive with firefox on it or boot into a livecd (if they happen to find a computer that will allow it) or maybe even their own laptop/ or other device, they don't just magically have free internet access because all ports are blocked for all IPs except for our content filter and servers. VLANs, subnets and PTP VPN allow this setup.

its a bit tricky when dealing with certain services, but it works for us once we got everything setup, although changes do need to happen so that we can increase the capacity of our server farm.

-Manuel

[stingwray]

I have to say if something is blocked and it is something that should not be, simply ask your teacher, your principal or the tech people why exactly is www.xyz.com blocked and explain exactly why you think it is legitimate. Chances are if it is truely a legit site, the filter is just playing it safe. However if you want access to sites such as myspace just because of (... fill in the blank) then that is not good enough.

Yes that is the correct way of going about this but unfortunatly we don't live in a fair world. My schools previous IT head was an absolutely horrible and wouldn't do anything and you were likely to get detention for asking, (also back in those days we only have 30MB storage in our user accounts).

Our new IT head is brillant and will do most things (in fact we have a quota of times to go on certain websites if you want to), and because he is great I'm also an admin at the school so I can sort things out as well.

I did mention in my first post the ethics of bypassing the filter and hopefully he will take that on board if and when he does want to bypass it and I would hope it is not for MySpace.

How to get round the filters really depends on the setup. Which you havn't really provided much information about.

Yes it will depending on the set up but PHProxy will be a solution for most restrictions, as long as the site that is hosting the PHProxy is not blocked in the first place.

[stingwray]

Actually we block port 80 as well, except for our content filter server, which effectively forces anyone and everyone to use the filter. Even if they bring in a flash drive with firefox on it or boot into a livecd (if they happen to find a computer that will allow it) or maybe even their own laptop/ or other device, they don't just magically have free internet access because all ports are blocked for all IPs except for our content filter and servers. VLANs, subnets and PTP VPN allow this setup.

We have a Proxy on the school network which all machines are default to go through, and if someone somehow manages to tell it to use a direct connection instead then when it leaves the network it is filtered by the counties proxy which is even more restrictive because it is for use by Playgroups and Primary Schools. You have to go through one of them in the end.

[mazmac24]

*cough* http://tor.eff.org/ *cough*

But really, can't you just wait till your home to get on myspace?

The school filter blocked this too.

[Iain]

@manuel_l and barrytone: what collaboration is there between school and other network admins in creating a list of blocked sites? For instance, if an admin comes across a new site which has dubious content and it's not trapped by the current blocking mechanisms, does (s)he communicate it to fellow admins (in other organisations) in some way or are all admins expected to monitor network traffic and sites that students are accessing? If it's the latter, it strikes me that the blocking is not proactive but it's reactive.

It may be that there is an informal communication of such information between admins but I'm intrigued to know if there's a "formal" mechanism of such communication.

[mazmac24]

Well, my school's computers run on a network. They ave Deep Freeze when you turn them off. They are eiter Windows XP Pro or 98. Tere is a Tawspace drive that doesn't erase that's only abut 64mb. Its not only MySpace that I want to o on...

[Sparda]

Question aimed at manuel_l:

Do you block Wikipedia? If I was a network admin I would setup a filter so any page on Wikipedai can be accessed (there is no questionable content on the wikipedia.org domain) but have a filter so that it blocks editing of pages (we can't have the few spoiling it for the many) it's just a simple url block (wikipedia.org*action=edit) and then IP blocking as well (145.97.39.155*action=edit). What do you think?

[mazmac24]

Question aimed at manuel_l:

Do you block Wikipedia? If I was a network admin I would setup a filter so any page on Wikipedai can be accessed (there is no questionable content on the wikipedia.org domain) but have a filter so that it blocks editing of pages (we can't have the few spoiling it for the many) it's just a simple url block (wikipedia.org*action=edit) and then IP blocking as well (145.97.39.155*action=edit). What do you think?

How do you do that?

[stingwray]

@manuel_l and barrytone: what collaboration is there between school and other network admins in creating a list of blocked sites? For instance, if an admin comes across a new site which has dubious content and it's not trapped by the current blocking mechanisms, does (s)he communicate it to fellow admins (in other organisations) in some way or are all admins expected to monitor network traffic and sites that students are accessing? If it's the latter, it strikes me that the blocking is not proactive but it's reactive.

It may be that there is an informal communication of such information between admins but I'm intrigued to know if there's a "formal" mechanism of such communication.

I know from my school that we receive black lists which have different catagories which we can implement. For example it would work somewhat like this, we implement the porn black list and then we hope that all the porn sites in the world are blocked (not likely to happen), our list is then updated from time to time by the supplier as more are found. However if we find that someone has accessed a porn website at school (either by browsing the logs or being informed by someone) then we will add it to the block lists. As well as getting the black list from the company they take a list of the websites that we have blocked so that they can then look at them and add them to their lists etc. if they feel that need to.

I would not have thought that Admins would communicate amoungst themselves as not all admins would need this information, some would already have it, or have heard it previously. The system were the black list provide takes the list of what we have blocked and looks at it I think is a much better idea as they can reach for more people more effectively than admins telling themselves.

The blocking has to be preactive and reactive because the internet is changing so much every day.

[Sparda]

Question aimed at manuel_l:

Do you block Wikipedia? If I was a network admin I would setup a filter so any page on Wikipedai can be accessed (there is no questionable content on the wikipedia.org domain) but have a filter so that it blocks editing of pages (we can't have the few spoiling it for the many) it's just a simple url block (wikipedia.org*action=edit) and then IP blocking as well (145.97.39.155*action=edit). What do you think?

How do you do that?

Do what?

[mazmac24]

Question aimed at manuel_l:

Do you block Wikipedia? If I was a network admin I would setup a filter so any page on Wikipedai can be accessed (there is no questionable content on the wikipedia.org domain) but have a filter so that it blocks editing of pages (we can't have the few spoiling it for the many) it's just a simple url block (wikipedia.org*action=edit) and then IP blocking as well (145.97.39.155*action=edit). What do you think?

How do you do that?

Do what?

Put the websites on Wilipedia.com to use around the filters?

[Sparda]

"Put the websites on Wilipedia.com to use around the filters?"

The sentance doesn't make sence and is out of context, I was talking about wikipedia.org not wikiepdia.com. Reading into that sentance (alot since it doesn't make sence) I wasn't even surgesting that you could use wikipedia.org to cercumvent web site filting.

[barrytone]

@manuel_l and barrytone: what collaboration is there between school and other network admins in creating a list of blocked sites? For instance, if an admin comes across a new site which has dubious content and it's not trapped by the current blocking mechanisms, does (s)he communicate it to fellow admins (in other organisations) in some way or are all admins expected to monitor network traffic and sites that students are accessing? If it's the latter, it strikes me that the blocking is not proactive but it's reactive.

It may be that there is an informal communication of such information between admins but I'm intrigued to know if there's a "formal" mechanism of such communication.

Good question!

Here in the UK (in my city at least) the schools all connect to the same backbone. It's a scheme setup between the LEA (Local Education Authority) and Telewest. The web filtering is not done at the schools, but at the main gateway to the rest of the internet.

It is proactive, in that: they have a massive black list of sites that schools are not allowed to access (porn, warez, chat etc etc), but it is also reactive, in that: if someone (usualy a teacher rather than a network admin, as it's usually teachers that catch kids on sites they shouldn't be using :P ) finds a site that isn't blocked, but should be: they simply e-mail the URL to the LEA to get it reviewed for black listing.

If they didn't see the URL, they just get a network admin to check the logs based around the time of access, computer used and student that accessed it. That's usualy enough info to find the URL pretty quickly.

If the site needs to be blocked quickly, I usualy just put a dummy record in the schools local DNS server to point the offending URL at 127.0.0.1, or the ip of the school's intranet server. It's not full proof, but it's enough to stop the 'point and clickers' from getting to it until it's blacklisted by the LEA.

[SonicvanaJr]

Question aimed at manuel_l:

Do you block Wikipedia? If I was a network admin I would setup a filter so any page on Wikipedai can be accessed (there is no questionable content on the wikipedia.org domain) but have a filter so that it blocks editing of pages (we can't have the few spoiling it for the many) it's just a simple url block (wikipedia.org*action=edit) and then IP blocking as well (145.97.39.155*action=edit). What do you think?

I wouldn't doubt that when I go back to school next August wikipedia will be blocked. Our MCS (Media Center Specialist, Pretty much a librarian who does other stuff) hates the site. She says that it is unreliable and put together by idoits, and since everyone can edit the info people are going to purposely post false info to mislead you. Her example ? Well she went to edit this article about a certain author, and in a section about where the author went on vacation she changed where he went from Italy to get this... North Italy, she then said it took a whole two weeks for someone to change it back.

[manuel]

Question aimed at manuel_l:

Do you block Wikipedia? If I was a network admin I would setup a filter so any page on Wikipedai can be accessed (there is no questionable content on the wikipedia.org domain) but have a filter so that it blocks editing of pages (we can't have the few spoiling it for the many) it's just a simple url block (wikipedia.org*action=edit) and then IP blocking as well (145.97.39.155*action=edit). What do you think?

Sparda: We do allow wikipedia, but our current filter does not allow for us to block using wildcards -- but we are about to change that with a completely different filtering system. The new system will allow that type of setup and this was one of those wish-list items that the new filer will take care of.

Iain: Excelent question!

We do try to communicate with other school districts (most are relatively small in our area) so that most of us are on the same page with filtering and the laws and implimentations of other technologies, but many people interpret the law differently enough that it is not always agreeable about sites to be blocked.

I have to say we use a combination of proactive and reactive methods. For instance MySpace was blocked a long time before many of our students really knew it existed, just as myyearbook.com was. Where we struggled was actively blocking the new proxies and other online methods to bypass the blocks.

Its also proactive, because the vendor of the filter has many categories to choose from which have literally millions of websites already on them, which are updated frequently from the vendor. There would be no easy way for all of us to recreate the full list ourselves.

So is this formal, no not really, but its out of courtesy that we communicate at least a portion of the time. Afterall why re-invent the wheel when you can just modify it for your needs?

At the same time it is reactive, because some content could be considered okay for high schoolers to research on, but completely not appropriate for the younger kids to see. we have to reactively create lists and block/allow sites as needed.

Our staff are supposed to monitor the Interne twith their students closely and tell us if they are doing anythng borderline so that we can watch it, but unfortunatley several of our staff members don't always have the ability to observe everything that goes on. This is where the tech dept. steps in and actively monitors the traffic for random time frames to see what is really going on.

Hope that answers your question a bit, without rambling on too much. If not ask again and I'll see if I can answer better.

-manuel

[stingwray]

A lot of them are banned at my school, which is why setting you own up is a good idea and limiting its use, that way it is unlikely to get banned so will always be there.

[Iain]

@manuel_l and barrytone:

You communicate directly or indirectly with other schools and I guess that the main concern of folks here is within the school context (either as an admin or student). I suspect that businesses also may want to block access to certain categories of sites so I just wonder how they would get into the "blacklist" circulation list. Are there any admins here from any businesses who could share their experiences of website blocking?