School Filter

[stingwray]

A lot of blacklists are provided by companies which charge you for access to them so they usually have people that spend all day looking at websites and catagorising them into different lists so people have the option of implementing them.

There are some non-commercial ones out there but they are generally not a lot of good. It might be fine for small user group environments but with large numbers of users then too many people will be access websites they should be.

[manuel]

A lot of blacklists are provided by companies which charge you for access to them so they usually have people that spend all day looking at websites and catagorising them into different lists so people have the option of implementing them.

There are some non-commercial ones out there but they are generally not a lot of good. It might be fine for small user group environments but with large numbers of users then too many people will be access websites they should be.

I second this comment. almost all filtering companies have their own set of lists with their technology. But there are free resources available too. for a while we were using squidguard, which has an open source solution free of charge with lists and and categories, and that community works on theses lists just as hard. in fact for a good while before there was a law that said we had to filter, we were using it. The only problem was it didn't give us the room to grow like we needed, but it worked for us for a while and works for some schools and business just fine.

I am also one of the towns few "techies" that works on other people's computers as well includnig some local businesses. I always suggest these free tools and personnaly keep in close contact with many people this way. Plus if you can't tell already, I love to talk -- a great way to learn other's concerns and issues. This helps me keep my knowledge up-to-date and allows me to think not only for schools, but also for other situations.

So while I don't always talk about filtering lists with most people, if this issue comes up, i share as much as I can where I can. For me its a matter of educating more and more people on what options are out there.

imasoldier: Thanks for the list but over the course of time every single one of those sites is in my deny list. So for me its out of date. Actually Digg and sites like this have helped me find a few of these before our students were able to. A lot of kids eventually would complain about this site or that site or whatever being blocked already. When I hear that it just confirms to me that I am doing my job by trying to keep 1 step ahead of the game. This is not always true, but because I am very active with many sites I see the issues well before someone like my supervisor ever would. A lot of it helps that I am not really that far from most of these kids in age and at least for a few more years I still like most of what is out there.

The other thing that our filter does is allows us to block by keyword, so the word proxy gets flagged and gets sent to a special list that then determines if its an article about proxies or an actual site -- basically it looks for the words. But many words, like the urls, are added already by the vendors and organized into lists which are encrypted and made not readable to annyone but them.

Some companies use products like byteshifter before and after encryption (one vendor mentioned something of this nature to me and this is what I made sense of their process). This effectively makes it hard for anyone to easily read the lists without going through their procedures which really is probably more complicated than that.

-Manuel

[barrytone]

This isn't something that would work in a high school, but it could work in some businesses and primary (junior) schools.

Rather than blacklisting websites, white-list them.

Some primary schools I work in literally have a list on a wall display of websites that the kids are allowed to use. Usually around 30 or so. Compared to the billions of websites that the kids shouldn't access, it's a lot easier to start off denying all access and to then make exceptions as they come up.

I've seen this setup used in a LearnDirect centre I did some ghosting for. The gateway is set to allow access to learndirect.co.uk only

So, if your employees only need a access a few websites and nothing more, just use the pessemistic approach :P

[Sparda]

Kind of makes it hard when you want to know some thing and wikipedia doesn't know. White listing prety much cripples google.

[PoyBoy]

At my school, they take away your computer privaledges for the rest of the year. They cite this as "security avoidance."

[Masterpyro]

http://www.slashwebfilters.com or http://www.slash-web-filters.com

may not work all the time but i update frequently

[cmp79]

I worked for an ISP that offered an filter system and did some side work for schools that used them. Some of our customers did report some school students finding a way around it. What the students did was goto http://babelfish.altavista.com/ and do a website translation for http://whatpagetheywanted.com they set it up to translate from German to English thus not performing any translation. Most filtering software does not have these translation sites blocked be default. Once the school admins found out they called us and we set that up to be blocked. It will get you access until you get caught doing it. As it has be stated before just wait to you get home to surf because you will get caught someone will see you on a site that you should not be you will end up telling the the work around so they do not report you. Soon a dozen or so students will be on myspace.com and the staff will be aware. They will want to know how the students that they know are not smart enough to figure a work around like that out and they will pressure them into telling them who told them how to do it. It will get back to you and they will use your punishment as an example to the rest of the school.

[barrytone]

I worked for an ISP that offered an filter system and did some side work for schools that used them. Some of our customers did report some school students finding a way around it. What the students did was goto http://babelfish.altavista.com/ and do a website translation for http://whatpagetheywanted.com they set it up to translate from German to English thus not performing any translation. Most filtering software does not have these translation sites blocked be default. Once the school admins found out they called us and we set that up to be blocked. It will get you access until you get caught doing it. As it has be stated before just wait to you get home to surf because you will get caught someone will see you on a site that you should not be you will end up telling the the work around so they do not report you. Soon a dozen or so students will be on myspace.com and the staff will be aware. They will want to know how the students that they know are not smart enough to figure a work around like that out and they will pressure them into telling them who told them how to do it. It will get back to you and they will use your punishment as an example to the rest of the school.

Translation websites were always a common way for people to get round things at my old highschool. I make sure they're blocked at the schools I administer :)

[hillmiester]

I use my own proxy (http://joehill.co.uk/proxy). Soon will be using a nix box at home using SSL, having VNC and CGIProxy installed to access Messenger, Web sites and general stuff I would do at home. I cannot get much work done while at college. But I have to turn up for attendance thats why. The college Im at just diteched their ISA server and just brought a new firewall and blocked every port except 80 and 443.

[T8y8]

I have my own proxy, sadly it's spread across the school, so I'm thinking of changing it.

If they block the new proxy, they'll be blocking a teachers website that I run.

I win!

On another note, my school recently blocked YouTube

They also blocked Google's Translation feature, so you can't use that loophole

[NZ Guy :D]

well i didnt really care about the blocking but i wanted to see if i could write some php to get around it.

Our school has blacklisted pages address and word filters, very secure :D, it acctually filters the words for black listed words like porn hack etc.

i wrote a php script which i hosted on my own website which simply rebuilt the remote page in my webserver, it replaced all the links with a base64 encode which could be decoded by the script later which prevented the url filtration and to get around the word filter i replace every vowel with the ascii equivilent rendering it useless.

try that method :D and if u fail at least u learnt php

[mazmac24]

I use my own proxy (http://joehill.co.uk/proxy). Soon will be using a nix box at home using SSL, having VNC and CGIProxy installed to access Messenger, Web sites and general stuff I would do at home. I cannot get much work done while at college. But I have to turn up for attendance thats why. The college Im at just diteched their ISA server and just brought a new firewall and blocked every port except 80 and 443.

Thanks dude. Your rock. This is the only proxy thats works.

[Famicoman]

best proxy ever:

http://www.allaboutabe.com

Click the black and white picture to the left.

[l0gic]

I've been developing a PHP alternative to CGIProxy for some time, available here: http://l0gic.net/phpRelay

It's not entirely bug-free (what webproxy is?), but everyone is welcome to use it freely. Please read the comments in the source, and let me know of any bugs you discover.

[T8y8]

I also recently found out my school filters the word pr0n but not porn.

[AK_Matt_B]

The easy answer is to use a proxy, although finding one which isn't blocked in the first place is hard. You can use some very well known websites as proxies because of some of the features that they have but it is fairly hit'n'miss.

I would recommend setting your own proxy up at home. All you have to have is a webserver and php installed and you can run PHProxy which is great. As long as your school doesn't scan every page for black listed words you should be fine.

As for the ethics for bypassing a school filter, i think it is acceptable to do so, as long as you cause no damage to school computers or systems and are responsible with you use of it. (i.e. if you school is stopping you from playing games on the net by blocking them and you want to do that, then wait to get home. However if the block is blocking legitamate sites that you need access to then it is fine). Also you should bypass the filter if you have signed anything that basically says you won't do anything, some schools have "policies" which you have to sign before you get access to the internet which may contain restrictive clauses, its always worth checking them out.

Lets say i set up a proxy at home.. and i was able to change the proxy setting on a school computer. Would they still be able to block traffic through the used ports?

Would it be possible to some how encrypt or bypass the traffic sniffer/blockers that the schools have in place?

[Shaun]

The suggestion was to use a web proxy I think, which means you wouldln't need to change the school proxy settings, you would just have to go to the address of the proxy in your browser. If you use TLS and they haven't got it set up to do a sort of man-in-the-middle attack which provides theirs own certificate instead of your own with the browser set up to accept the school certificate without complaining then they can't sniff the traffic. You can easily find out if that is the case by writing down your cert fingerprint(s) and then checking if they are the same when you access your proxy from school.

[stingwray]

Lets say i set up a proxy at home.. and i was able to change the proxy setting on a school computer. Would they still be able to block traffic through the used ports?

Would it be possible to some how encrypt or bypass the traffic sniffer/blockers that the schools have in place?

My suggestion was for a web proxy because they are a lot easier to setup and most likely you won't be able to change the proxy at your school in IE if they are using Active Directory, that would mean that you would have to use something like portaFirefox which may not be possible either.

The easiest way to encypt the data would be with using a https connection with SSL which is very easy to set up and is the defactor way of encypting http internet traffic.

However this method is flawed and I have heard of companies installing SSL certificates on all of there computers and on the proxy and only allowing those to be used within the coporate network, then the proxy uses the SSL cert that you provide from your server.

It is unlikely that they would have this in place though, but you have to consider, if you are having to encrypt the traffic that you are generating should you be doing whatever you are doing from a public computer?

[Atain]

do eny of u live in ontario durham region and would now if the computers there run on a black list program

[Sparda]

What the hell is a blacklist program?

[stingwray]

do eny of u live in ontario durham region and would now if the computers there run on a black list program

Firstly, your post doesn't make much sense, it makes answering your question a lot easier if you can construct a sentence.

No I don't live in the onario durham region, and not all the computer will be connecting to proxies that filter the internet. Most likely all schools and business as well as people who have large networks run proxies. Its up to them or the government whether they run a proxies and filter the web.

By black list program I think you mean a Proxy that actively filters the requests it recieves for websites against a known list of unsuitable websites. Its not a program as such the black list. The proxy is however.

[ZeR0BuG]

At school the Science Academy kids created a proxy to bypass the filter (they had a legitimate reason) which remained unblocked until every one in the school started using it...... I think that bypassing the filter at school is probably the dumbest thing you could do on a school computer (at least at my school) They monitor the hell out of you... Plus we dont even have desktop computers where we can remain anonymous... We use thin clients so every thing can be traced back to us because of our remote desktop accounts.. Plus our filter is smart so 99% of proxies are blocked.

[stingwray]

They monitor the hell out of you... Plus we dont even have desktop computers where we can remain anonymous... We use thin clients so every thing can be traced back to us because of our remote desktop accounts.

You obviously don't have much knowledge of active directory and running a network. Desktop are no safer than Thin Clients.

[ZeR0BuG]

What i meant was... u cant run any thing on the the thin clients.. so u really cant run any tools to anonymize you.... on a PC u prolly could..

[stingwray]

Thin client systems allow you to remotly connect to a server which then acts like a workstation for you. You can do as much on a thin client system as on a desktop system. It will be the active directory policies that will stop you doing things, not the type of system you are on.