Kaseya Community

Blocking websites

  • Hellos.

    We have a client requesting that we block certain sites (i.e. Facebook, MySpace, YouTube, etc.) on office computers. It has been discussed of proxy implementation, local software on systems for web filtering, etc. but they are happy with what we are doing with the managed services agent and are pushing us to see if we can do something via it.

    We have thought of writing a localhost DNS file that we will drop locally but are trying to see if any other thoughts.

    Thanks.

    Legacy Forum Name: Blocking websites,
    Legacy Posted By Username: CRamos
  • CRamos
    Hellos.

    We have a client requesting that we block certain sites (i.e. Facebook, MySpace, YouTube, etc.) on office computers. It has been discussed of proxy implementation, local software on systems for web filtering, etc. but they are happy with what we are doing with the managed services agent and are pushing us to see if we can do something via it.

    We have thought of writing a localhost DNS file that we will drop locally but are trying to see if any other thoughts.

    Thanks.


    If they dont have content filtering, you could block them via host file... simple but not so elegant solution.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: thirteentwenty
  • We use OpenDNS for this - it's a free solution ... as longas they have a static ip it works great! Set all their DNS to do lookups via OpenDNS, register the network to an account, and then block away!

    Legacy Forum Name: How-To,
    Legacy Posted By Username: TBK Consulting
  • hosts file editing would be a nightmare. There are multiple ip addresses for those types of web sites, and they can change with some regularity.

    Perhaps check out a proxy or pop an untangle box in there?

    Legacy Forum Name: How-To,
    Legacy Posted By Username: sohointegration
  • we use opendns as well..works great.. also blocks malware/spyware!

    Legacy Forum Name: How-To,
    Legacy Posted By Username: ahana@axcelltech.com
  • sohointegration
    hosts file editing would be a nightmare. There are multiple ip addresses for those types of web sites, and they can change with some regularity.



    Perhaps check out a proxy or pop an untangle box in there?




    Hosts files editing is really not a nightmare if done the right way, I use this method and all I have to do to make a change it edit one TEXT file...



    Please see script and details below...



    Script Name: Block Social Networking Sites

    Script Description: Block known social networking sites.



    Bebo, Facebook, Faceparty, Friendster and MySpace.



    IF Test File

    Parameter 1 : %windir%\system32\drivers\etc\hosts

    Not Contains :FWCS - Social Networking Blocklist

    THEN

    Execute Shell Command

    Parameter 1 : copy %windir%\system32\drivers\etc\hosts %windir%\system32\drivers\etc\hosts.bak1

    Parameter 2 : 1

    OS Type : 0

    Get File

    Parameter 1 : %windir%\system32\drivers\etc\hosts.bak1

    Parameter 2 : ..\Docs\Hosts\Backup.txt

    Parameter 3 : 1

    OS Type : 0

    Execute Shell Command

    Parameter 1 : attrib -r %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 0

    Write File

    Parameter 1 : #vAgentConfiguration.AgentTempDir#\Block-Social-Networking-Sites.txt

    Parameter 2 : VSASharedFiles\Host Files\Block-Social-Networking-Sites.txt

    OS Type : 0

    Execute Shell Command

    Parameter 1 : type "#vAgentConfiguration.AgentTempDir#\Block-Social-Networking-Sites.txt" >>>> %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 0

    Execute Shell Command

    Parameter 1 : attrib +r %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 0

    Get File

    Parameter 1 : %windir%\system32\drivers\etc\hosts

    Parameter 2 : ..\Docs\Hosts\Current.txt

    Parameter 3 : 1

    OS Type : 0

    ELSE







    This downloads "Block-Social-Networking-Sites.txt" which is stored on the KServer (contents detailed below), then amends the HOSTS file with the content of my text file...





    # ================================================== #

    # (START) FWCS - Social Networking Blocklist (START) #

    # ================================================== #

    0.0.0.0 bebo.com

    0.0.0.0 bebo.co.uk

    0.0.0.0 www.bebo.com

    0.0.0.0 www.bebo.co.uk

    0.0.0.0 facebook.com

    0.0.0.0 facebook.co.uk

    0.0.0.0 www.facebook.com

    0.0.0.0 www.facebook.co.uk

    0.0.0.0 friendster.com

    0.0.0.0 friendster.co.uk

    0.0.0.0 www.friendster.com

    0.0.0.0 www.friendster.co.uk

    0.0.0.0 myspace.com

    0.0.0.0 myspace.co.uk

    0.0.0.0 www.myspace.com

    0.0.0.0 www.myspace.co.uk

    0.0.0.0 faceparty.co.uk

    0.0.0.0 faceparty.com

    0.0.0.0 www.faceparty.co.uk

    0.0.0.0 www.faceparty.com

    # ================================================== #

    # (END) FWCS - Social Networking Blocklist (END) #

    # ================================================== #





    Then there is no need to worry about the IPs changing etc, the other thing in my script which is worth noting it is automatically downloads the previous hosts file to "../Docs/Hosts/Hosts.txt" using versions so if you re-run the script it will rename the old one "Hosts.txt.bak" then upload the new file.



    The only thing I would note is that I didn't want our hosts files becoming so big as we simply kept amending items so it will only add the above if it does not detect "Social Networking Blocklist" in the current hosts file.



    So say a machine has already had this run, you then add a new entry and run it again the new entry won't get added, the solution is to run a reset script followed by any block scripts, to which end I have already posted my reset hosts file script at the bottom of this thread...



    [HTML]http://community.kaseya.com/xsp/f/28/t/6561.aspx[/HTML]



    The attached zip file on the above thread includes the reset hosts script and the original hosts files from each version of windows ensuring a machine gets reset with the correct standard file.



    We use this along side Kaseya's included Black Known IE Exploit Sites Script which just in case you don't have it is included below...



    Script Name: Block Known IE Exploit Sites

    Script Description: Blocks IE 0 day exploit sites as per http://isc.sans.org/diary.html?n&storyid=6739 The registry is backed up to hosts.bakv1 once the script is executed. This augments the hosts file and does not overwrite it. Benjamin Lavalley, Sr. Sales Engineer, Kaseya benjamin.lavalley@kaseya.com



    IF Test File

    Parameter 1 : %windir%\system32\drivers\etc\hosts

    Not Contains :Kaseya Blocklist, Known IE Exploits

    THEN

    Execute Shell Command

    Parameter 1 : copy %windir%\system32\drivers\etc\hosts %windir%\system32\drivers\etc\hosts.bakv1

    Parameter 2 : 1

    OS Type : 13

    Get File

    Parameter 1 : %windir%\system32\drivers\etc\hosts.bakv1

    Parameter 2 : ..\Docs\Hosts\Backup.txt

    Parameter 3 : 3

    OS Type : 13

    Execute Shell Command

    Parameter 1 : attrib -r %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 13

    Get URL

    Parameter 1 : http://files.kaseya.com/sftp/ie0day.txt

    Parameter 2 : #vAgentConfiguration.AgentTempDir#\ie0day.txt

    Parameter 3 : 3

    OS Type : 13

    Execute Shell Command

    Parameter 1 : echo. >>>> %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 13

    Execute Shell Command

    Parameter 1 : echo. >>>> %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 13

    Execute Shell Command

    Parameter 1 : echo.## ================================================== ##>>>> %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 13

    Execute Shell Command

    Parameter 1 : echo.## (START) Kaseya Blocklist, Known IE Exploits (START) >>>> %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 13

    Execute Shell Command

    Parameter 1 : echo.## ================================================== ##>>>> %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 13

    Execute Shell Command

    Parameter 1 : type "#vAgentConfiguration.AgentTempDir#\ie0day.txt" >>>> %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 13

    Execute Shell Command

    Parameter 1 : echo. >>>> %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 13

    Execute Shell Command

    Parameter 1 : echo.## ================================================== ##>>>> %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 13

    Execute Shell Command

    Parameter 1 : echo.## (END) Kaseya Blocklist, Known IE Exploits (END) >>>> %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 13

    Execute Shell Command

    Parameter 1 : echo.## ================================================== ##>>>> %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 13

    Execute Shell Command

    Parameter 1 : attrib +r %windir%\system32\drivers\etc\hosts

    Parameter 2 : 1

    OS Type : 13

    Get File

    Parameter 1 : %windir%\system32\drivers\etc\hosts

    Parameter 2 : ..\Docs\Hosts\Current.txt

    Parameter 3 : 0

    OS Type : 13

    ELSE

    Write Script Log Entry

    Parameter 1 : IE 0 day sites should already be blocked.

    OS Type : 0





    Legacy Forum Name: How-To,
    Legacy Posted By Username: stu_u2k
  • Glad to see you guys getting some real-world mileage out of those website blocking scripts Smile

    Legacy Forum Name: How-To,
    Legacy Posted By Username: Benjamin.Lavalley@kaseya.com
  • Benjamin.Lavalley@kaseya.com
    Glad to see you guys getting some real-world mileage out of those website blocking scripts Smile


    Yes we are however it would be really nice if you could include a Header & Footer section in your text file so it is really easy to see what entries have been added by what as some of our hosts files are getting quite long now.

    I.E.

    # ======================================================== #
    # (START) Kaseya - Known IE Exploit Site Blocklist (START) #
    # ======================================================== #


    Legacy Forum Name: How-To,
    Legacy Posted By Username: stu_u2k
  • If they have a DNS server on site, consider creating a stub DNS zone for the site(s) you want to block, and/or set up forwarding for the site(s) so they forward to something (or nothing) so the DNS request never resolves.

    Managing hosts files may be a nightmare, and many AV solutions will monitor the system for changes to to the hosts file and prevent such changes...

    Legacy Forum Name: How-To,
    Legacy Posted By Username: Lmhansen
  • Lmhansen
    If they have a DNS server on site, consider creating a stub DNS zone for the site(s) you want to block, and/or set up forwarding for the site(s) so they forward to something (or nothing) so the DNS request never resolves.

    Managing hosts files may be a nightmare, and many AV solutions will monitor the system for changes to to the hosts file and prevent such changes...


    There is an interesting idea, never thought about doing it that way with a Sub Zone.

    As for AVs, yes this is something I was aware or, some anti-spyware utilities also watch it, fortunately in our case we are ok (we use Trend mostly).

    Legacy Forum Name: How-To,
    Legacy Posted By Username: stu_u2k
  • [QUOTE=stu_u2k;59127]There is an interesting idea, never thought about doing it that way with a Sub Zone.

    As for AVs, yes this is something I was aware or, some anti-spyware utilities also watch it, fortunately in our case we are ok (we use Trend mostly).[/QUOTE]

    The behavior monitoring component of TM may interfere, if enabled. The "host file monitoring" is enabled by default once behavior monitoring is enabled.

    Legacy Forum Name: How-To,
    Legacy Posted By Username: Lmhansen