Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Security

A Myspace Lockdown - Is It Possible? 180

Posted by Cliff
from the separate-your-workers-from-distractions dept.
Raxxon asks: "We (my business partner and I) were asked by a local company to help 'tighten up' their security. After looking at a few things we ran some options by the owner and he asked that we attempt to block access to MySpace. He cited reasons of wasted work time as well as some of the nightmare stories about spyware/viruses/etc. Work began and the more I dig into the subject the worse things look. You can block the 19 or 20 Class C Address Blocks that MySpace has, but then you get into problems of sites like "MySpace Bypass" and other such sites that allow you to bypass most of the filtering that's done. Other than becoming rather invasive (like installing Squid with customized screening setups) is there a way to effectively block MySpace from being accessed at a business? What about at home for those who would like to keep their kids off of it? If a dedicated web cache/proxy system is needed how do you prevent things like SSL enabled Proxy sites (denying MySpace but allowing any potentially 'legal' aspects)? In the end is it worth it compared to just adopting an Acceptable Use Policy that states that going to MySpace can lead to eventual dismissal from your job?"
This discussion has been archived. No new comments can be posted.

A Myspace Lockdown - Is It Possible?

Comments Filter:
  • by dada21 (163177) * <adam.dada@gmail.com> on Wednesday February 28, 2007 @10:45AM (#18181660) Homepage Journal
    I have customers who have asked us to do this, and we usually work to talk them out of it. As an employer myself, I have no problem with my employees "wasting time" on occasion, as long as their work is getting finished on time, and they're meeting their deadlines. Work takes more of our time than ever, so there is no reason why people can't take a recess for 5 minutes out of the hour to do personal things.

    Nonetheless, the best solution that I came up with (I don't think I "invented" this, but I did come up with it after many days of contemplating) was to have a revolving DNS change for those 20 MySpace Class C addresses. We made it intermittent enough that the employees "thought" it was MySpace downtime, and eventually usage dropped significantly. Every 5-10 minutes a CRON job would add its own random address for one of the MySpace addresses, then 5 minutes later it cleared that and then did it to another address.

    The only guy that I am aware of that noticed it is the guy who ran his own DNS on his workstation, but he was geeky enough to probably realize that it wasn't MySpace that wasn't resolving.

    I still think that it is wiser to discuss WHY employees might be needing some downtime versus locking them out of applications. Happy employees are efficient, productive and fun to work with. I would never block my employees access to any sites (then again, I would never drug test, delve into their private lives, run a credit report, or any of the usual steps employers take).
    • by montyzooooma (853414) on Wednesday February 28, 2007 @10:53AM (#18181764)
      I did something similar to this except I blocked all access to the internet and told everyone that a Myspace virus had crashed the server. Then I spent the afternoon sobbing in my office to make them feel really guilty.
      • I can't afford to spend a afternoon sobbbing, so I solved this differently. Everyone wears a mandatory collar with half a kg of semtex with the detonator linked wirelessly with our DNS server. Each time someone tries to look up an URL containing the word Myspace, a random collar gets detonated. The thread of having to clean the blood from the floor, walls, ceiling and anything else in the office is a real good deterent.
        • "I can't afford to spend a afternoon sobbbing, so I solved this differently."

          Oh, I should have explained - I'm management so an afternoon sobbing actually raises my productivity.

    • I make no personal statement about what people should or should not be able to access from work. From a professional POV, if the customer asks for it I discuss the pro's and con's of filtering vs. log auditing (the vast majority of actual employees i spoke to prefer filtering - they feel auditing is too invasive), and usually the customer goes for filtering. It is important to point out that there is no fool-proof solution, and filtering has significant limitations. Having said that, if your customers insists on going the filtering route, try Surfcontrol or Websense.
    • by jhfry (829244) on Wednesday February 28, 2007 @10:58AM (#18181838)
      Any chance your looking for an IT Manager.

      Seriously, I have left so many jobs simply because I wasn't happy being treated like a child. Give me a job and I do it, to the best of my ability... don't concern yourself with what I do when I'm not working, and certainly don't tell me that I am expected to spend every minute during business hours working.
      • by melikamp (631205) on Wednesday February 28, 2007 @11:17AM (#18182138) Homepage Journal

        Bill Hicks put it best:

        -Why aren't you working?
        -'Cuz there's nothing to do.
        -Why won't you pretend to be working then?
        -Why won't YOU pretend that I am working? You are paid more than me, you fantasize.

        • by jhfry (829244) on Wednesday February 28, 2007 @11:40AM (#18182410)
          This is exactly the reason I started smoking.

          I was in the US Air Force at the time... and sitting idle in our office was a sure way to be given some mundane task to perform... so one had to look busy, or be outside having a smoke break.

          In my office, the average smoke break was somewhere near 1 hour as our job was hurry up and wait. (ground computer maintenance for an aircraft based radar platform called AWACS). We could see the planes land, and the crew head in for debrief, from the "smoke pit"... so we were always there when real work needed doing.
          • by Tango42 (662363)
            You could probably sue the USAF for any smoking related illnesses you get. ;)
          • I can vouch for that, I know a good amount of Marines that started smoking (and chewing) just because it was something to do when all the hurry up and wait is going on.
      • It comes under the heading of, the reason the rules treat you like a child is because there are idiots who insist on acting like them.
    • Amen to your policy. I started out in print design, and got my current skills ((X)HTML, CSS, Javascript, PHP, MySQL, etc...) entirely through online tutorials and documentation. I write copy with the help of Reference.com, stop first at Wikipedia to learn the outline of any unfamiliar technology, and of course, keep up with tech news here. None of these sites were work-related when I worked in print, but they enabled me to move to web development.

      And MySpace? I use it to keep up with old college friends.

    • by KingSkippus (799657) * on Wednesday February 28, 2007 @11:31AM (#18182304) Homepage Journal

      I have customers who have asked us to do this, and we usually work to talk them out of it.

      I have no mod points, but I'm modding you up in spirit.

      <soapbox>

      I absolutely cannot stand it when employers filter content. The thing is, even if people are wasting too much time at work browsing MySpace (or the Internet in general), that is a management problem, not a technical one. If you take away their MySpace or whatever it is they're browsing, they're just going to move on and browse some other site. If you put a whitelist in place, they'll just find some other way to goof off. The problem isn't that the Internet is distracting, it's that the employee is easily distracted.

      I work at a big company as a contractor. It just recently blocked access to the big Internet e-mail services (Gmail, Yahoo Mail, etc.) because it didn't like employees wasting time with their personal e-mail at work. Of course, being a contractor, it doesn't take into account that I use my personal e-mail to communicate with my contract agency about stuff that I'd rather not have stored on company e-mail servers. It's easy to say, "Well, you shouldn't use company resources for that type of stuff," but practically speaking, my ability to communicate effectively with my contract agency is essential to me doing a good job for them. It also totally ignores the fact that I keep personal stuff like vacations and such on my personal Gmail calendar to know when I should ask for time off, when my coworker's birthday is, and so on.

      The company spends a fortune on content filtering. There's the hardware itself, the update service, the support contract, the personnel cost for the guy who maintains it, the internal support costs of handling trouble tickets related to it, the cost of Internet downtime due to it periodically failing, the cost of packaging the software end of it and deploying it to the workstations (so that you can't browse them at home on your laptop, of course!), and so on ad nauseum. Just as one example, some of our customers are casinos. So we can't just put a rule in that says, "block gambling sites," because our marketing and sales folks have to be able to access their sites. No, we have to have rules that say things like, "This group can access these sites, that group can access those sites, everyone else can't access any of the sites, ..."

      Even in the extreme case of porn sites, the answer to controlling it is to make a company policy prohibiting browsing them, and if you catch someone doing it, fire them for it. If you try to block them all, you're just setting yourself up for someone saying something like, "Well, it wasn't blocked, so I thought it was okay to go there!" I've found that if you treat people like 12-year-olds, they tend to not disappoint you. When policies like this go into place, you're also going to have the contingent of people who deliberately goof off more as a form of passive-aggressive rebellion. It's just stupid, you're only causing more problems, and there's no need.

      I know that some of you will probably reply, "But you have to filter content to avoid sexual harassment lawsuits!" No, you don't. As long as you make a company policy about it and you take the appropriate action when someone breaks that policy, you'll win any lawsuit that someone may file. The law does not require you to spend a fortune to be a babysitter, it only requires that you take reasonable action to prevent a hostile work environment. The reason we have content filtering in the first place is because managers, in general, are lazy and don't want to do it themselves. The people who would sue you for not content filtering will sue you anyway. The only important thing is whether or not you'll win. Besides, at my company, the cost of defending itself against such frivolous lawsuits is negligible compared to the cost of maintaining our content filtering services.

      Content filtering is no substitute f

      • We filter heavily. Not any technical sites, but games, shopping, many message boards, and sex of course. Some blocked sites can be accessed using 1/2 hour discretionary time. Not the sex sites of course, but shopping and such-like. This is mandated statewide, and not up to the individual IT departments.

        I work for Child, Youth and Family Development. We oversee the foster programs, youth activities, and detention centers. Even with all the filtering, we are investigating several net abuse cases per week. We
        • by j-turkey (187775)

          What do you all think? If you had a chance to vote on a ballot initiative (assuming your state is not one of those still stuck in the stone age and actually has ballot initiatives) mandating filtering for all state employees in your state, would you vote for or against?

          This isn't meant as a cut into you, more the way that government works (and why working for a government would drive me absolutely insane). The way that you bring this up reeks of bureaucratic mentality in every way. Given what your IT

          • by spun (1352)
            Our team hasn't put any money or time into this. It is a statewide initiative mandated by the governor. And it isn't just about wasting time. If someone is watching porn and wanking off at work and a client with kids walks in, we're talking HUGE lawsuit. Heck, even if an opposite sex coworker walks in, the state is in for a lawsuit. For that matter, all it takes is a careless click on a goatse link at the wrong time and the state is facing a lawsuit. Then there is the malware issue. And the bandwidth, we're
        • by TheCarp (96830) *
          Against. Hands down. Not even a question.

          All the same issues that the parent that you replied to brought up still apply. A workplace is a workplace. Sometimes there is downtime on the job, sometimes you just need a break, some people just slack. Lots of things. Some of it will always go on, but if its really going on at such a rate that its actually causing a problem, then its a problem.

          The question I have is, whats the real problem and whats the symptom. People have been finding ways to slack since people
      • I have no modpoints either, but damn I wish I did. Truly insightful. Why are we always looking for a technical solution for a "people problem". Which is more effective:

        1. Filters, blocking, etc, with services, or people, or other things that take time and money...
        or
        2. Have a clear policy on acceptable use, fire the first person that breaks it...

        Maybe its just me, but I think news of number 2 happening would spread much faster and effectively through the organization, and employees would remember it much
    • by ad0gg (594412) on Wednesday February 28, 2007 @01:32PM (#18184000)
      Working for a .com, my company had a problem with people always checking fuckedcompany to see if we were on it, so the CTO resolved fuckedcompany.com to 127.0.0.1.
      • >resolved fuckedcompany.com to 127.0.0.1.

        So, he admitted this was a fuckedcompany then? That's the first step to fixing the problem =-)
    • Good luck trying to block it. I work in several K-12 schools. Access to myspace is a big problem, not because students waste time, but because of some of the content and the possibility they can use myspace to bully/threaten each other.
      If you block myspace.com, be prepared to block every single anonymous proxy out there, new ones pop up every day, it's pretty much a never-ending battle. Commercial content filters help, but still can't keep up.
      You're probably much better off with the embarrassment system
    • At my work, we have domain-name filtering, which means any domain with NSFW text in it, is blocked.
      This includes all domains which ARE actually work-related but happen to have some word in it that is blocked.

      Basically, I can't use the internet for any ASSistance.

      Ironically, any porn site which doesn't have these words in the domain, is perfectly accessible.
  • ...block the service. If you filter out any Javascript from websites (except perhaps those on a whitelist) you'll be able to keep nearly all the malware off your systems - with the bonus of killing a lot of the enjoyment on those productiveness-destroying websites.
    • by greg1104 (461138)
      If you spend any length of time surfing with a Javascript blocking tool (I use NoScript with Firefox), you'll discover that enormous number of web sites are completely disfunctional without Javascript nowadays. I find myself needing to toggle it back on for sites every day, usually for menu navigation options. Today, for example, it was something on the Asus web site that didn't work; yesterday it was a tech review site. The idea that only "productiveness-destroying" sites use Javascript is naive.
      • by walt-sjc (145127)
        I also use NoScript, and yes, javascript is becoming more and more "required" for advanced sites. There is a difference however in "valid" versus "gratuitous" use of Javascript... Some sites require javascript in order for you to see parts of the page that should be plain simple HTML, or CSS, or trying to push server-side functions to the client (breadcrumbs for example.) On the other hand, there are sites like maps.google.com that would totally suck without javascript because they really need client-side s
  • You know, there are companies out there that specialize in network-level content filtering. Porn filtering mostly, but they generally have a filtering set for workplace issues available as well. If you can't talk the guy out of it, consider buying a product that's actually designed to do the job.
    • Re: (Score:2, Informative)

      by alanshot (541117)
      yup. Sonicwall with thier CFS (content filter system). works like a dream.

      Until somebody there goofs and flags the map image server for mapquest as porn (we are fighting that one now)

      Luckilly they do have a user submission system to reclassify those goofs.
  • by 0xdeadbeef (28836) on Wednesday February 28, 2007 @10:58AM (#18181848) Homepage Journal
    is there a way to effectively block MySpace from being accessed at a business?

    Stop hiring teenagers?
    • Funny, but illegal :P
      • Re: (Score:3, Insightful)

        by dgatwood (11270)

        Not illegal at all.

        Wanted: Senior widget designer. Minimum five years experience.

        Wanted: Administrative assistant. Must be responsible, hard-working individual.

        And so on. Yeah, technically you can't explicitly exclude teenagers, but you can set job requirements that effectively do so. :-)

  • by VitrosChemistryAnaly (616952) on Wednesday February 28, 2007 @10:59AM (#18181874) Journal
    I worked at a place (~200 employees) that had a really crappy policy.

    There were about 20 people in management type positions that had absolutely no blocks set on the websites that they could visit.

    The rest of the employees had a whitelist of work related websites that they could access. Everything else was strictly verboten. No checking personal email, no checking the weather or news.

    To me it seemed somewhat Draconian, but that was the policy in place.

    God I'm glad I left that job.
    • The only time I implemented that draconian a policy it was for the gateway from an R&D lab to the outside world.
      I allowed access to equipment vendor sites (tek.com for example) and that was it. If you needed anything else go do it in your office, not my lab. To lock down a general office environment that much is going too far IMHO.
      We use an automated log auditing tool. Even one or two porn hits won't cause issues (it happens by accident sometimes).

      I clicked a link in google once (before firefox and d
    • Punishments are Draconian, not rules. Draconian would be cutting off your fingers for violating the policy.
      • Says who? from mirriam webster

        1 : of, relating to, or characteristic of Draco or the severe code of laws held to have been framed by him
        2 : CRUEL; also : SEVERE (draconian littering fines)

        It says the code of laws, not the punishment for violating the laws. Seems like a strange distinction anyway. You don't think strict rules are characteristic of Draco?
      • by Aladrin (926209) on Wednesday February 28, 2007 @11:48AM (#18182528)
        American Heritage Dictionary - Cite This Source
        draconian (dr-k'n-n, dr-) Pronunciation Key
        adj. Exceedingly harsh; very severe: a draconian legal code; draconian budget cuts.

        Words evolve. Deal with it.
    • Re: (Score:2, Informative)

      by Anonymous Coward
      A friend of mine worked for the Gordon Flesch Company (~800 people) in Madison, WI. They had a filtering system in place, but it was pretty lax. They had a strict policy, but it had never been enforced. She was a WOW player, and would occasionally check the forums and game sites. Her work was top notch, her co-workers liked her, and her customers we always pleased with her performance.

      One day she was called into her manager's office and fired due to her web usage. No warning, no verbal/written reprimand, ju
    • by interiot (50685)

      So if employees needed to download an OSS utility, or look up some technical assistance on usenet/forums, as part of their job, they basically had to drive home or borrow their boss's computer to get that information?

      It seems like the company was classifying the internet as wholly negative, that random unknown parts of the internet never contain things that might be important to getting one's job done? Certainly the Internet has more distractions than help, but there's been enough times in the past year

      • by Feanturi (99866)
        I've got a similar environment where I work. But I happen to be posting to Slashdot from there right now, so it's not all that bad. Most forums are blocked however, which is maddening when a google search for a tech problem turns up very promising looking hits that are all in blocked forums. Quite a few times I've been stalled trying to find information that I would have ready at my fingertips if I'd been working from home instead.
    • Spend a summer roofing, or working on a factory floor, or hanging drywall. Then come back and tell me how hard it was to not check you personal e-mail at work at you old desk job. Why does it make perfect sense that blue collar workers should have such a clear distinction between personal and work time, but white collar workers should be allowed to hop back and forth? What would you do if your plumber decided to check his personal e-mail while you where paying him?
      • Funny you should compare these. I've spent a few years working with general contractors and if there is one thing they're good at, its not working a full day. Sure you have those dedicated few that still believe in an honest days work equalling an honest days pay but i've had a hard enough time keeping people on site, stopping them from coming in drunk, stoned, missing work all together or complaining it may rain next week.

        Every "vertical" market, whether its labeled blue colar or white has its own moral a
  • Websense (Score:2, Informative)

    by outlaw69 (209617)
    Install websense. Blocks the proxy sites AND Myspace as well as anything else you want.
  • Hosts File (Score:4, Interesting)

    by jconley (28741) on Wednesday February 28, 2007 @11:04AM (#18181936) Homepage
    Assuming it is a windows environment, use policy/login scripts to update the hosts file on the client to map the myspace domains to yahoo, or something else harmless.
  • You're going to spend more time implementing blocks for myspace, not to mention all the other sites you then might think you want to block, than you would spend writing a corporate policy draft outlining acceptable use - plus installing efficient anti-virus and firewall software/hardware at appropriate places in your infrastructure.

    Not to mention you'll come out of it looking less like a triggerhappy censoring dictator of some (not-so-)long-gone communist or fascist state.

    If you have to block, block all and
  • One way (Score:5, Informative)

    by Zonk (troll) (1026140) on Wednesday February 28, 2007 @11:05AM (#18181966)
    Squid+SquidGuard

    I had to do this for a school. Basically, set up Squid to act transparently. Set up an acl like:


    acl myspace dstdomain .myspace.com
    acl work_hours MTWHF 09:00-12:00
    acl work_hours MTWHF 13:00-17:00
    http_access allow myspace !work_hours
    http_access deny myspace


    That would allow access during lunch and before and after work.

    If you want to block against proxies, use SquidGuard plus some blacklists. The ones at urlblacklist [urlblacklist.org] are good, as is the isakurldb [gplindustries.com] list (it's based on dmoz). Another one is the one from shalla.de [shalla.de]. All have social networking categories as well as proxy sites, though shalla's proxy and spyware lists tend to overblock.

    I'd recommend merging urlblacklist's lists with isakurldb, and also shalla (but remove yimg.com from the redirector list manually) for both proxy and social networking. Then use SquidGuard to restrict the access.
  • by Rob T Firefly (844560) on Wednesday February 28, 2007 @11:05AM (#18181970) Homepage Journal

    In the end is it worth it compared to just adopting an Acceptable Use Policy that states that going to MySpace can lead to eventual dismissal from your job?
    In short, no. Technical measures will always be circumventable. If you really want to stop employees using Myspace, you'll have to filter the content via the keyboard/chair interface, as in telling them to stop doing it.
    • by agm (467017) *
      Indeed. There are many technical ways to get around blocks. A client I worked for knew which websites we visited and although it wasn't an issue they were amused how much time was spent bidding on online auctions. The solution? Us NX to connect to my home computer and do remote X through NX to visit whatever site I want. All they see is encrypted traffic on port 22.
    • by StikyPad (445176)
      Why does everyone seem to treat this like a dichotomy? There's no reason they can't combine technical and administrative prohibitions. The technological measures don't have to be perfect; just blocking direct access (and possibly the next most popular method, if one exists) is usually sufficient to achieve the desired effect. You can use greylisting as well, where you audit the 10 or so most visted sites each month which aren't on a whitelist, and then black or whitelist them as appropriate. Once a year
  • Block the Class C (Score:4, Informative)

    by mr100percent (57156) on Wednesday February 28, 2007 @11:08AM (#18182020) Homepage Journal
    So block the class C's. Things like Myspace Bypass are not your problem, the average user probably won't know about that. At a certain point, you'll find a user who will just run an SSH proxy, and is it really worth the hassle for locking out the more advanced users like that?
  • by soliptic (665417) on Wednesday February 28, 2007 @11:13AM (#18182094) Journal
    I remember once being at some old ruined castle with my parents when I was, hmm, perhaps about 10 years old.

    There was a small wooden fence around an area containing the moat and some potential dangerous ruined stonework.

    I said: "what is the point of that fence, it's tiny, I could climb over it easily? it really doesn't do anything to stop me ending up in the moat"

    They said: "well, the thing with fences is that they're not there to stop you getting somewhere. They're there to make you KNOW that you're not supposed to go somewhere. If you just fell into the moat, the castle owners are in trouble. If you climb over a fence and fall in the moat, the castle owners can say, 'well, come on, he climbed over the fence that clearly marked that area off limits. You can hardly blame us, and he can hardly claim he didn't realise he wasn't supposed to be going into that area'."

    Likewise with your problem.

    Yes, technical measures can always be defeated by the determined myspacer, such as via a proxy. However, I would say some technical measures are worth considering hand-in-hand with the AUP, as a sort of 'fence'. If myspace is banned by the AUP, but not blocked, then everyone will go there, and when they do, they can claim they didn't realise it was against the AUP, or they clicked a link which took them to myspace without realising that's where the link led, "honestly"... etc, etc.

    If myspace is blocked, on the other hand, then you force people to "climb over the fence". Yes, they can still get to it via a proxy - but the fact they've gone to it via a proxy means it is explicitly, unarguably obvious that they knew they weren't supposed to be going there, and deliberately went out of their way to get around the rules. This, imho, means you will be able to enforce the AUP more stringently.
    • Re: (Score:2, Informative)

      by BandoMcHando (85123)
      We use a similar sort of philosophy. If the employee goes to a site that the software thinks is dodgy, they will get a page warnming them that we believe it is dodgy, and why, but there is a option to continue onto the page, thereby acknowledging the warning, and choosing to view the content anyway, with such events logged and reviewed by the HR department on a monthly basis.

      (Althogh most restricitions are lifted outside of normal working hours, and at lunchtime.)
  • Install squid. Having a program be invasive for you is no more invasive than trying to do it by hand. I don't see how you could think otherwise.

    Of course, there's the obvious solution of: give up, your goal is technically impossible.
  • Assuming your employees only "need" a finite, relatively small number of web site to do their jobs, why not approach this problem from the other direction and avoid a lot of the hassle.

    Instead of trying to keep up with every potential "myspace bypass" and blocking every site like it, just block all access to the internet by default, and then allow them out into only those few sites they actually need.

    I can't imagine actually working at a company that did this, I treasure my ability to mindlessly surf fr
  • I'd say the best way to take care of the problem would be just to passively monitor their Internet access, and give them *kind* warnings in their email when they go to (insert forbidden site here). Also, you could inject little "Big Brother is watching you" messages at the top of web pages on occasion, just to keep people on their toes
  • Why not just block out the MySpace domains and try to get MySpace Bypass too? If they're sophisticated enough that they resort to doing a lookup for the IPs and things like that, they're probably not the sort of employee who would be using MySpace anyway. Chances are, if they are blogging, it's on their own server anyway.
  • by Anomolous Cowturd (190524) on Wednesday February 28, 2007 @11:37AM (#18182378)
    Sniff passwords for anyone that logs into Myspace then sabotage their accounts. Declare this policy a couple of days before it takes effect.
  • Quick & dirty (Score:3, Informative)

    by oatworm (969674) on Wednesday February 28, 2007 @11:51AM (#18182564) Homepage
    I had an employer ask me to do this for them as well. Since it was a Windows AD environment, I just set the internal DNS server to point myspace.com to 127.0.0.1 and set DHCP to hand out only the internal DNS server, which is what you want in an AD environment anyways. Obviously, it'd be fairly easy to circumvent (manually plug in an ISP's DNS server - problem solved), but it kind of ties into that "fence" idea mentioned in an earlier reply here, in that, for someone to figure out why Myspace wasn't working, they'd need to troubleshoot it, at which point they'd discover where Myspace was pointing and realize, "Hmm, someone probably intentionally did that."

    I will point out that this was for a smallish company (25 people), not a school or anywhere else where the end-user can basically be assumed to be at least somewhat malicious. But, it does get the job done if you're in a hurry.
    • by mcrbids (148650)
      I did something similar - everybody in my house was watching TV/YouTube and weren't doing their homework.

      So I killed youtube.com with a simple DNS entry. If you're worried about "rogue" DNS setups, just block outbound traffic to UDP port 53 from any but the designated DNS server.
  • by slim (1652) <john@hart n u p.net> on Wednesday February 28, 2007 @12:00PM (#18182692) Homepage
    ... better block Slashdot while you're at it.
  • I was asked to do this, too. The network had its own DNS server, so I redirected myspace.com to the company's own intranet website.

    It was a dirty hack, and wouldn't be too hard for a technically-inclined user to work around, but they didn't need an airtight blockage. They just needed the misbehaving employees to know that management saw a problem, that the gentle measures taken before that had not produced the desired corrections, and that much blunter enforcement instruments were available.

    It got the messa
  • Here's a crazy Idea: (Score:3, Informative)

    by Cornflake917 (515940) on Wednesday February 28, 2007 @12:49PM (#18183332) Homepage
    Fire people that aren't doing their job.

  • You don't need to be quite so heavy-handed about it.

    Put Linux, Flash, Java, VLC and assorted codecs on a few machines in the canteen. Make it known that those machines, and no others, are to be used for accessing non-work-related sites. Then have the IT department invoice employees for computer repairs necessitated as a consequence of visiting any NWR sites on their workstations.
  • Why don't you just filter anything that has *myspace* in the URL? I've seen this work before and while it can occasionally cause problems, it generally works.
  • by Dekortage (697532) on Wednesday February 28, 2007 @02:21PM (#18184660) Homepage

    Locks only keep honest people honest.

    If you block MySpace succesfully, the people who visit MySpace during their work time will just find another way to waste time and expose the company's computers to spyware/etc. risks. It's a losing battle. Think of it as DRM for your employee's time.

  • I would recommend against even trying to completely block it for employees. Having a policy to deal with major offenders is better than creating such a restrictive environment.

    Firstly, the virus/adware problem the employer is worried about would be better solved by making sure the machines have up-to-date virus definitions, that the browser is configured properly: disabled Active-X, blocking popups, to not be Internet Explorer... the usual suggestions. Make sure their IT people are keeping the machines in

  • I spent some time trying to effectively block MySpace from our organisation. Firstly, how to detect MySpace being accessed - obviously one blocks 'myspace.com' but then finds that people are still using it. Use SARG to analyse the Squid logs and look in the top sites accessed - you will see google images, YouTube and whatever proxy they are using for MySpace listed in your most accessed sites. One starts banning proxies (tip: try monitoring web accesses for phproxy and you will be amazed at what you find
  • I have a DNS record for the myspace.com, which directs all queries to an internal IP address, which my apache web server answers with an ever rotating, badly written excuse of a massive internal myspace calamity. No one buys it, but no one gets to myspace from my network either. Just have your DNS server answer queries for myspace.com and anything under it as if it has authority to do so, do whatever ya want at that point. Just make sure you force your users to use your DNS server, lest they start using one
  • Validate your client's concerns about viruses, but make sure that your client realizes that an outright block on sites like MySpace is equivilent to treating employees like children. Content blocks also create problems from real work because they end up creating a huge mess of red tape when someone really needs to use a blocked site.
  • Blocking myspace from say, 9:20 on (assuming the office "opens" at nine) and unblocking it in the last hour of the day, so people can check their messages, maybe arrange a date after work, or get a group of coworkers together for drinks? Maybe just leave it open all day on Fridays, because nothing really ever gets done then anyways :) Comprimise, compromise.

Chemist who falls in acid is absorbed in work.

Working...