• Page :
  • 1
  • Text Only
rated:
I am the network administrator for a small non-profit organization. My actual job is the CFO, but because of my limited computer knowledge I do this on the side as well.

All pc's are running XP Home or Pro, through a router and then through a cable modem. We are small enough that we don't have a server.

I would like to set-up either our Lynksys WRT54GS router, or each PC so that Myspace, Facebook and Twitter is blocked. It also would be nice to also block any instant-messenger programs as well.

I am NOT looking for advice on "Fire the person", "Tell them you know they are on these sites", "Disconnect their computer from the internet", etc. I am in need of a way (software or hardware) to just block this stuff from each computer.

I've tried blocking Myspace & Facebook through the router "Website Blocking by URL Address", but this doesn't always work.

I've also considered altering the "Hosts" file on each pc, but then I would need to know all the URL's or IP addresses for these sites (and I've read that the IP's are continually changing).

Does anyone know how to successfully do this? I've spent the entire weekend on Google trying to figure it out, but just can't find a good fix.

I have set a couple PC's to have a static IP address (outside of the range that is automatically assigned) so that these 2 can get to any website that they need (including these I'm trying to block). The other PC's which is the majority (which I need to block these sites from) do not have static ip's and are within the range (0 to 199) of the IP's that will be blocked.

The people that work here wouldn't know about using a "proxy" to get past any blocks that I put in place, so I don't need to worry about that. I'm the only "computer tech" person here (and I'm not that great myself).

Thank you for your help.
-------------

UPDATE:
How can I get to my router configuration page, once I've configured OpenDNS?
http://www.opendns.com/support/article/141

I set-up OpenDNS on my home Netgear router to try it out, but now I can't get back to the router config page!!!!!!!!

It's a Netgear. Usually I can do routerlogin.net or 192.168.1.1 but neither will work right now. HELP!!!!

Member Summary
Most Recent Posts
I understand your situation and have worked in similar situations. The executive director is "senior leadership". In y... (more)

drodge (Apr. 03, 2009 @ 9:03p) |

By the way, firing certainly isn't the only remedy. In fact, it seems pretty harsh if they are the first person who get... (more)

drodge (Apr. 04, 2009 @ 10:22a) |

I've also been in a similar situation when I worked at a very small company, but in my case, it was the president of the... (more)

jayK (Apr. 04, 2009 @ 11:10a) |

Quick Summary is created and edited by users like you... Add FAQ's, Links and other Relevant Information by clicking the edit button in the lower right hand corner of this message.
Thanks for visiting FatWallet.com. Join for free to remove this ad.

If you want to effectively block sites, then you will need to set the router for your network to use static DNS servers from http://opendns.org. Setup an account with them. Set your blocking options and DNS lookups will fail for any sites you don't want it to work for.

firetower said: If you want to effectively block sites, then you will need to set the router for your network to use static DNS servers from http://opendns.org. Setup an account with them. Set your blocking options and DNS lookups will fail for any sites you don't want it to work for.

Thank you. From what I can tell in your post, it sounds like I would have to give a list of "approved" websites. I don't want to do that since there are trillions of websites on the net. What I would like to do is to block 4 or 5 websites.

Thanks again!


Just add the sites under the "Access Restrictions" tab. I've had trouble using the url blocking so I just add the terms "facebook, myspace, etc..." under the keyword section. I don't think the url blocking works.

If you want greater control you can buy a router that is compatible with a third party firmware (DD WRT or Tomato). Both allow restrictions for P2P

Kdogg said: Just add the sites under the "Access Restrictions" tab. I've had trouble using the url blocking so I just add the terms "facebook, myspace, etc..." under the keyword section. I don't think the url blocking works.

If you want greater control you can buy a router that is compatible with a third party firmware (DD WRT or Tomato). Both allow restrictions for P2P


The url blocking works for me (just tried it for fun at home) and the Linksys WRT54GS is compatible with dd-wrt and such.

Edit: I wouldn't do keyword blocking because if a important page needs to be visited and it happens to have the word or words "facebook, mspace, etc..." in the webpage due to a advertisement or is mentioned in a article or for whatever reason, that page cannot be viewed.

1. How did they get around the URL blocking?
2. If you want some pc's open and some not you will either have to download Tomato or just buy a 2nd router and connect the 'unblocked' ones to it. (Which might cause different sharing problems).

jimmywalt said: I am NOT looking for advice on "Fire the person", "Tell them you know they are on these sites", "Disconnect their computer from the internet", etc. I am in need of a way (software or hardware) to just block this stuff from each computer.You are tying to resolve a social problem with a technical solution, and that usually doesn't work very well. If you block one site, people will just find a different site to waste time on.

That said, there are several commercial programs that do a pretty good job blocking sites. You'll have to pay for them though.

The people that work here wouldn't know about using a "proxy" to get past any blocks that I put in place, so I don't need to worry about that. I'm the only "computer tech" person here (and I'm not that great myself).All it takes is one computer-savvy friend to tell an employee how to use a proxy, and that knowledge will spread like wildfire throughout your organization.

jimmywalt said: Thank you. From what I can tell in your post, it sounds like I would have to give a list of "approved" websites. I don't want to do that since there are trillions of websites on the net. What I would like to do is to block 4 or 5 websites.
You're asking for a blacklist, which OpenDNS can do:
http://www.opendns.com/support/article/39

So you can block only the sites you specify.

Just FYI though, OpenDNS also supports the opposite, a whitelist, where you can specify sites to always never block:
http://www.opendns.com/support/article/198

For what you're asking, the blacklist will work. However, the whitelist feature may come in handy if you, say, use their "block adult sites" feature, only to find out there's a site OpenDNS considers "adult" that you want your users to have access to.

jayK said: ...people will just find a different site to waste time on.

lol That's how I found this place. tic-toc tic-toc

How can I get to my router configuration page, once I've configured OpenDNS?
http://www.opendns.com/support/article/141

I set-up OpenDNS on my home Netgear router to try it out, but now I can't get back to the router config page!!!!!!!!

It's a Netgear. Usually I can do routerlogin.net or 192.168.1.1 but neither will work right now. HELP!!!!

jimmywalt said: How can I get to my router configuration page, once I've configured OpenDNS?
http://www.opendns.com/support/article/141

I set-up OpenDNS, but now I can't get back to the router config page!!!!!!!!

It's a Netgear. Usually I can do routerlogin.net or 192.168.1.1 but neither will work right now. HELP!!!!


First you said you have a Linksys WRT54GS router. Now you say you have a Netgear router. Which one do you have? Netgear's default log in site 192.168.0.1 and Linksys's default log in site 192.168.1.1

roadwarrior313 said:

First you said you have a Linksys WRT54GS router. Now you say you have a Netgear router. Which one do you have? Netgear's default log in site 192.168.0.1 and Linksys's default log in site 192.168.1.1



OOPS!!!! I posted this very quickly from home this morning and then realized in the car that the 2 routers are different brands. The Linksys is at the office, the Netgear is at home. I am locked out of the Netgear at home at this time (I had to rush out the door to get to work this morning). My only thought is to try to reboot the router and cable modem, and if that doesn't work I'll hit the reset pin on the router and resetup all the settings.

Thank you.

DNS has nothing to do with router access. Changing the DNS settings in your router could not have caused this. Maybe you changed something else by accident?

DNS resolves names into numbers. When you go to an IP directly your DNS configuration isn't needed / used at all.

minidrag said: DNS has nothing to do with router access. Changing the DNS settings in your router could not have caused this. Maybe you changed something else by accident?

DNS resolves names into numbers. When you go to an IP directly your DNS configuration isn't needed / used at all.


No. That was the only thing I changed. I followed OpenDNS instructions exactly.

I think I'll try unplugging the modem and router when I get home and trying it again. Usually I just type routerlogin.net in the IE address box and I don't have a problem. I could tell that I was still hooked up to the OpenDNS search website because that would come up after it didn't connect to the routerlogin.


I should ban fatwallet from my network so that I become more productive.

If the employees are tech savy, they can still get to the site by using the IP instead of the URL. As JayK said, this is an administrative issue. Unless you are willing to put in either a lot of money and/or a lot of time, you aren't going to be able to stop them. In most cases, you need senior management support to enforce the policy. It's a lot easier to use the technology to ensure people are following the policy than it is to try to use it to modify behavior.

drodge said: If the employees are tech savy, they can still get to the site by using the IP instead of the URL. As JayK said, this is an administrative issue. Unless you are willing to put in either a lot of money and/or a lot of time, you aren't going to be able to stop them. In most cases, you need senior management support to enforce the policy. It's a lot easier to use the technology to ensure people are following the policy than it is to try to use it to modify behavior.

I agree with you both.

No, these people could't tell you what the letters IP stood for if you offered them a million dollars, nor would they have a clue how to get to a website using an IP address.

I'm looking into this OpenDNS thing more tonight at home (for our home network too), and will probably try to go down this path at work as well. It appears that this service will also give me a listings of URL's that have been visited. So if I see that instead of going to Myspace there are now 10,000 visits to JCPenney.com, then I'll block that site as well. Afterwhile I think the couple people that are abusing the system will get tired of it and either stop or quit their job.

Thanks though!

jimmywalt said: No, these people could't tell you what the letters IP stood for if you offered them a million dollars, nor would they have a clue how to get to a website using an IP address.But when they suddenly find that they can no longer access facebook from work, they will ask their tech-savvy friends and relatives how to get around it. They may not know what an IP address is, but I'm pretty sure they can follow instructions on how to add http://69.63.176.140/ as a favorite.

Never underestimate the motivation of a bored employee deprived of his or her facebook fix. This will end up taking a lot more of your time (and our time) than you think it will - trust me, I used to be on the black hat side of this battle in high school.

jimmywalt said: minidrag said: DNS has nothing to do with router access. Changing the DNS settings in your router could not have caused this. Maybe you changed something else by accident?

DNS resolves names into numbers. When you go to an IP directly your DNS configuration isn't needed / used at all.


No. That was the only thing I changed. I followed OpenDNS instructions exactly.

I think I'll try unplugging the modem and router when I get home and trying it again. Usually I just type routerlogin.net in the IE address box and I don't have a problem. I could tell that I was still hooked up to the OpenDNS search website because that would come up after it didn't connect to the routerlogin.

You need to use the IP of your router. A name, like routerlogin.net, is going to resolve via OpenDNS and not work.

jayK said: jimmywalt said: No, these people could't tell you what the letters IP stood for if you offered them a million dollars, nor would they have a clue how to get to a website using an IP address.But when they suddenly find that they can no longer access facebook from work, they will ask their tech-savvy friends and relatives how to get around it. They may not know what an IP address is, but I'm pretty sure they can follow instructions on how to add http://69.63.176.140/ as a favorite.

Never underestimate the motivation of a bored employee deprived of his or her facebook fix. This will end up taking a lot more of your time (and our time) than you think it will - trust me, I used to be on the black hat side of this battle in high school.


I hear what you are saying, but please remember that even though computer stuff is easy as heck for a lot of people on this forum, there are people (those that I work with), that would have NO CLUE about even Googling "Getting around OpenDNS". These people just don't have a clue what a DNS or an IP is. These are the same people that come to me and ask why their mouse isn't working (and it turns out that the ball inside is filled with dust, etc), or the people who will ask me how to change the ink cartridge in their deskjet printers over and over again. They are the same ones who look around the office for a phone book instead of using Google to get the number. These are not tech savy people. Most of them can turn the power button on the computer, do their jobs, and that's about it.

The worst I believe I would have to worry about is them wasting time on another website, which it appears OpenDNS will give me a log to view (and then to block).

Currently my issue is with two 30+ year old women who love to use the "social networking" sites. If I kill that off, then their only connection to their friends while at work would be via regular email or cell phone.

Thank you though for all your help and concern. I really appreciate it!

I'm with jimmywalt on this one. Several of my clients are this way - if something doesn't work they either don't do it any more or ask me about it. If I tell them it can't be done or isn't supposed to be done they just stop trying. They simply don't care enough about the computers to try and learn anything about them.

minidrag said: I'm with jimmywalt on this one. Several of my clients are this way - if something doesn't work they either don't do it any more or ask me about it. If I tell them it can't be done or isn't supposed to be done they just stop trying. They simply don't care enough about the computers to try and learn anything about them.
I agree with both sides. I would say that more than half of my client users wouldn't attempt a workaround. If you can get rid of some of the common places where hours are lost, then great.

If they are going to goof off, though, they will find a way to goof off.

I don't think anyone is trying to argue that. Just that in some places, with some people, nothing extraordinary is required.

minidrag said: I'm with jimmywalt on this one. Several of my clients are this way - if something doesn't work they either don't do it any more or ask me about it. If I tell them it can't be done or isn't supposed to be done they just stop trying.That's the key right there...a technical solution can work if it's combined with proper communication from management, including the consequences of violating internet access policies.

Tell those two to stop going to those sites and wasting company time and $$. Make them sign a paper saying they understand that they are not to go to these sites and if they are caught (by the tech regularly checking their computer) they will be sacked. Tell them that if there is any evidence of tampering with the computer history they will be fired. Then enforce it--no doubt there are plenty of others who would love to have their jobs in this economy. Your company is small enough to do this it seems and then word will spread to the others that you mean business.

Don't tell them how you're checking up behind them, just allude to your super-savvy-tech skills and they'll probably be scared enough.

Another alternative is to redirect all popular social networking sites to goatse on the two time-wasters' PCs. The problem should solve itself after that.

iRabbitt said: Tell those two to stop going to those sites and wasting company time and $$. Make them sign a paper saying they understand that they are not to go to these sites and if they are caught (by the tech regularly checking their computer) they will be sacked. Tell them that if there is any evidence of tampering with the computer history they will be fired. Then enforce it--no doubt there are plenty of others who would love to have their jobs in this economy. Your company is small enough to do this it seems and then word will spread to the others that you mean business.

Don't tell them how you're checking up behind them, just allude to your super-savvy-tech skills and they'll probably be scared enough.
jimmywalt has received this advice from FW multiple times. He never takes it

ellory said: iRabbitt said: Tell those two to stop going to those sites and wasting company time and $$. Make them sign a paper saying they understand that they are not to go to these sites and if they are caught (by the tech regularly checking their computer) they will be sacked. Tell them that if there is any evidence of tampering with the computer history they will be fired. Then enforce it--no doubt there are plenty of others who would love to have their jobs in this economy. Your company is small enough to do this it seems and then word will spread to the others that you mean business.

Don't tell them how you're checking up behind them, just allude to your super-savvy-tech skills and they'll probably be scared enough.
jimmywalt has received this advice from FW multiple times. He never takes it


Yes Ellroy.

But in my question I asked for "TECHNICAL WAYS", not peoples opinions on what to tell the employees.

I wish it was as easy as you all make it sound. I'm sorry that I can't elaborate, but what you are asking is IMPOSSIBLE where we are employed. Let's just leave it at that.

I am VERY satisfied with OpenDNS and will be using that from our router. The problem will be solved as best as it possibly can be.

Thanks again everyone!!!!!

jimmywalt said: I am VERY satisfied with OpenDNS and will be using that from our router.So what happened with your home router? Did you get back into it?

minidrag said: jimmywalt said: I am VERY satisfied with OpenDNS and will be using that from our router.So what happened with your home router? Did you get back into it?

Yep. Power cycled the router and modem, then it let me do the 192.168.1.1 thing.

Good luck. Without senior leadership support, a technical solution is your only hope. As others have said, they will simply find another way to waste time. Hopefully management will see that and take action. If not, there is nothing you can do.

drodge said: Good luck. Without senior leadership support, a technical solution is your only hope. As others have said, they will simply find another way to waste time. Hopefully management will see that and take action. If not, there is nothing you can do.'

Let me explain further.... There are 12 people with a computer that work for this SMALL non-profit organization.

Everyone at FW posts are "Senior Leadership", "Management"........ This isn't Microsoft Corp, Coke Corp, Kraft Corp, or anything like that. It's a itty, bitty, teenie small non-profit.

There isn't "management". There's an Executive Director, and about 4 other sub directors under that (of which I'm one).

Unfortunately being as small as we are, and having people with specialized skills, it's not as easy as saying "Just fire them for being on the internet".

I wish people could leave their "Corporate" mentality and understand we aren't some super huge corporation.

The 12 of us wear MANY, MANY different hats.

I understand your situation and have worked in similar situations. The executive director is "senior leadership". In your case, he's probably the only one with the clout to make anything happen. If they aren't willing to make an issue out of the problem, then you are stuck with trying to solve it technically. Surely you can estimate the amount, if not log the exact amount, of time being spent on social sites and bring that to the ED. With only 12 people, it's hard to imagine that you can't convince them of the scope of the problem. If not, then there isn't much you can do.

By the way, firing certainly isn't the only remedy. In fact, it seems pretty harsh if they are the first person who gets caught. I'm willing to bet if the ED puts out a strong policy, someone gets caught violating it, and they get a day off without pay, everyone else will sit up quickly and take notice. Most people ignore policies because they never see anyone else get caught and don't think they will either. Sometimes, just confronting them directly and letting them know that you know how much time they are wasting on unathorized sites will scare them into better behavior. Publically posting a log of who spends how much time on what sites so everyone else can see it can also work.

drodge said: I understand your situation and have worked in similar situations. The executive director is "senior leadership". In your case, he's probably the only one with the clout to make anything happen.I've also been in a similar situation when I worked at a very small company, but in my case, it was the president of the company who was the big time-waster, and part of my job was to fix his home computer (he worked primarily from home) when he would invariably pick up a virus from browsing questionable web sites.

Since I was a junior-level IT person at the time I couldn't do much about it myself, but the CIO noticed how much time I was spending supporting the president's PCs, and she had me keep track of that time so it could be charged back to the president's department. The president eventually had to explain this ever-increasing cost to the CFO and the board - I wasn't party to that discussion, but soon after I started tracking time the president hired an independent contractor to support his PC out of his own pocket.

It doesn't sound like these employees are causing too much extra work for you (unless you start playing whack-a-mole with a blacklist), but at small companies (where people are invariably overworked) the productivity of the company must be important enough to someone to put in place some kind of administrative solution. The solution may be as simple as assigning additional projects (perhaps a project to improve office productivity?) to the people who waste the most time.



Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

TRUSTe online privacy certification

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2014