Blocking Facebook

[LocalHero]

Greetings

Someone has asked me how to stop a computer that can be used by a
number of people from connecting to Facebook.

Is this something that could be done with the HOSTS file?

If so, how would that be done?

If not, any other ideas for a simple solution?

Many thanks
--

 

[Stan Brown]

Greetings

Someone has asked me how to stop a computer that can be used by a
number of people from connecting to Facebook.

Is this something that could be done with the HOSTS file?

Good call!

1. Identify the Facebook domains, such as www.facebook.com. (There
are probably others; I don't have an account so I can't check whether
interior pages in the site have a different domain.)

2. Click the Windows Start button, paste this, and press Enter:
%WINDIR%\System32\Drivers\etc

3. Right-click HOSTS and select Edit or Open. You may need to select
Notepad or your favorite editor.

4. Add this line at the end:
127.0.0.1 www.facebook.com
and repeat for any other domains.

5. Save and exit. I suspect you will need to reboot.

Now when you try to access facebook.com your browser should tell you
that it can't find it. Make sure you let the other users know that
Facebook is blocked; otherwise they'll waste time trying to figure
out why it has stopped working.

 

[Ken1943]

Greetings

Someone has asked me how to stop a computer that can be used by a
number of people from connecting to Facebook.

Is this something that could be done with the HOSTS file?

If so, how would that be done?

If not, any other ideas for a simple solution?

Many thanks

I don't use the hosts list, but facebook uses two sites at the same time.
From Firefox noscript.

facebook.com
fbcdn.net


KenW

 

[Char Jackson]

Greetings

Someone has asked me how to stop a computer that can be used by a
number of people from connecting to Facebook.

Is this something that could be done with the HOSTS file?

Yes, that's one way.

If so, how would that be done?

Navigate to C:\Windows\System32\drivers\etc and open the hosts file in
Notepad. That's the entire filename; there is no extension. It may be
Hidden or Read Only, so be prepared for that. Once opened for editing,
read the notes that are already there, look at the examples to see how
easy it is, then scroll to the bottom of the file and on a line by
itself, add the IP address 127.0.0.1, tab, then enter the URL that
you'd like to redirect, for example www.facebook.com. Save the file,
being sure you're not unintentionally adding an extension. No need to
reboot, Windows will automatically pay attention to your change.

In effect, what you're telling Windows is that www.faceback.com should
resolve to the IP address 127.0.0.1, which is a special IP address
that refers to your own computer, (AKA localhost).

If not, any other ideas for a simple solution?

Many routers have a way to enter a URL, or partial URL, that you want
blocked. For some people, that would be easier than editing the hosts
file, especially if you need to block access from multiple computers
and want to do it all in one place rather than on each machine.

 

[VanguardLH]

Someone has asked me how to stop a computer that can be used by a
number of people from connecting to Facebook.

Is this something that could be done with the HOSTS file?

If so, how would that be done?

If not, any other ideas for a simple solution?

Many thanks

What's to stop those users from altering the 'hosts' file? If users
have physical access to a host then they can modify its configuration.
Using admin-level versus limited accounts does not preclude smart users
from getting around those permissions *within* an instance of an OS.
They'll just step outside that OS instantiation to make changes. You
need to employ your censorware somewhere upstream in a host or network
node to which the users do not have physical access, like at a gateway
or router host or even further by enforcing your users to use a DNS
service where you can define what to block in any DNS lookups (which
won't help if the users use IP addresses instead of hostnames).

How is a 'hosts' file going to work on a laptop or network that an
employee brings into work (and upon which your IT department didn't
setup with their customized 'hosts' file)? Does your company even
permit the use of non-authorized hosts on their corporate nework?

In your network's router, block all DNS requests (port 53) that go
anywhere other than to your router. Tell your router to block on
particular hostnames if that feature is available in your router. If
not available, configure your router to redirect DNS requests to a DNS
provider of your choice that lets you add blocks or select categories of
sites. After all, if your company is trying to prevent its employees
wasting time at Facebook then why wouldn't they also want to prevent
wasted time at other ego-stroking childish inane social sites, too? You
can use OpenDNS for free with a single account there. Besides
categories you can also block on specific URLs (hostnames) but there is
a limit of 50 in the free account. If it's a business then they should
afford a business account at OpenDNS. Of course, if it is a business
interested in censoring to where their employees navigate outside their
corporate network then they should be looking something like Websense
for censorware.

If these are children using the same computer, why aren't their parents
monitoring their activities? Or, at least, employing censorware
installed on the kiddies computer to regulate where they can visit? If
they are adults and continue abusing company policy then treat them like
children and take the computer away from them. If that means they
cannot perform their work tasks then suspend them without pay for the
time the computer's access is suspended for their use. Either you treat
the users as adults that get punished when they abuse their use of
someone else's property or resources; else, you treat them like children
for which several censorware schemes are possible. Just telling them
that all their network connections are being logged and any violation
results in punishment might be sufficient to deter that abuse but
obviously that means you must actually have a policy defined that you
will then enforce.

To deter without punishment will eventually lead to the abusive users
finding another means of circumventing your schemes, like using IP
addresses, proxies, tunneling within other (non-HTTP) protocols, etc.
If they have the time to waste at work stroking their egos at social
sites then they also have the time to thwart your local censor measures.
After all, if they are at work and are expected to work during their
work hours then do they really need Internet access at all? Are they
really web site designers testing their output?

 

[Gene E. Bloch]

What's to stop those users from altering the 'hosts' file? If users

Permissions.

If the users don't have Administrator privileges, they can't edit Hosts
(or so the experiment I just did indicates).

 

[Paul]

Permissions.

If the users don't have Administrator privileges, they can't edit Hosts
(or so the experiment I just did indicates).

If someone brings a Linux LiveCD into the picture, then the hosts
file is open game.

If you want to engineer filtering, a separate network box is one way
to do it. It's just a question of what's cheap and doesn't waste
a lot of electricity. Using a 150W old computer with two NIC
cards as a filter, is rather wasteful (that's 150W at idle).
And while tiny router boxes with custom firmware loads are
one solution, that isn't as convenient as it might be.

http://www.howtoforge.com/blocking-facebook-web-trackers-at-the-firewall-for-extra-privacy

The advantage of a separate box, is you can use physical security on it.
(Lock up broadband modem, and other gear to implement the filter.)
Then, the only networking service, comes through the filtered connection.

Paul

 

[Bob L]

Greetings

Someone has asked me how to stop a computer that can be used by a
number of people from connecting to Facebook.

Is this something that could be done with the HOSTS file?

If so, how would that be done?

If not, any other ideas for a simple solution?

Many thanks

Use Opendns.

Set up your free account with them, then point your router DNS setting
to their DNS servers

On your Opendns control you can block facebook, or all social networks
etc.



When they try to access Facebook etc, they will get a message that
this site is not allowed on this newtork (or similar)

 

[Joe Morris]

[blocking Facebook access]

Especially if UAC hasn't been disabled.

If someone brings a Linux LiveCD into the picture, then the hosts
file is open game.

That's a valid argument, but only if the users the OP wishes to control can
boot from removable media. The appropriate security control is to disable
removable media boot capability in BIOS, then password-protect the BIOS
settings.

Incidentally, the suggestions upthread about editing the HOSTS file didn't
take UAC into account. If it's not disabled and you haven't monkeyed with
the permissions on the file you'll need to open Notepad explicitly using
"Run as administrator", then open HOSTS by navigating to
C:\Windows\System32\Drivers\ETC and selecting the file.

Or (again assuming that the computer can be secured against tampering)
configure the firewall (Windows Firewall or one from a third party) to block
traffic to the Facebook IP addresses.

The OP didn't specify the context, leaving us without enough information to
provide a solid recommendation. For example, if the (apparently but not
necessarily single) machine is a desktop then there's probably a "reset
BIOS" jumper inside, so if the BIOS setting to prohibit removable media is
used then the cabinet would need to be secured and the jumper pins taped up
to prevent someone from poking a wire into the cabinet. Similarly, there's
no information on whether the users against which the "no-Facebook" policy
is to be enforced are unknown members of the public, employees/students who
can be diciplined for attempting to disable the restrictions, or family
members and their friends. Along the same lines, we don't know just *why*
the OP wants to restrict access, the answer to which can affect the need for
a bulletproof block.

Joe

 

[Desk Rabbit]

Use Opendns.

Set up your free account with them, then point your router DNS setting
to their DNS servers

On your Opendns control you can block facebook, or all social networks
etc.



When they try to access Facebook etc, they will get a message that
this site is not allowed on this newtork (or similar)

Yup, that's the correct answer

 

[LocalHero]

Good call!

1. Identify the Facebook domains, such as www.facebook.com. (There
are probably others; I don't have an account so I can't check whether
interior pages in the site have a different domain.)

2. Click the Windows Start button, paste this, and press Enter:
%WINDIR%\System32\Drivers\etc

3. Right-click HOSTS and select Edit or Open. You may need to select
Notepad or your favorite editor.

4. Add this line at the end:
127.0.0.1 www.facebook.com
and repeat for any other domains.

5. Save and exit. I suspect you will need to reboot.

Now when you try to access facebook.com your browser should tell you
that it can't find it. Make sure you let the other users know that
Facebook is blocked; otherwise they'll waste time trying to figure
out why it has stopped working.

Thanks Stan

--

 

[LocalHero]

I don't use the hosts list, but facebook uses two sites at the same
time. From Firefox noscript.

facebook.com
fbcdn.net


KenW

Thanks Ken

--

 

[LocalHero]

Yes, that's one way.


Navigate to C:\Windows\System32\drivers\etc and open the hosts file in
Notepad. That's the entire filename; there is no extension. It may be
Hidden or Read Only, so be prepared for that. Once opened for editing,
read the notes that are already there, look at the examples to see how
easy it is, then scroll to the bottom of the file and on a line by
itself, add the IP address 127.0.0.1, tab, then enter the URL that
you'd like to redirect, for example www.facebook.com. Save the file,
being sure you're not unintentionally adding an extension. No need to
reboot, Windows will automatically pay attention to your change.

In effect, what you're telling Windows is that www.faceback.com should
resolve to the IP address 127.0.0.1, which is a special IP address
that refers to your own computer, (AKA localhost).


Many routers have a way to enter a URL, or partial URL, that you want
blocked. For some people, that would be easier than editing the hosts
file, especially if you need to block access from multiple computers
and want to do it all in one place rather than on each machine.

Thanks Char

--

 

[LocalHero]

Greetings

Someone has asked me how to stop a computer that can be used by a
number of people from connecting to Facebook.

Is this something that could be done with the HOSTS file?

If so, how would that be done?

If not, any other ideas for a simple solution?

Many thanks

Thanks for all the replies

The setting is a small company where the "culprit's" computer has had
internet access stopped because she has been found a number of times
using facebook. She was then seen using this other computer (the only
other one accessible to her). The Hosts approach will be fine because
she doesn't have the level of knowledge to know it exisits let alone
change it.

--

 

[Desk Rabbit]

Thanks for all the replies

The setting is a small company where the "culprit's" computer has had
internet access stopped because she has been found a number of times
using facebook. She was then seen using this other computer (the only
other one accessible to her). The Hosts approach will be fine because
she doesn't have the level of knowledge to know it exisits let alone
change it.

The user doesn't need the level of knowledge, all it takes is a friend
or co-worker with the level needed.

You should implement a company policy on network resource use and
enforce it with appropriate hardware/software solutions. If you don't do
this it will turn into an arms race of the user going to other social
network sites and services and you editing hosts files on one or more
machines which will soon spiral into an administrative nightmare.

 

[Justin]

Greetings

Someone has asked me how to stop a computer that can be used by a
number of people from connecting to Facebook.

Is this something that could be done with the HOSTS file?

If so, how would that be done?

If not, any other ideas for a simple solution?

Many thanks

You should probably be more worried about blocking Brazzers.

 

[Dave \Crash\ Dummy]

Thanks for all the replies

The setting is a small company where the "culprit's" computer has had
internet access stopped because she has been found a number of times
using facebook. She was then seen using this other computer (the
only other one accessible to her). The Hosts approach will be fine
because she doesn't have the level of knowledge to know it exisits
let alone change it.

If she were working for me, she wouldn't be working for me. She is
stealing from the company. What would you do if you caught here stealing
office supplies, or dipping into the petty cash?

 

[LocalHero]

The user doesn't need the level of knowledge, all it takes is a
friend or co-worker with the level needed.

You should implement a company policy on network resource use and
enforce it with appropriate hardware/software solutions. If you don't
do this it will turn into an arms race of the user going to other
social network sites and services and you editing hosts files on one
or more machines which will soon spiral into an administrative
nightmare.

The company has 3 employees - the manager and two job-share people -
i.e. the culprit, and her co-worker. Although the job-share people
don't ever work at the same time, they each have their own desktops.
Now that the culprit's own PC has been denied all internet access, the
only other machine she can access is the other person's, and that
should have the Hosts file modified by now. The manager is quite happy
to try out this approach for a while.

--

 

[LocalHero]

If she were working for me, she wouldn't be working for me. She is
stealing from the company. What would you do if you caught here
stealing office supplies, or dipping into the petty cash?

You may not be surprised to hear that she is actually suspected of
stealing cash as well, but it would be impossible to prove it was her.
But because she has "problems" the manager is too big a softy to pursue
it. If it were me she'd have been out the door ages ago.

--

 

[s|b]

Yup, that's the correct answer

OpenDNS's HQ is based in the US, so it falls under US law. For instance,
the Patriot Act. No way in hell would I use OpenDNS...