Does anyone know ow to over ride the school filters?

Wasn't there a realy old thread dedicated to this very topic?

As a sysadmin for a school, I would suggest not trying. Chances are if the tech people are anything like me and the rest of our tech department, you will be caught and dealt with accordingly.

We have had a lot of students try many methods and a few were successful until we blocked them and revoked their computer priveledges. It is hard to pass a computer class or many other classes that require research (online) without access to a computer in school.

However that said, Google is your friend.

-Manuel

Several if I recall (one of which was lost with the forum relocation).

*cough* http://tor.eff.org/ *cough*

But really, can't you just wait till your home to get on myspace?

The easy answer is to use a proxy, although finding one which isn't blocked in the first place is hard. You can use some very well known websites as proxies because of some of the features that they have but it is fairly hit'n'miss.

I would recommend setting your own proxy up at home. All you have to have is a webserver and php installed and you can run PHProxy which is great. As long as your school doesn't scan every page for black listed words you should be fine.

As for the ethics for bypassing a school filter, i think it is acceptable to do so, as long as you cause no damage to school computers or systems and are responsible with you use of it. (i.e. if you school is stopping you from playing games on the net by blocking them and you want to do that, then wait to get home. However if the block is blocking legitamate sites that you need access to then it is fine). Also you should bypass the filter if you have signed anything that basically says you won't do anything, some schools have "policies" which you have to sign before you get access to the internet which may contain restrictive clauses, its always worth checking them out.

I have to say if something is blocked and it is something that should not be, simply ask your teacher, your principal or the tech people why exactly is www.xyz.com blocked and explain exactly why you think it is legitimate. Chances are if it is truely a legit site, the filter is just playing it safe. However if you want access to sites such as myspace just because of (... fill in the blank) then that is not good enough.

We expect this for everyone here (staff/students/parents). Just as you might say site zyx.com is needing to be blocked because of porn or whatever.

The point is be responsible, respectful and knowledgable (some key principals to Social Engineering BTW) and you could get what you want.

I know if a student asks me in a clear well thought out question as to why something is blocked (or not) I do listen and do my best to explain. For example, youtube.com had to be blocked partially due to the content, but primarily due to bandwidth considerations. After aall if one person is looking at the content it is not bad, but if there are even just 5 computers on the site, combined the traffic can hog an entire T-1 line thus will not allow necessary traffic through without being worse than dial-up.

-Manuel

Nice to meet another school admin, manuel_l :)

How to get round the filters really depends on the setup. Which you havn't really provided much information about.

The schools that I work in all run through an off-site filtering system, meaning that I cannot unblock sites. So talking to Techs / Teachers to get a site unblocked may not work, even if they agree to it.

If your school's setup is ok, there is probably everything but port 80 (for web traffic) closed. And there will most likely be group policies in place to stop you from changing the proxy settings.

In short: I'm not gonna help someone get around school restrictions. When I was at school, I did it because I was curious; because I wanted to learn. Not because I wanted to go on myspace or watch porn.

Actually we block port 80 as well, except for our content filter server, which effectively forces anyone and everyone to use the filter. Even if they bring in a flash drive with firefox on it or boot into a livecd (if they happen to find a computer that will allow it) or maybe even their own laptop/ or other device, they don't just magically have free internet access because all ports are blocked for all IPs except for our content filter and servers. VLANs, subnets and PTP VPN allow this setup.

its a bit tricky when dealing with certain services, but it works for us once we got everything setup, although changes do need to happen so that we can increase the capacity of our server farm.

-Manuel

Yes that is the correct way of going about this but unfortunatly we don't live in a fair world. My schools previous IT head was an absolutely horrible and wouldn't do anything and you were likely to get detention for asking, (also back in those days we only have 30MB storage in our user accounts).

Our new IT head is brillant and will do most things (in fact we have a quota of times to go on certain websites if you want to), and because he is great I'm also an admin at the school so I can sort things out as well.

I did mention in my first post the ethics of bypassing the filter and hopefully he will take that on board if and when he does want to bypass it and I would hope it is not for MySpace.



Yes it will depending on the set up but PHProxy will be a solution for most restrictions, as long as the site that is hosting the PHProxy is not blocked in the first place.

We have a Proxy on the school network which all machines are default to go through, and if someone somehow manages to tell it to use a direct connection instead then when it leaves the network it is filtered by the counties proxy which is even more restrictive because it is for use by Playgroups and Primary Schools. You have to go through one of them in the end.

The school filter blocked this too.

@manuel_l and barrytone: what collaboration is there between school and other network admins in creating a list of blocked sites? For instance, if an admin comes across a new site which has dubious content and it's not trapped by the current blocking mechanisms, does (s)he communicate it to fellow admins (in other organisations) in some way or are all admins expected to monitor network traffic and sites that students are accessing? If it's the latter, it strikes me that the blocking is not proactive but it's reactive.

It may be that there is an informal communication of such information between admins but I'm intrigued to know if there's a "formal" mechanism of such communication.

Well, my school's computers run on a network. They ave Deep Freeze when you turn them off. They are eiter Windows XP Pro or 98. Tere is a Tawspace drive that doesn't erase that's only abut 64mb. Its not only MySpace that I want to o on...

Question aimed at manuel_l:

Do you block Wikipedia? If I was a network admin I would setup a filter so any page on Wikipedai can be accessed (there is no questionable content on the wikipedia.org domain) but have a filter so that it blocks editing of pages (we can't have the few spoiling it for the many) it's just a simple url block (wikipedia.org*action=edit) and then IP blocking as well (145.97.39.155*action=edit). What do you think?

How do you do that?

I know from my school that we receive black lists which have different catagories which we can implement. For example it would work somewhat like this, we implement the porn black list and then we hope that all the porn sites in the world are blocked (not likely to happen), our list is then updated from time to time by the supplier as more are found. However if we find that someone has accessed a porn website at school (either by browsing the logs or being informed by someone) then we will add it to the block lists. As well as getting the black list from the company they take a list of the websites that we have blocked so that they can then look at them and add them to their lists etc. if they feel that need to.

I would not have thought that Admins would communicate amoungst themselves as not all admins would need this information, some would already have it, or have heard it previously. The system were the black list provide takes the list of what we have blocked and looks at it I think is a much better idea as they can reach for more people more effectively than admins telling themselves.

The blocking has to be preactive and reactive because the internet is changing so much every day.

Do what?

Put the websites on Wilipedia.com to use around the filters?

"Put the websites on Wilipedia.com to use around the filters?"

The sentance doesn't make sence and is out of context, I was talking about wikipedia.org not wikiepdia.com. Reading into that sentance (alot since it doesn't make sence) I wasn't even surgesting that you could use wikipedia.org to cercumvent web site filting.

Good question!

Here in the UK (in my city at least) the schools all connect to the same backbone. It's a scheme setup between the LEA (Local Education Authority) and Telewest. The web filtering is not done at the schools, but at the main gateway to the rest of the internet.

It is proactive, in that: they have a massive black list of sites that schools are not allowed to access (porn, warez, chat etc etc), but it is also reactive, in that: if someone (usualy a teacher rather than a network admin, as it's usually teachers that catch kids on sites they shouldn't be using :P ) finds a site that isn't blocked, but should be: they simply e-mail the URL to the LEA to get it reviewed for black listing.

If they didn't see the URL, they just get a network admin to check the logs based around the time of access, computer used and student that accessed it. That's usualy enough info to find the URL pretty quickly.

If the site needs to be blocked quickly, I usualy just put a dummy record in the schools local DNS server to point the offending URL at 127.0.0.1, or the ip of the school's intranet server. It's not full proof, but it's enough to stop the 'point and clickers' from getting to it until it's blacklisted by the LEA.

I wouldn't doubt that when I go back to school next August wikipedia will be blocked. Our MCS (Media Center Specialist, Pretty much a librarian who does other stuff) hates the site. She says that it is unreliable and put together by idoits, and since everyone can edit the info people are going to purposely post false info to mislead you. Her example ? Well she went to edit this article about a certain author, and in a section about where the author went on vacation she changed where he went from Italy to get this... North Italy, she then said it took a whole two weeks for someone to change it back.

Sparda: We do allow wikipedia, but our current filter does not allow for us to block using wildcards -- but we are about to change that with a completely different filtering system. The new system will allow that type of setup and this was one of those wish-list items that the new filer will take care of.

Iain: Excelent question!
We do try to communicate with other school districts (most are relatively small in our area) so that most of us are on the same page with filtering and the laws and implimentations of other technologies, but many people interpret the law differently enough that it is not always agreeable about sites to be blocked.

I have to say we use a combination of proactive and reactive methods. For instance MySpace was blocked a long time before many of our students really knew it existed, just as myyearbook.com was. Where we struggled was actively blocking the new proxies and other online methods to bypass the blocks.

Its also proactive, because the vendor of the filter has many categories to choose from which have literally millions of websites already on them, which are updated frequently from the vendor. There would be no easy way for all of us to recreate the full list ourselves.

So is this formal, no not really, but its out of courtesy that we communicate at least a portion of the time. Afterall why re-invent the wheel when you can just modify it for your needs?

At the same time it is reactive, because some content could be considered okay for high schoolers to research on, but completely not appropriate for the younger kids to see. we have to reactively create lists and block/allow sites as needed.

Our staff are supposed to monitor the Interne twith their students closely and tell us if they are doing anythng borderline so that we can watch it, but unfortunatley several of our staff members don't always have the ability to observe everything that goes on. This is where the tech dept. steps in and actively monitors the traffic for random time frames to see what is really going on.

Hope that answers your question a bit, without rambling on too much. If not ask again and I'll see if I can answer better.

-manuel

Here are ways you can bypass your schools computers. Some work some don't. And maybe this will help some of you computer admin out there. i knew lots of other ways but it's been a while now.

First of all my personal favorite I won't say I was the first to figure this out but I did on my own. Go to any website translation sites.

Two of my personal Favorites:

http://babelfish.altavista.com/
http://www.freetranslation.com/free/web.htm

Or you could just use proxies:

Free Proxy Websites
http://www.hidemyass.com/
http://www.proxert.com/
http://www.pagewash.com/
http://www.prx1.com/
http://www.freepr0xy.com/
http://www.freeproxysite.com/
http://blockmy.info/
http://www.alienproxy.com/
http://ipbouncer.be/
http://www.sweetproxy.com/
http://www.hidemytracks.net/
http://www.proxyslash.com/
http://www.unbloxy.com/
http://www.studentproxy.com/
http://www.anonymate.com/
http://www.spysurfing.com/
http://www.proxert.com/
http://www.finderly.net/Proxy/
http://www.sitesneak.com/
http://www.proxy-surf.net/
http://www.freevideocodes.us/
http://freeschool.be/
http://proxypop.com/
http://www.proxyed.blogiseverything.com/
http://kungfuproxy.com/
http://itracks.net/
http://www.teenproxy.com/
http://www.proxywhip.com/
http://www.myspaceproxy.com/
http://www.goproxy.org/
http://www.traceless.com/
http://demonproxy.com/
http://proxypop.com/
http://www.nomorelimits.net/
http://www.skipthrough.com/
http://hideyour.info/
http://www.letmeby.com/
http://www.browseany.com/
http://www.finderly.net/Proxy/
http://www.proxy-sock.com/index.php
http://www.anotherproxy.com/
http://www.proxyindex.com/
http://boredatschool.net/
http://www.proxypowered.com/
http://www.proxyprince.com/
http://www.rapidproxy.com/
http://www.ukproxy.com/
http://www.worldwideproxy.com/
http://www.thecgiproxy.com/
http://www.proxyguy.com/
http://www.freeproxy.us/
http://www.neoproxy.net/
http://www.thecgiproxy.com/
http://theproxy.info/
http://www.75i.net/
http://www.prx1.com/
http://www.proxyfoxy.com/
http://3proxy.com/index.pl
http://www.proxyhero.com/
http://indianproxy.com/
http://www.dzzt.com/
http://www.theproxy.be/
http://www.proxytastic.com/
http://www.browseatschool.net/
http://www.msnvip.com/
http://www.proxydrop.com/
http://www.worldwideproxy.com/
http://www.pimpmyip.com/
http://www.ohmyproxy.com/
http://www.proxyz.be/
http://browsingatwork.com/
http://www.proxy7.com/
http://www.sneakyuser.com/
http://www.browseatwork.com/
http://www.perception-media.net/jd/
http://www.v3gamer.com/proxy/
http://www.light.ukproxy.com/
http://www.browseatwork.net/
http://www.proxysurfing.net/
http://www.anotherproxy.com/
http://www.letsproxy.com/
http://www.ajitk.com/proxy/
http://www.worldwideproxy.com/
http://collegepie.com/proxy/
http://xanproxy.be/
http://proxy.iraqigeek.com/
http://www.gobyproxy.com/
http://www.betaproxy.com/
http://www.proxytastic.com/
http://anonymousproxy.us/
http://mvpzero.net/load/
http://www.zhaodaola.org/web/
http://www.ineedproxy.com/
http://www.fawazghali.com/proxy/
http://geoepker.hu/freeproxy/
http://fartpeepee.com/
http://whos-blazin.org/proxy/
http://farzaaad.blogfa.com/
http://www.logatic.co.uk/igoaround/
http://www.vimtoo.com/pro/
http://u2l.be/proxy.php
http://www.247proxy.com/
http://www.nimnim.ir/anti/
http://ali198.persianblog.com/
http://dnszone.com.ru/proxy-online/Index.php
http://hujiko.com/
https://proxify.com/
www.thedesignerslounge.net/bypass.html
http://pooling.info/

Alot of them should work. Unless the admin bans them all. but who cares now! No more school, muahahah!

A lot of them are banned at my school, which is why setting you own up is a good idea and limiting its use, that way it is unlikely to get banned so will always be there.

@manuel_l and barrytone:

You communicate directly or indirectly with other schools and I guess that the main concern of folks here is within the school context (either as an admin or student). I suspect that businesses also may want to block access to certain categories of sites so I just wonder how they would get into the "blacklist" circulation list. Are there any admins here from any businesses who could share their experiences of website blocking?

A lot of blacklists are provided by companies which charge you for access to them so they usually have people that spend all day looking at websites and catagorising them into different lists so people have the option of implementing them.

There are some non-commercial ones out there but they are generally not a lot of good. It might be fine for small user group environments but with large numbers of users then too many people will be access websites they should be.

I second this comment. almost all filtering companies have their own set of lists with their technology. But there are free resources available too. for a while we were using squidguard, which has an open source solution free of charge with lists and and categories, and that community works on theses lists just as hard. in fact for a good while before there was a law that said we had to filter, we were using it. The only problem was it didn't give us the room to grow like we needed, but it worked for us for a while and works for some schools and business just fine.

I am also one of the towns few "techies" that works on other people's computers as well includnig some local businesses. I always suggest these free tools and personnaly keep in close contact with many people this way. Plus if you can't tell already, I love to talk -- a great way to learn other's concerns and issues. This helps me keep my knowledge up-to-date and allows me to think not only for schools, but also for other situations.

So while I don't always talk about filtering lists with most people, if this issue comes up, i share as much as I can where I can. For me its a matter of educating more and more people on what options are out there.

imasoldier: Thanks for the list but over the course of time every single one of those sites is in my deny list. So for me its out of date. Actually Digg and sites like this have helped me find a few of these before our students were able to. A lot of kids eventually would complain about this site or that site or whatever being blocked already. When I hear that it just confirms to me that I am doing my job by trying to keep 1 step ahead of the game. This is not always true, but because I am very active with many sites I see the issues well before someone like my supervisor ever would. A lot of it helps that I am not really that far from most of these kids in age and at least for a few more years I still like most of what is out there.

The other thing that our filter does is allows us to block by keyword, so the word proxy gets flagged and gets sent to a special list that then determines if its an article about proxies or an actual site -- basically it looks for the words. But many words, like the urls, are added already by the vendors and organized into lists which are encrypted and made not readable to annyone but them.

Some companies use products like byteshifter before and after encryption (one vendor mentioned something of this nature to me and this is what I made sense of their process). This effectively makes it hard for anyone to easily read the lists without going through their procedures which really is probably more complicated than that.



-Manuel

This isn't something that would work in a high school, but it could work in some businesses and primary (junior) schools.

Rather than blacklisting websites, white-list them.

Some primary schools I work in literally have a list on a wall display of websites that the kids are allowed to use. Usually around 30 or so. Compared to the billions of websites that the kids shouldn't access, it's a lot easier to start off denying all access and to then make exceptions as they come up.

I've seen this setup used in a LearnDirect centre I did some ghosting for. The gateway is set to allow access to learndirect.co.uk only

So, if your employees only need a access a few websites and nothing more, just use the pessemistic approach :P

Kind of makes it hard when you want to know some thing and wikipedia doesn't know. White listing prety much cripples google.

At my school, they take away your computer privaledges for the rest of the year. They cite this as "security avoidance."

http://www.slashwebfilters.com or http://www.slash-web-filters.com
may not work all the time but i update frequently

I worked for an ISP that offered an filter system and did some side work for schools that used them. Some of our customers did report some school students finding a way around it. What the students did was goto http://babelfish.altavista.com/ and do a website translation for http://whatpagetheywanted.com they set it up to translate from German to English thus not performing any translation. Most filtering software does not have these translation sites blocked be default. Once the school admins found out they called us and we set that up to be blocked. It will get you access until you get caught doing it. As it has be stated before just wait to you get home to surf because you will get caught someone will see you on a site that you should not be you will end up telling the the work around so they do not report you. Soon a dozen or so students will be on myspace.com and the staff will be aware. They will want to know how the students that they know are not smart enough to figure a work around like that out and they will pressure them into telling them who told them how to do it. It will get back to you and they will use your punishment as an example to the rest of the school.

Translation websites were always a common way for people to get round things at my old highschool. I make sure they're blocked at the schools I administer :)

I use my own proxy (http://joehill.co.uk/proxy). Soon will be using a nix box at home using SSL, having VNC and CGIProxy installed to access Messenger, Web sites and general stuff I would do at home. I cannot get much work done while at college. But I have to turn up for attendance thats why. The college Im at just diteched their ISA server and just brought a new firewall and blocked every port except 80 and 443.

I have my own proxy, sadly it's spread across the school, so I'm thinking of changing it.

If they block the new proxy, they'll be blocking a teachers website that I run.

I win!

On another note, my school recently blocked YouTube

They also blocked Google's Translation feature, so you can't use that loophole

well i didnt really care about the blocking but i wanted to see if i could write some php to get around it.

Our school has blacklisted pages address and word filters, very secure :D, it acctually filters the words for black listed words like porn hack etc.

i wrote a php script which i hosted on my own website which simply rebuilt the remote page in my webserver, it replaced all the links with a base64 encode which could be decoded by the script later which prevented the url filtration and to get around the word filter i replace every vowel with the ascii equivilent rendering it useless.

try that method :D and if u fail at least u learnt php

Thanks dude. Your rock. This is the only proxy thats works.

best proxy ever:

http://www.allaboutabe.com

Click the black and white picture to the left.

I've been developing a PHP alternative to CGIProxy for some time, available here: http://l0gic.net/phpRelay

It's not entirely bug-free (what webproxy is?), but everyone is welcome to use it freely. Please read the comments in the source, and let me know of any bugs you discover.

I also recently found out my school filters the word pr0n but not porn.

Lets say i set up a proxy at home.. and i was able to change the proxy setting on a school computer. Would they still be able to block traffic through the used ports?

Would it be possible to some how encrypt or bypass the traffic sniffer/blockers that the schools have in place?

The suggestion was to use a web proxy I think, which means you wouldln't need to change the school proxy settings, you would just have to go to the address of the proxy in your browser. If you use TLS and they haven't got it set up to do a sort of man-in-the-middle attack which provides theirs own certificate instead of your own with the browser set up to accept the school certificate without complaining then they can't sniff the traffic. You can easily find out if that is the case by writing down your cert fingerprint(s) and then checking if they are the same when you access your proxy from school.

My suggestion was for a web proxy because they are a lot easier to setup and most likely you won't be able to change the proxy at your school in IE if they are using Active Directory, that would mean that you would have to use something like portaFirefox which may not be possible either.

The easiest way to encypt the data would be with using a https connection with SSL which is very easy to set up and is the defactor way of encypting http internet traffic.

However this method is flawed and I have heard of companies installing SSL certificates on all of there computers and on the proxy and only allowing those to be used within the coporate network, then the proxy uses the SSL cert that you provide from your server.

It is unlikely that they would have this in place though, but you have to consider, if you are having to encrypt the traffic that you are generating should you be doing whatever you are doing from a public computer?

do eny of u live in ontario durham region and would now if the computers there run on a black list program

What the hell is a blacklist program?

Firstly, your post doesn't make much sense, it makes answering your question a lot easier if you can construct a sentence.

No I don't live in the onario durham region, and not all the computer will be connecting to proxies that filter the internet. Most likely all schools and business as well as people who have large networks run proxies. Its up to them or the government whether they run a proxies and filter the web.

By black list program I think you mean a Proxy that actively filters the requests it recieves for websites against a known list of unsuitable websites. Its not a program as such the black list. The proxy is however.

At school the Science Academy kids created a proxy to bypass the filter (they had a legitimate reason) which remained unblocked until every one in the school started using it...... I think that bypassing the filter at school is probably the dumbest thing you could do on a school computer (at least at my school) They monitor the hell out of you... Plus we dont even have desktop computers where we can remain anonymous... We use thin clients so every thing can be traced back to us because of our remote desktop accounts.. Plus our filter is smart so 99% of proxies are blocked.

You obviously don't have much knowledge of active directory and running a network. Desktop are no safer than Thin Clients.

What i meant was... u cant run any thing on the the thin clients.. so u really cant run any tools to anonymize you.... on a PC u prolly could..