Jump to content



Photo

You can’t block Facebook using Windows 8′s hosts file

win8 mse hosts file

  • Please log in to reply
54 replies to this topic

#46 Lord Method Man

Lord Method Man

    Banned

  • 3,758 posts
  • Joined: 18-September 12

Posted 27 November 2012 - 01:15

I agree that Facebook should be blocked by default, in fact there shouldn't even be an option to unblock it.


#47 Shane Nokes

Shane Nokes

    Neowinian Senior

  • 2,243 posts
  • Joined: 29-July 12

Posted 27 November 2012 - 01:16

It's simple folks...the block is due to man-in-the-middle attacks. Secure things properly, don't look for workarounds that cause more problems later on.

#48 Javik

Javik

    #GamerGate

  • 6,056 posts
  • Joined: 21-May 12

Posted 27 November 2012 - 01:39

One of the primary reasons for owning a computer is Facebook? lol!! I think not :laugh: For the sake of one's security, it should be blocked permanently and forgotten about, so no, not trolling, I'm serious :)


I agree that Facebook should be blocked by default, in fact there shouldn't even be an option to unblock it.


So a billion or more people should be prevented from using something they love and enjoy to satisfy your personal hatred? Classy.

#49 Growled

Growled

    Neowinian Senior

  • 41,508 posts
  • Joined: 17-December 08
  • Location: USA

Posted 27 November 2012 - 01:42

I agree that Facebook should be blocked by default, in fact there shouldn't even be an option to unblock it.


Let's not go that far. A lot of people do like Facebook. I just want my host file to work like it use to.

#50 tiagosilva29

tiagosilva29

    Looking for a job in Lisbon

  • 12,231 posts
  • Joined: 08-May 04

Posted 27 November 2012 - 01:44

block it in your router then if you really don't want it...

Unless the router has filtering per machine it really doesn't help me in my case. I have everything blocked in my hosts file, while my wife has to have everything in the clear. Meh.

#51 Growled

Growled

    Neowinian Senior

  • 41,508 posts
  • Joined: 17-December 08
  • Location: USA

Posted 27 November 2012 - 01:48

Unless the router has filtering per machine it really doesn't help me in my case. I have everything blocked in my hosts file, while my wife has to have everything in the clear. Meh.


I feel your pain. Women.

#52 tiagosilva29

tiagosilva29

    Looking for a job in Lisbon

  • 12,231 posts
  • Joined: 08-May 04

Posted 27 November 2012 - 01:53

I feel your pain. Women.

Her job: on-line advertising. I'm sleeping with the enemy.

#53 Shadrack

Shadrack

    Neowinian Senior

  • 15,288 posts
  • Joined: 20-December 01

Posted 27 November 2012 - 02:07

I've been able to accomplish this at the router level and by device connection. Here is what I've done:

I'm using an ip level OpenDNS enforcement on my linksys router. The router has been flashed to run DD-WRT. The integrated DHCP server lets me set IP reservations on MAC addresses. From there I can add iptable entries on the router which act as a NAT style gateway (or something similar to that). The iptable entries enforce that all DNS lookups point to OpenDNS. The router also pings OpenDNS whenever my ip address changes so that OpenDNS can continue to service my devices and know what my settings are. From OpenDNS I can block social networks.

So yeah, that's how I've been able to achieve site blocking on the router level that individualized to each device (i.e., some devices are blocked, other devices are completely open). The only issue is that this doesn't technically block the IP address...it just makes it a pain in the ass to use the Internet in zones that are not allowed.

The way my router is configured, if the user puts in a static IP address they can easily bypass the lock-in to OpenDNS. However, just adding additional DNS entries to a network connection will not get around the block (all DNS calls are forcefully routed to OpenDNS for IP addresses on a list).

I have had issues blocking Facebook on the iOS app, however... I think it uses an IP address range built into the app and doesn't even do any DNS lookups.

I think it is possible to change the iptable entries to use MAC addresses instead of IP addresses but I haven't explored that yet. This would probably be a more reliable setup that is more difficult to tweak on the end user. My setup is optimistic in that any new device is given the default service provider DNS and only IP addresses specified are forcefully routed through OpenDNS.

Let me know if you want more detail about my setup.

#54 Growled

Growled

    Neowinian Senior

  • 41,508 posts
  • Joined: 17-December 08
  • Location: USA

Posted 27 November 2012 - 02:20

Her job: on-line advertising. I'm sleeping with the enemy.


Oh, my. You don't stand a chance.

#55 Belazor

Belazor

    Neowinian

  • 586 posts
  • Joined: 22-January 08
  • Location: Glasgow, Scotland
  • OS: Windows 8.1 Update 1 Pro x64
  • Phone: iPhone 5S

Posted 27 November 2012 - 03:21

One of the primary reasons for owning a computer is Facebook? lol!! I think not :laugh:

You find the notion that someone who has no interest going online other than to use Facebook to keep in touch with their families (children that have moved out, extended family living in another country / state) that hilarious?

I'm not judging, when I'm tired I find a lot of things hilarious. Then again, I don't make those things the basis of my forum posts...

For the sake of one's security, it should be blocked permanently and forgotten about, so no, not trolling, I'm serious :)

I'm willing to accept the premise that potentially, banner ads on FB may load malicious content if it slipped past their filtering systems due to human error. But that can be fixed with an adblocker such as AdBlock Plus or similar.

Could you elaborate on why Facebook specifically should be blocked for security reasons?

I'm going to assume you're not one of those people who cry about privacy concerns - while that premise may be valid for discussions regarding job applicants being turned down due to what FB reveals to their boss, it's not reapply applicable for Joe Granddad that's keeping in touch with his grown-up children and possibly also grandchildren (if they're old enough to use a computer).