2

We use Open DNS + Norton DNS to detect if a website is porn / phishing website.

However we found a lot of non-English websites that can not be detected from Open/Norton DNS. Those are mostly Thai sites.

Later we also found Securly.com, but it misses lot more sites than Open/Norton DNS.

We found some more DNS lists, but they block just phishing, but not porn.

Later we found three different downloadable block lists, but they miss lot sites and are actually similar to what Securly have.

We also tried some lame-filters that finds specific words, but results are not very good and we miss-detect some non-porn websites.

Any ideas? :)

Nick
  • 786
  • 2
  • 12
  • 37

2 Answers2

6

You will need to use an appliance or some software tool that blocks sites based on an array of metrics, including heuristic analysis of text, image colors, and good ol' fashioned human analysis. DNS black lists are not enough since IPs change, resource records change, and there's very little in the way of intelligent analysis that can be done to determine if a site is a certain type of content just based on what DNS offers. It's a bit like determining if a substance is alcohol based on where the container was purchased.

You'll be wanting to use a tool like WebMarshall or Barracuda that blends an array of different methods to determine content type. No way around it. The exact one for you is a choice only you can make, without the aid of ServerFault since we highly discourage shopping questions.

Community
  • 1
Wesley
  • 32,320
  • 9
  • 80
  • 116
  • 1
    Or bluecoat or packeteer or ....... :) – MDMarra Dec 14 '12 at 21:47
  • 2
    ...or WebHawk, or Websense, or Fortiguard... – Wesley Dec 14 '12 at 21:48
  • Will check those. Question is not shopping question, I prefer some open source solution, or at least something for free. – Nick Dec 14 '12 at 21:51
  • I don't know if I am stupid :) but I can find only fortiguard doing porn filtering. It also have a demo but it does not categorize the site in question :) I bet they just use same lists I already found... – Nick Dec 14 '12 at 22:02
  • 2
    This is a difficult problem to solve, so it requires a great deal of human (non-automated) work, thus it's not really something that you'll find offered for free. – mfinni Dec 14 '12 at 22:19
5

My position is unless you are providing internet access to children, ie you are a school or library, then keeping users off of porn, gambling, games, social networking sites is a management issue, not a technical issue. If employees are properly supervised, then they will not visit these sites. If they aren't supervised, then if you block them, they will spend their time trying to get around the blocks, or doing something non-productive off-line. With more and more organizations allowing or encouraging Bring-Your-Own-Device (BYOD) this gets worse, as users who are on break and using their own tablet/laptop feel they should be able to browse where they want...

BillN
  • 1,503
  • 1
  • 13
  • 30
  • 1
    But it's not up to the IT staff to set those policies, it really isn't. – mfinni Dec 14 '12 at 22:36
  • 2
    Actually we have different problem. We are social network and some users leave posts to porn content. This is something we do not want to allow, exactly because some of the pages may be visited from anyone, including children. – Nick Dec 14 '12 at 22:38
  • 2
    So, you have a public website, and you need to detect and block inappropriate things posted there? You really should have stated that as part of your question - and it's all the more reason that you need to pay for a professional service. – mfinni Dec 15 '12 at 06:33