As an administrator, I would like to receive emails whenever OpenDNS has blocked a domain for my network. This would give me immediate awareness of someone on my network trying to access inappropriate content. The ideal implementation would allow me to specify what email address to use for notifications so I could provide an email address that will go to my phone as an SMS message.
93 Comments
93 Comments
Who voted for this idea
- kseistrup
- rpgsky
- Sam Thompson
- ahoier
- shpigford
- thejoker
- meilleur
- banditz71
- Brian Watters
- Nathan
- ab-imports
- coldghost
- Chris
- drsox
- gamer8519
- Leandro Ardissone
- jeffmccann
- dauphin
- Jamie
- ericsc
- foxtyke
- binaryspiral
- pjpugliese
- dcockrell
- tricky
- justinreid
- os2mac
- war59312
- madmonk
- hesspaul
- serussell
- richrmg
- Jamison Kissh
- simoncraddock
- holden
- Scott
- willwill
- Brett
- argus
- tudorbob
- kurtisnelson
- jasonward
- freddy
- danbedford
- mkanakos
- nhhcs
- spsdns
- ngerber
- staticxfl
- Randy
Comments
I agree, I really dont have a need to monitor the activity minute by minute. I would like a single e-mail daily with all access attempts that were blocked however.
The idea of having it daily (or other frequency) is that you don't fill your inbox with hundreds emails (I used to get over 100 emails a day, like this), but instead you only get one email with a summary.
Also not every one can afford to have a DNS forwarder, that the idea of OpenDNS, that is caters for all. But if you can afford, then it proberly is a good idea.
It's a good idea, then we can, for exemple, add a blocked site the the white list if it's not. (before receiving a hundred of mail asking to access to this website)
written by fallibroome 582 days ago
Rating: 6
| Rate Comment:
We had this set up locally (via Squid and squidGuard) for a while. We switched if off in the end due to the amount of email it generated - far too many to deal with.
For example, if someone hit Google images and every thumbnail contained a pattern within the url that justified an email being sent (in our case, when the kids tried to access porn or games), we'd receive up 18 emails per user per page hit. We would receive hundreds of these emails every few minutes.
I realise OpenDNS doesn't perform pattern-matching on URLs, so fewer mails would be generated, but you could find yourself getting mail-bombed!
Its a nice idea, but I don't think its very practical.
written by aliendaycare 476 days ago
Rating: 2
| Rate Comment:
I guess it would depend on the size and demographics of your userbase. Our school has around 100 students and 25 staff. Being a parochial institution, we don't see a lot of attempts, but any attempt I would want to know about immediately because sooner or later, someone driven enough will find an unblocked site.
written by kinglandgroup 284 days ago
Rating: 3
| Rate Comment:
I agree. This seems like a good idea, but in reality it's probably a terrible one.
I think anyone asking for this should look at their blocked domains stats for a month first.
Also, this is just a bad idea because it has the potential to turn OpenDNS into a SPAMMer. For example, suppose you had some domain blocked that is used by a particular SPAM-bot. If a machine or two on your network managed to get infected by that particular SPAMbot, you could see millions of hits to that blocked domain(s).
The current Conficker situation comes to mind.
Now what if the e-mail address this is set to report to goes away or worse, has a vacation/auto-away message put on it? now you'll have a ping pong match between OpenDNS and your mail server.
This would mostly just waste everyone's bandwidth and have the potential for intentional or accidental abuse.
I vote no
written by Butch Bridges 194 days ago
Rating: 3
| Rate Comment:
The idea does sound good at first, but I agree, it would probably be impractical and overwhelm a mailbox.
So far, no one has mentioned "Hey, my internet is broke" helpdesk calls from affected users. Do you receive many calls, or do your users sheepishly assume they "got busted, got caught doing something bad"?
I'm asking because this "email notification and frequency" talk brings to mind the phrase "about as useful as teats on a bull". Either your phone rings, instantly, with a helpdesk request... or you discover the blocked access while munging the daily access logs.
I would like to see this option for summary reports only. daily, weekly and monthly perhaps.
I think this is the most useful (and usable) suggestion yet... Summary reports automatically emailed at a configured interval.
Yes definitely
.....as well as the idea of local IP incorporated
Would be the best and very helpful
written by OpenDNS User 551 days ago
Rating: 0
| Rate Comment:
Would be good to know as some of the domains may be needed.
Also how about syslog support to inform block events directly to a syslog server.
written by gtconveyor 548 days ago
Rating: 1
| Rate Comment:
Presently, I monitor activity on the proxy server with rule filters for sites containing opendns.com. If I see a lot of "hits" from a user, I edit the filter to watch their IP / username to see in real time what they are doing. Sometimes I find sites that aren't blocked that should be, as well as sites that should be "white listed".
[This also explains Bush...]
Wise up Franz - no one here asked for your political comments. This is a technical forum - please keep it that way.
robertfranz, I agree with you 100 percent. Most of the people who voted for this are network admins for businesses, not home users. They all want something for nothing, and tons of reports and statistics they can show off... "Let's see how many times Joe went to a porn site". Sure, let OpenDNS do all the work for them, why not.
Ridiculous suggestion if you ask me. Get some software/service and do it themselves.
Again, OpenDNS is a DNS service... not a personal statistics manager.
Just my opinions, of course.
I think this is an essential option that will empower the service significantly.
All the more so because the logs are only kept on the system for a week.
This can be an option, so those that don't want it don't have to set it.
written by foxyfool66 537 days ago
Rating: 0
| Rate Comment:
I use opendns for my home network and think this is a great idea (as I can''t always be sitting beside my children). As long as it's option for people to turn on and off and you can also set the frequency of notifications.
You guys are forgetting the fact that you will not be able to see WHO made that request that got blocked.
All you will receive, is an email that says "Someone accessed blah blah site, and it got blocked"
What will you be able to achieve with this information?
written by bigtrucker 529 days ago
Rating: 0
| Rate Comment:
Is this information not already on the stats page?
Perhaps this service should become a babysitting agency.
An RSS feed would be much better than email.
written by Bruno PELZER 518 days ago
Rating: 0
| Rate Comment:
I think it is a great idea !!!
LeBobo
written by agentshadow 514 days ago
Rating: 0
| Rate Comment:
You might somewhat achieve this level of alert notification by using a router that supports SNMP and using a filter rule that flags an address containing the string in an URL: http://block.opendns.com. If that string passes through the router you might be able to view the event with SNMP software.
Not sure if there is a software that allows you to log web site requests through SNMP. SNMP is primarily used for network traffic analysis.
Would be great! I would like to maybe see a RSS Feed used in this idea as it is more manageable that way.
written by holmanwebb 511 days ago
Rating: 0
| Rate Comment:
I think having a weekly stats email with a graph of blocked URLs and maybe the top 10 domains would be better. Add some nice graphs to please the pointy haired boss types. Look we're doing something about inappropriate access ! A per violation email would be more or less useless without user tracking.
I like the idea of a daily report. It would be really cool if it included the internal IP of the computer that requested it though I suppose that might not be possible.
written by haymarket_tech 477 days ago
Rating: 3
| Rate Comment:
I don't think OpenDNS can or should be our only tool in ferreting out network abusers. However, as ctran points out, some of us have to justify our use of OpenDNS to superiors who may or may not understand/care about what the stats mean, but would be very impressed with a colorful chart indicating that we are doing our part to prevent anyone from deriving any pleasure whatsoever out of our network.
It would be helpful though to see a warning when there is a sudden spike in blocked URLs that would clue you in to start watching the traffic more carefully, or to add a site to the black/whitelist. Perhaps instead of a notification per block, or even a periodic report, something similar to the "attack" notification we get from our AV suite: a warning e-mail if a certain threshold is passed in numbers of blocked sites. ie: more than 10 an hour, (adjustable for your normal network activity of course...) indicating that someone is either actively testing the boundaries or just not getting the hint when they keep hitting the blocked page. Then you would turn to other resources (proxy server, gateway, packet sniffer, etc...) to decide on a course of action - notify management, make a snarky phone call, disconnect the offender at the switch, prepare a cat-5 horsewhip... whatever is protocol on your network.
Just don't get lulled into a false sense of security by thinking that OpenDNS will do all the work for you.
This would be a great option for those of us using this at home to control child usage but needing the ability to open things up for the wife before she calls angry.
written by sciencebase 435 days ago
Rating: 0
| Rate Comment:
What would also help, not just for keeping an eye on users, but so that if they accessed something that was legit but being blocked for no good reason.
I like the idea. Weekly would be my vote :) But options are great.
Something I have done with setup is have my firewall alert me whenever someone on my network hits the IP address for block.opendns.com. The only time that site gets hit is when a domain is blocked. The firewall alert provides me with the internal IP and time of the hit which gives me enough info to determine who's doing what. It's a good work around for my small network.
Me parece muy buena la idea, o incluso sería bueno que el usuario puedan manda un e-mail a nuestra cuenta notificando tambien cuando una pagina esta bloqueada y no debería estarlo. Pecos
Another vote for this feature, done on a daily or weekly basis. We use the system at home, and need stronger security. Thanks.
I really love this idea. Can't wait for it to be implemented.
written by mrsmileyjr 284 days ago
Rating: 0
| Rate Comment:
This would be great to use it similar to the www.covenanteyes.com/ service
written by Marius Gologan 279 days ago
Rating: 0
| Rate Comment:
In the morning, I grab my coffee cup and I’d like to read an email with two columns:
A Black one – where I shall click on some links and see some information about it.
A White one – where I shall click some links and see what is all about, maybe a new opened proxy used by some open minded employees. Also, in this case, I’d like to subscribe it to OpenDNS in order to be shared to others who are not drinking coffee in the same way I do.
In my view this is a BAD idea. I get too many e-mails of alerts and the like, and would very quickly start to ignore them. I agree with others that the ability to peruse logs is sufficient.
SMS and e-mail have made us lazy readers and managers. Sure it sounds nice to have an event e-mailed but I think it's likely to lead to the recipient going "ho- hum".
Similarly others who have pointed out that it could result in a deluge, if there is some kind of infection etc are very valid points.
Given all of the restrictions that would be needed (as pointed out by everyone else), I would submit that the Stats page does just fine.
As was said, a daily email would probably be the limit, and even then it has the possibility of getting out of hand.
written by cspl01cspl 256 days ago
Rating: 0
| Rate Comment:
I love the stats page for what it shows me. I don't want an emailed report. The reasons for not having emailed reports have been put in this thread already.
As a new user of OPENDNS I have found there are more things to learn to help protect myself and stop my internet use from splattering the world with unintended and useless traffic.
The existing report pages (stats) is fantastic as the starting point to my learning.
If I want timestamps and someone to blame for rotten traffic then I will look to my ADSL modem/firewall/router configuration and my ISP helpdesk. If they don't measure up then at least both they and I will find out and we'll both learn something.
written by bournegroup 252 days ago
Rating: 0
| Rate Comment:
Brilliant Idea, Frequncy would be handy .I.e daily weekly or monthly
written by maclover009 241 days ago
Rating: 0
| Rate Comment:
It would be great if we had that feature but also the ability to have it track under the stats screen to let us look and have the option to send an email.
written by bhsteinberg 239 days ago
Rating: 0
| Rate Comment:
Has this been implemented yet?
https://www.opendns.com/dashboard/settings/867114/content_filtering
Users can contact you
Your users can contact you directly from the block page if they have questions. It'll show up as an email in your inbox.
written by wildernessis 231 days ago
Rating: 0
| Rate Comment:
I would love to see this option with the ability to select either real-time or daily notifications. The real-time alerts could have a threshold associated with them based on severity and quantity. For example, someone vising a porn site would be low on my list of "Need to know" but a result which indicated that I have a system which may be infected with conficker is something I would want to know about right away.
written by nutellajunkie 206 days ago
Rating: 0
| Rate Comment:
bad idea, the bandwidth in sending emails would probably affect the main idea of this service.
written by darrenaanderson 206 days ago
Rating: 0
| Rate Comment:
great idea - ideal to keep an eye on the kids
If you are going to monitor it, just go to the stats page.
Emails or RSS casues bandwidth usage and servers/resources, and while home users probably not aware, server resources, including power, can become very expensive.
Set up an outlook reminder to rememebr to check your stats of this free service.
Maybe you could set what categories you get an email for. I could care less if a user tries to hit an instant messaging site. if they are being blocked then i'm happy.
however f a student tries to continuously hit porn sites, he'll eventually find one that isn't blocked. I would like to have the option to run down to the lab and pull him off.
I would really like to see this feature integrated, that way I can monitor what websites are being blocked and what people are doing on the network. It would also be a nice feature to be able to see all the websites visited on the network, so that way we can not only see what they are getting blocked from, we can also see what they are viewing that's not blocked (so that way we can report bad websites already viewed to keep others from potentially viewing them)...
written by calvarylife 72 days ago
Rating: 0
| Rate Comment:
It would also be great if this could be implemented along with which IP address/hostname within my network tried to browse the blocked site.
written by dan-hargreaves 68 days ago
Rating: 0
| Rate Comment:
Fantastic idea, we use OpenDNS for a few of our business contracts and I think it would be good to see what is getting blocked on a daily basis. This would help us see if settings need tweaked.
This would really help track down my problem users...
written by smartyn13r 58 days ago
Rating: 0
| Rate Comment:
difintely
this will be the best to track domains and all such stuff
This would be a great feature, we already use 17 linux boxes with squidguard for on network computers, generating thousands of emails a day. It is not at all bothersome as the blocked URL is in the subject line and just a very quick perusal is sufficent most of the time. We are just now using OpenDNS for those (5) laptops not on network, and it would be great to have immediate notification. Now on my use at home I imagine that I would not see too many emails, but would still like to know right now. Either way if the number started jumping like crazy I want to know about possible infections before my IP gets blacklisted. Yes make it an opt in service, and yes make frequency selectable, but yes make it happen. This would be a great way to round out the services available, I would like to see it just from the parent perspective.
I agree, as having 3 kids i would like to get a e-mail alert and if possable from which pc on my network? although the last part probibly isnt possable
written by juernsberger 29 days ago
Rating: 0
| Rate Comment:
Yes i got facebook.com and myyearbook.com and myspace.com and teenspot.com all blocked and it keep saying when i type a site in at the internet and click on it it keep saying this This domain is blocked. and I was wondering if i can get facebook.com and myyearbook.com and teenspot.com and myspace.com unblocked please thanks
I think that this is a good idea if its configurable. I am using opendns just to block malware and phishing. I would love to get an email showing who fell for a phishing attempt so I could get them some 1 on 1 education.
Sign in to comment or register here.
What would be ideal, is the ability to select the frequency. For example, daily or instantly.