For testing antivirus we have EICAR, for SPAM, we have GTUBE.
Is there a standard site that is or should be included in blacklists that you can use for testing instead of going to your favorite porn site in front of your boss, the CEO, or someone else who feels that seeing such a site is an excuse for a sexual harassment suit?
Update
This is less about getting permission for me to test, though that answer is useful. I do have both permission and responsibility to actually make sure the filter is running. I am able test the filter is functioning with a netcat.
Instead, I am hoping there is a standard domain name that is blocked by most/all filters for testing. I need to be able to share this with my boss and users.
I need to be able to demonstrate what happens when someone go to a filtered page. I need to have a way to quickly prove to others that the filter is working without asking them to go to some site that will not cause grief if for some reason the filter is not working.
If there isn't already a good domain for this purpose I may simply have to register a domain myself, and then add the domain to all the filters I am responsible for.
Explain to your boss and HR that you either have to hope the porn filter is working or will need to test it by going to inappropriate sites. Make sure you tell them when you're doing the test, and how long it will take so they know you're not "testing" the filter all day every day. Then they can decide whether they want to let you try and visit sites like that at work or hope the filters work by default.
The second option is to install it at home without telling your teenage son and see how long it takes him to get angry and ask why the internet isn't working like it used to.
If there isn't, there should be. RFC2606 reserves several top level domains for test purposes with the understanding that they will never be assigned. It also reserves three second level names for use in documentation examples. The reservations are:
.test(testing of DNS related code).example(documentation and examples).invalid(known and obviously invalid).localhost(127.0.0.1 by any other name)example.com,example.net,example.org(documentation)From their described intended uses, it makes sense to me to use something like
pr0n.testas a defined positive. You could arrange for that name to resolve to something benign (BANG!) so that on failure of the filter you get something more interesting to happen than just a failed DNS lookup.We (at Smoothwall) have a "daily" URL in the lists to test the filter - with the date of list in the URL so you can tell you are up to date. Your vendor may provide a similar feature. It may well not be documented - ask them!
Alternatively, I like playboy.com. Should be blocked, but the homepage is always fairly benign - girls in bikinis etc. so low HR riskfactor if you just hit /.
Not an adult site, but we use Poker Stars to test that our fitering is working. We block gambling at the same level. So if Poker Stars gets blocked, then the filtering system is working.
I'll add a little something here...
The web filtering appliances I use all have a lookup feature that allows the submission of a URL to see how it will be categorized. This is done without actually initiating a connection to the site. In addition, the same content database can be referenced through an online submission form.
These filters have finer granularity in the rulesets and can distinguish between something like lingerie and swimwear, hardcore porn and simple adult content.
In addition, a browsing test is available directly from the appliance to simulate what the user would see during a browsing session.
We use www.pornsite.com
It should be blocked, but if it isn't, the home page contains a "You must be 18 or over to proceed" type of message with only text and no images.
UPDATE: There are PLENTY of images on www.pornsite.com now...
Lately we've just used www.playboy.com in it's place, but still looking for a better alternative.
playboy site is a "de facto" standard for this goal. It's is ok if you talk about url filter. It's rumored that some filter software have a specific routine to find "playboy" (and only "playboy") anywhere in the url to be able to block it even through an anonymizer.
But if you talk about a testing a content filter, no content (string) has been defined.
And, of course, for "image filter", the answer is no.
Testing a pr0n filter should be easy enough. Use playboy.com. It's been a known pr0n website for over a decade.
At a previous job we used sex.com and only sex.com. It's easy to remember and a real porn site. If anyone that wasn't an admin and testing a filter changed showed up in the log for that site then you knew they were looking at it.
Unfortunately if there is an issue you will be exposed to porn.
The service we use provides a lookup site where we can go and see how it categorizes a particular URL:
So we can hit a benign adware site to be sure the filter is working in general or for a specific machine, and use the lookup to be sure specific urls are in the filter list. That's worked well enough to this point. No need to go load up inappropriate sites just for testing.
For sharing a blocked domain with users, most systems allow you to create your own supplementary blacklist. Pick something, make sure it's in your blacklist, and share that. A subdomain of your own website (like filtertest.example.com) could even work, as long as you have the right dns entries so that it tries to pass through you gateway (as opposed to a hairpin or more direct route).