Set the DNS that's distributed by the router's DHCP to be OpenDNS, and block in the router the use of any other DNS servers but theirs (tcp port 53). Then go to OpenDNS's website and create an account for your site and set it up so that you can control what's passed or denied. You might be able to get it to notify you when they go looking for malicious stuff too.
That way, all you need to do is to ensure you hide the router connection details from your ISP and password protect your router, and there's nothing they can do about it.
Simples