This is an email notice to inform you that we've had abuse reports regarding
your server. It appears that your server's DNS named service (BIND) is being
exploited to leverage outgoing attacks on other networks. This is due to the
configuration allowing a feature called "recursion" to be
enabled/allowed. This is due to a setting on your server and we would like to
offer to you a quick fix to resolve this issue. This fix will prevent future
issues as well as resolve the current exploit.
First method: Attached is a script that you can upload to your server and run as
the root user. The file is called namedfix.pl.txt. You would upload it as
namedfix.pl or whatever you wish to call it. You would then either set execute
permissions on the file (chmod 700 namedfix.pl) or run it with the perl command
as: perl namedfix.pl. This should do everything automatically for you.
Second method: If you wish to apply this manually and not use the script
attached, then you would locate your named.conf file (likely at
/etc/named.conf). You should back up the file first, calling it something
unique. Example: cp -a /etc/named.conf /etc/named.conf-safebackup. Then, once
you have a safe copy of your current config file, you would open the
/etc/named.conf file using your favorite text editor (vi, nano/pico, etc.) and
within the options { } block, you would add the following two lines (ensuring
they don't exist and are set to allow recursion; if they are, this needs to be
disabled):
You will now need to reload the named service. This can be done via: service
named reload Or service named restart for the changes to take effect. If you
experience any errors/issues, please revert your last file and restart the
service. Example: cp -af /etc/named.conf-safebackup /etc/named.conf Once you
restart the service, review the changes, ensure you didn't make any typos/syntax
errors and repeat this process. If it still fails, please ask us for assistance
and provide the appropriate login credentials where relevant and we'll take a
look.
Please note: If you find that you need recursion enabled, then it needs to be
safely listed and specifically allowed to a certain IP, network or range,
instead of to the world.
Once again, the script attached should be able to be ran on any server with
BIND/named and will auto-fix this, if that makes it easier. Thank you for your
attention on this matter. Please let us know if you have any questions or
problems. 作者: shuir 时间: 2013-7-3 10:32
提示: 作者被禁止或删除 内容自动屏蔽作者: 香港-新世界机房 时间: 2013-7-3 10:32 作者: 415734243 时间: 2013-7-3 10:33
shuir 发表于 2013-7-3 10:32
百度翻译啊。
我的一个朋友看了,说这是linux系统 的操作方法,在windows内无法这样操作,可否帮忙看下是这样吗。作者: DOS 时间: 2013-7-3 10:34
呵呵,饭桶。。
鸡米露。
