|
|
今天一早起来收到了photonvps的官方滥用报道,但是一直不知道怎么处理,看也看不懂,问了一下朋友,朋友说是linux系统才能这样操作,但是我的是windows的vps啊,希望有懂的朋友或者是photonvps官方的客服可以说下操作方法吗,谢谢。
下面是他的报告,然后还有一个附件。
Hello,
This is an email notice to inform you that we've had abuse reports regarding your server. It appears that your server's DNS named service (BIND) is being exploited to leverage outgoing attacks on other networks. This is due to the configuration allowing a feature called "recursion" to be enabled/allowed. This is due to a setting on your server and we would like to offer to you a quick fix to resolve this issue. This fix will prevent future issues as well as resolve the current exploit.
First method: Attached is a script that you can upload to your server and run as the root user. The file is called namedfix.pl.txt. You would upload it as namedfix.pl or whatever you wish to call it. You would then either set execute permissions on the file (chmod 700 namedfix.pl) or run it with the perl command as: perl namedfix.pl. This should do everything automatically for you.
Second method: If you wish to apply this manually and not use the script attached, then you would locate your named.conf file (likely at /etc/named.conf). You should back up the file first, calling it something unique. Example: cp -a /etc/named.conf /etc/named.conf-safebackup. Then, once you have a safe copy of your current config file, you would open the /etc/named.conf file using your favorite text editor (vi, nano/pico, etc.) and within the options { } block, you would add the following two lines (ensuring they don't exist and are set to allow recursion; if they are, this needs to be disabled):
allow-recursion { "none"; };
recursion no;
For example, it will look similar to:
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
};
Based on the above example, you would modify it to look like this:
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
allow-recursion { "none"; };
recursion no;
};
You will now need to reload the named service. This can be done via: service named reload Or service named restart for the changes to take effect. If you experience any errors/issues, please revert your last file and restart the service. Example: cp -af /etc/named.conf-safebackup /etc/named.conf Once you restart the service, review the changes, ensure you didn't make any typos/syntax errors and repeat this process. If it still fails, please ask us for assistance and provide the appropriate login credentials where relevant and we'll take a look.
Please note: If you find that you need recursion enabled, then it needs to be safely listed and specifically allowed to a certain IP, network or range, instead of to the world.
Once again, the script attached should be able to be ran on any server with BIND/named and will auto-fix this, if that makes it easier. Thank you for your attention on this matter. Please let us know if you have any questions or problems.
|
|
发表于 2013-7-2 23:18:21
发表于 2013-7-2 23:21:17
