|
|
以下为photonvps给我发来的滥用报告,但是我不知道是什么意思,也不晓得如何操作。我的是windows的vps 。有懂的朋友可以帮忙看一下,告知一下如何操作谢谢。
Hello,
This is an email notice to inform you that we've had abuse reports regarding
your server. It appears that your server's DNS named service (BIND) is being
exploited to leverage outgoing attacks on other networks. This is due to the
configuration allowing a feature called "recursion" to be
enabled/allowed. This is due to a setting on your server and we would like to
offer to you a quick fix to resolve this issue. This fix will prevent future
issues as well as resolve the current exploit.
First method: Attached is a script that you can upload to your server and run as
the root user. The file is called namedfix.pl.txt. You would upload it as
namedfix.pl or whatever you wish to call it. You would then either set execute
permissions on the file (chmod 700 namedfix.pl) or run it with the perl command
as: perl namedfix.pl. This should do everything automatically for you.
Second method: If you wish to apply this manually and not use the script
attached, then you would locate your named.conf file (likely at
/etc/named.conf). You should back up the file first, calling it something
unique. Example: cp -a /etc/named.conf /etc/named.conf-safebackup. Then, once
you have a safe copy of your current config file, you would open the
/etc/named.conf file using your favorite text editor (vi, nano/pico, etc.) and
within the options { } block, you would add the following two lines (ensuring
they don't exist and are set to allow recursion; if they are, this needs to be
disabled):
allow-recursion { "none"; };
recursion no;
For example, it will look similar to:
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
};
Based on the above example, you would modify it to look like this:
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
allow-recursion { "none"; };
recursion no;
};
You will now need to reload the named service. This can be done via: service
named reload Or service named restart for the changes to take effect. If you
experience any errors/issues, please revert your last file and restart the
service. Example: cp -af /etc/named.conf-safebackup /etc/named.conf Once you
restart the service, review the changes, ensure you didn't make any typos/syntax
errors and repeat this process. If it still fails, please ask us for assistance
and provide the appropriate login credentials where relevant and we'll take a
look.
Please note: If you find that you need recursion enabled, then it needs to be
safely listed and specifically allowed to a certain IP, network or range,
instead of to the world.
Once again, the script attached should be able to be ran on any server with
BIND/named and will auto-fix this, if that makes it easier. Thank you for your
attention on this matter. Please let us know if you have any questions or
problems.
|
|
发表于 2013-7-3 10:30:59
楼主