My FC3 machine appears to be compromised, please help
Paul Howarth
paul at city-fan.org
Thu Apr 6 17:12:36 UTC 2006
Bob Brennan wrote:
> I am of course open to suggestions but am at the moment waiting for
> Demon to correct the hacked entries on their nameservers, if that
> doesn't work - I'll be back for more help!
This issue is probably only affecting Demon's customers at the moment
(assuming the same problem has not manifested itself on other providers'
nameservers).
The main issue for you is that your own server is rewriting addresses
due to the bogus CNAME records. You can avoid this easily by installing
a caching nameserver on your own mail server. This will insulate you
from your ISP's DNS issues and may actually result in improved
performance for your mail server overall. This could be as simple as:
yum install caching-nameserver
chkconfig named on
service named start
Then edit /etc/resolv.conf, remove the existing nameserver entries and
add a "nameserver 127.0.0.1" entry. Your system should then be doing its
own DNS lookups and shouldn't see the bogus CNAME records.
You may need to add PEERDNS=no to /etc/sysconfig/network to prevent your
/etc/resolv.conf getting clobbered by a DHCP client.
Paul.
More information about the users
mailing list