My FC3 machine appears to be compromised, please help
Bob Brennan
rbrennan96 at gmail.com
Thu Apr 6 19:26:57 UTC 2006
On 4/6/06, Paul Howarth <paul at city-fan.org> wrote:
> Bob Brennan wrote:
> > I am of course open to suggestions but am at the moment waiting for
> > Demon to correct the hacked entries on their nameservers, if that
> > doesn't work - I'll be back for more help!
>
> This issue is probably only affecting Demon's customers at the moment
> (assuming the same problem has not manifested itself on other providers'
> nameservers).
>
> The main issue for you is that your own server is rewriting addresses
> due to the bogus CNAME records. You can avoid this easily by installing
> a caching nameserver on your own mail server. This will insulate you
> from your ISP's DNS issues and may actually result in improved
> performance for your mail server overall. This could be as simple as:
>
> yum install caching-nameserver
> chkconfig named on
> service named start
>
> Then edit /etc/resolv.conf, remove the existing nameserver entries and
> add a "nameserver 127.0.0.1" entry. Your system should then be doing its
> own DNS lookups and shouldn't see the bogus CNAME records.
>
> You may need to add PEERDNS=no to /etc/sysconfig/network to prevent your
> /etc/resolv.conf getting clobbered by a DHCP client.
>
> Paul.
I will save this as a possible solution Paul but I am loathe to make
changes like that right now since I have many business customers on
the same server whose domains are not being affected. Unfortunately I
will have to wait on Demon's solution to 3 domain's problems rather
than risk taking down 30 myself.
bob
More information about the users
mailing list