[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 524
  • Last Modified:

CentOS +Bind (possible Server Atack)

Hi

Got a tweet to say my web server was down this morning, the VPS shows the server as down so I hit the power and it was back up quickly.

I had a dig thought the logs (I'm not a *nix expert so bear with me) the /var/log/messages were full of these...

Aug  7 03:51:52 MY-HOSTNAME named[490]: error (unexpected RCODE REFUSED) resolving 'lalka.com.ru/ANY/IN': 77.222.51.250#53

Looks like some kind of attack? What's do I need to change or add to my BIND server to mitigate this?
0
Pete Long
Asked:
Pete Long
  • 3
1 Solution
 
Pete LongConsultantAuthor Commented:
Some reading makes me think I've been used in a DNS amplification attack because my DNS server has recursion enabled.

Reading.................
0
 
Pete LongConsultantAuthor Commented:
BIND recursion disabled an tested - I will post full instructions shortly...............

PL
0
 
Pete LongConsultantAuthor Commented:
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now