Beware with some of the free templates from freshjoomlatemplates.com as they have scripts embedded in them that can take over your site and use it to send spam.
I already had a bad experience that cost me days of downtime and having to move my server to a different colo.
The up-side is that my new service has never been interrupted by DDOS attacks so far.
Thursday, June 19, 2014
Monday, June 9, 2014
Limiting recursive lookups in Bind
Limiting recursive lookups in Bind is a good idea for several reasons:
acl "trusted" {
111.222.333.444/55;
127.0.0.1;
localhost;
localnets;
};
options {
directory "/var/cache/bind";
auth-nxdomain no; # conform to RFC1035
additional-from-auth no;
additional-from-cache no;
allow-query { any; };
allow-recursion { trusted; };
allow-query-cache { trusted; };
};
- Why give free DNS service to the entire internet.
- A source of denial of service flood attack.
- Increases traffic, which may increase costs.
- Increases CPU usage.
acl "trusted" {
111.222.333.444/55;
127.0.0.1;
localhost;
localnets;
};
options {
directory "/var/cache/bind";
auth-nxdomain no; # conform to RFC1035
additional-from-auth no;
additional-from-cache no;
allow-query { any; };
allow-recursion { trusted; };
allow-query-cache { trusted; };
};
Binding postfix to use a specific ip address.
Now-a-days with SPF records and such, it's always a good idea to limit postfix to use the ip address specified in the spf record to prevent your mail from being marked as spam. This is only necessary if your server has more that one ip bound to it.
In /etc/postfix/main.cf add:
smtp_bind_address = 111.222.333.444
This will limit your postfix server to using the ip specified.
In /etc/postfix/main.cf add:
smtp_bind_address = 111.222.333.444
This will limit your postfix server to using the ip specified.
Subscribe to:
Posts (Atom)