in the normal configuration of ispconfig the system is vulnerable for this http://www.cert.org/incident_notes/IN-2000-04.html kind of attack. I had installed ispconfig on a fresh ubuntu 5.10 Server install. So i can't say if this is Ubuntu or ispconfig vault. But solving is really easy. So if you modified the named.conf.master (found in /root/ispconfig/isp/conf/) to the following, everthing is fine ! replace xxx.xxx.xxx.xxx with your puplic IP! Code: acl recurseallow { xxx.xxx.xxx.xxx; 127.0.0.1; }; options { pid-file "/var/run/bind/run/named.pid"; directory "{BINDDIR}"; auth-nxdomain no; allow-recursion { recurseallow; }; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; Maybe it has to be placed here http://www.howtoforge.com/perfect_setup_ubuntu_5.10_p3 cause i don't take a look if ispconfig will get entrys from named.conf ...
