Am 07.02.2017 um 23:52 schrieb Alberto Colosi:
The truth is to solve it not to ask what an hacker (maybe a child runned a tool found on internet as virus toolkits).
the truth is to *find out* what happens and since it's more likely that some forgotten piece of cronscript lives somewhere than a hacker did it a triggered cronmail would call that script if it spits out something on stderr
that "chattr +i" for now stops anything including root to touch that file until "chattr -i" was issued is just a side-effect
To quote me is not a solution to the issue. Good your last line only on your last mail
not sure to whom you are talking because the quoting of your last mail was completly weird
yeah, but why should they be so dumb and set your dns zone to the values 24 hours before so that you notice the issue and much better question: from where do they have the exactly data of your own zone 24 hours before? try "chattr +i" on your zonefile so that it can't be touched and with some luck the stuff trying to replace it will error out in cronmails or syslog
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users