專門提供 DNS BIND/DHCP 套件的 ISC.org 日前被人入侵了,而且被植入了惡意軟體。據 ISC 稱,禍首是該站使用的 WordPress 的漏洞所造成的,至於 ftp.isc.org, kb.isc.org 則都不受影響。
======
ISC.org 的公告原文如下:
The ISC.org web site is down for maintenance.
We believe the web site may have become infected with malware. Please scan any machine that has accessed this site recently for malware.
This is a WordPress issue, ftp.isc.org, kb.isc.org and our other network resources are unaffected. We have not had any reports of any client machines that have been infected from our website. If you believe you have caught a virus from our web site, please let us know, by email to security-officer@isc.org.
In the meantime, all the things you come to our www site for are still accessible to you.
This is a great time to take a look at the Internet Archive, who is making an on-going record of the Internet, including our web site.
https://web.archive.org/web/20141007025209/https://www.isc.org/
HOW TO GET SOFTWARE
Until this site is restored, you can download your ISC software from our ftp site.
The current versions of BIND are found here: ftp://ftp.isc.org/isc/bind9/cur/
ISC DHCP 4.3.1 is here: ftp://ftp.isc.org/isc/dhcp/4.3.1/
Or, type ftp.isc.org into your browser and you will see an html page. Select the “isc” folder and double click to open it.
Within the “isc” folder you will see folders for “bind9” and “dhcp” and other software we host on www.isc.org.
Instructions on how to check your download files, to ensure their integrity, are here:
https://kb.isc.org/article/AA-01225/46/Verifying-the-Integrity-of-ISC-Downloads-using-PGP-GPG.html
Our pgp key is available on public key servers, such as MIT’s, https://pgp.mit.edu
TECHNICAL REFERENCES
Much of the information posted on the www.isc.org web site is actually stored in a Knowledgebase, which is available via direct http at https://kb.isc.org/
BIND security vulnerability information is easily accessed at: https://kb.isc.org/article/AA-00913/0/BIND-9-Security-Vulnerability-Matrix.html
How-to articles and FAQs on BIND are at https://kb.isc.org/category/77/0/10/Software-Products/BIND9/
MAILING LIST ACCESS
To view all ISC mailing lists, read archives and subscribe: https://lists.isc.org/mailman/listinfo
Bind issues: email to bind-users@lists.isc.org
DHCP issues: email to dhcp-users@lists.isc.org
HOW TO REACH ISC
Security issues: email to security-officer@isc.org
Information, sales, general inquiries: email to info@isc.org
Web site issues: webmaster@isc.org
To report a bug in our software, mail to:
Bind-bugs@isc.org
Dhcp-bugs@isc.org
Main telephone number: 650-423-1350
======
詳情請見:http://isc.org/