Security PSA: Implement Urlhaus as a response policy zone (rpz) for bind

#1
If you're running your own server, I would recommend to install to implement urlhaus as a response policy zone (rpz) for bind. How-to guide in this article: https://abuse.ch/blog/using-urlhaus-as-response-policy-zone-rpz/

You may need to specify an absolute path the urlhaus.zone zone for the urlhaus.rpz file, depending on whether you have a directory entry in /etc/bind/named.conf.options or not.

My server was recently infected by the Kinsing malware (maybe through an open xdebug setup, not sure) and the above would have prevented the malware from downloading the kinsing executable.
 
Top