Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: crittle2
crittle2 Author
User level: Level 1
0 points

named.log

1. The named.log on Yosemite Server is getting spammed by a very annoying domain. The IP constantly rotates and blocking seems useless. I'm not sure exactly what query (cache) means, can someone decipher this log? I'm assuming it's where these bots are hitting the websites from infected computers. Would the httpd.conf be the first course of action to prevent this... maybe a HTTP Referer?


16-Apr-2015 23:00:14.076 client 62.20.242.97#27787 (seoqewk.www.taohuazu.com): view com.apple.ServerAdmin.DNS.public: query (cache) 'seoqewk.www.taohuazu.com/A/IN' denied

16-Apr-2015 23:00:14.469 client 35.117.34.196#26542 (pelau.www.taohuazu.com): view com.apple.ServerAdmin.DNS.public: query (cache) 'pelau.www.taohuazu.com/A/IN' denied

16-Apr-2015 23:00:14.650 client 67.150.99.166#59602 (zdwzwywwukjvaov.www.taohuazu.com): view com.apple.ServerAdmin.DNS.public: query (cache) 'zdwzwywwukjvaov.www.taohuazu.com/A/IN' denied

16-Apr-2015 23:00:14.652 client 83.99.51.229#55467 (kaioywcgbvawpxg.www.taohuazu.com): view com.apple.ServerAdmin.DNS.public: query (cache) 'kaioywcgbvawpxg.www.taohuazu.com/A/IN' denied

16-Apr-2015 23:00:14.760 client 98.185.154.85#24009 (qiwps.www.taohuazu.com): view com.apple.ServerAdmin.DNS.public: query (cache) 'qiwps.www.taohuazu.com/A/IN' denied

16-Apr-2015 23:00:14.772 client 77.129.33.86#47704 (saajbownnsvsurp.www.taohuazu.com): view com.apple.ServerAdmin.DNS.public: query (cache) 'saajbownnsvsurp.www.taohuazu.com/A/IN' denied

16-Apr-2015 23:00:14.772 client 97.35.42.75#60049 (jrqsfilqllwflar.www.taohuazu.com): view com.apple.ServerAdmin.DNS.public: query (cache) 'jrqsfilqllwflar.www.taohuazu.com/A/IN' denied



2. I know this next question does not pertain to the server so I'll keep looking, but in the meantime, if someone out there knows it would be helpful.


If answer one is using a HTTP Referer, Regex, I'm having an issue matching subdomain.subdomain.domain.com and cannot find anything through searches thus far to match a double subdomain. Regex is not my strong point. Does anyone know a good Regex?

I'll update the question if I figure it out.

OS X Mavericks (10.9.3), null

Posted on Apr 16, 2015 8:24 PM

Reply
2 replies
User profile for user: crittle2
crittle2 Author
User level: Level 1
0 points

Apr 20, 2015 1:34 AM in response to Linc Davis

Yes that was helpful thank you!


After a lot of research I updated my named.conf file which has helped.


I am using icefloor so I need to do some more digging on how to implement a fix.

I'm new to this part so it will take some figuring out.


I was also wanting to use Response Rate Limiting in Apache, but cannot.

I use Server 4.1 and I'm assuming the bind does not support it?

Reply

named.log

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up