Note: DNS Proxy Mechanism updated on BLD DNS

Maybe as you know BLD DNS works on few ports in DoH mode - 443, 8443

You can use any of these ports in your browsers or devices, but I want to note you about how these modes work:

- 443 it is a native BLD service
- 8443 is is a reverse proxy (nginx or can be another service/mechanism)

⚡️ if you notice that some mode is not working properly, immediately as possible let me know about it - @sysadminkz

Example: How to setup Customised DNS your browser.

Settings > Privacy and security > Security > Use secure DNS > Customised:
- https://bld.sys-adm.in/dns-query
or
- https://bld.sys-adm.in:8443/dns-query

See details here (Firefox, Chrome, Brave, Edge):
- https://github.com/m0zgen/blocky-listener-daemon/wiki

/ dompdf security alert: RCE vulnerability found in popular PHP PDF library

https://snyk.io/blog/security-alert-php-pdf-library-dompdf-rce/

/ Cyclops Blink Sets Sights on Asus Routers

https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html

RouterOS Scanner

Forensics tool for Mikrotik devices. Search for suspicious properties and weak security points that need to be fixed on the router:

https://github.com/microsoft/routeros-scanner

/ Browser In The Browser (BITB) Attack

https://mrd0x.com/browser-in-the-browser-phishing-attack/

/ Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain

https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain

How to use the Emsisoft Decryptor for Diavol

https://www.emsisoft.com/ransomware-decryption-tools/howtos/emsisoft_howto_diavol.pdf

 
BLD DNS: One more server received as a gift from X-rdp.co

Hey, several days ago I published post (En denoscription) about the new server that was added to the BLD DNS infrastructure.

Today, I glad to present to you new server provided for BLD DNS from X-RDP.CO, located in Canada, I am really very happy, now I tested this server and want to present to you some information about of him:

- Speedtest - Download 940Mbps / Upload 236Mbps
- Storage IO - Write 1.1GB/s / Read7.1 GB/s
- CPU - AMD EPYC, 2395 MHz, KVM (AMD-V), 5 CPU Cores, 2 GB RAM

This server provided minimum on one year, I hope this service will bring a lot of benefits to the users of the service.

And I have another news - I requested from x-rdp.co discount coupon code and now I glad to present yo you
- Code: SYS10
- Discoint: 10%

I want to express my gratitude to the hosting, thank you, success to you and prosperity!

Take you care and safety. PEACE ✌️

P.S. BLD DNS Project site: https://lab.sys-adm.in

#bld #dns #thanks

/ Spyware dubbed Facestealer infects 100,000+ Google Play users

https://blog.pradeo.com/spyware-facestealer-google-play

/ Certain HP Print Products, Digital Sending Products – Potential remote code execution and buffer overflow

https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780

/ Deadbolt Ransomware is Back

QNAP uder attack:

https://censys.wpengine.com/deadbolt-ransomware-is-back/

/ Repeatable Failures: AMI UsbRt - Six Years Later, Firmware Attack Vector Still Affect Millions Of Enterprise Devices

Binarly Research Team Coordinates Patching of Dell BIOS Code Execution Vulnerabilities

https://binarly.io/posts/AMI_UsbRt_Repeatable_Failures_A_6_year_old_attack_vector_still_affecting_millions_of_enterprise_devices/index.html

/ Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS

https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/

/ Mēris and TrickBot standing on the shoulders of giants

Mikrotik under attack:

https://decoded.avast.io/martinhron/meris-and-trickbot-standing-on-the-shoulders-of-giants/

Red Canary’s 2022 Threat Detection Report

Based on in-depth analysis of over 30,000 confirmed threats detected across our customers’ environments, this research arms security leaders and their teams with actionable insight into the threats we observe, techniques adversaries most commonly leverage, and trends that help you understand what is changing and why. This is our most expansive report to date, but our intention remains the same: The Threat Detection Report exists to help you understand and detect threats

/ Ramsomware encryption speed rating

https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html

/ Malicious npm packages target Azure developers to steal personal data

https://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/

/ DNS stub zones might fail to load, which might cause DNS resolution issues

After installing updates released January 25, 2022 ( KB5009616) and later on affected versions of Windows Server running the DNS Server role, DNS stub zones might not load correctly, which might cause DNS name resolution to fail.

https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#2795msgdesc

Secure BLD: Защита от оверлимитных запросов
⁠
За последнее время было замечено злоупотребление ресурсами BLD DNS, как это выглядит:
1. Штатное состояние - Опытным путем выявлено: 10к-20к запросов в час, это штатная работа средней организации.
2. Злоупотребление - Превышение максимально-допустимого количества запросов, например 20к+ запросов в час.

Как пример - NextDNS платная подписка начинается с 300к запросов в месяц. Штатное состояние BLD DNS покрывает месячный лимит NextDNS менее, чем за двое суток 🤘

Есть клиенты сервиса генерирующие по 100к запросов в час‼️, пропускная способность BLD DNS позволяет выдерживать хорошие нагрузки. Несколько миллионов в сутки - штатная работа BLD на сегодняшний день, но благодаря злоупотреблению суточная норма, легко превращается в часовой показатель, это не есть хорошо.

Возражений нет - задонать, уведомь и будем решать, если надо сделаем выделенный инстанс, не проблема (донаты вообще не воспрещаются, а даже приветсвуются, так как поддержка сервиса идет за счет внутренних ресурсов проекта).

Так же есть BLD+ (об этом пару месяцев назад был анонс), поэтому - welcome.

Превентивные меры
Вчера прилетело ~300к запросов за час сразу с нескольких IP адресов, стало понятно, что нужно что-то делать:
- Был разработан механизм автоматической блокировки абьюсеров 🎉
- На сегодня (пока) работает по формуле - 20000k запров в 1 час = бан 10 минут (кто будет отваливаться, сразу ко мне @sysadminkz, будем решать)
- Решение имеет "белые списки", так что оверлимитчикам welcome to donate area
- Решение полностью автономное, работает в автоматическом режиме.

Note: Кто знает, что у него генерится большое количество запросов и знает свой IP, можно заблаговременно обратиться ко мне.

~~~ EN

Recently, abuse of BLD DNS resources has been noticed, how it looks like:
1. Legitimate state - Experimentally revealed: 10k-20k requests per hour, this is the regular work of an medium organization.
2. Abuse - Exceeding the maximum allowable number of requests, for example 20k+ requests per hour.

As an example - NextDNS paid subnoscription starts with 300k requests per month. The regular state of BLD DNS covers the monthly NextDNS limit in less than two days 🤘

Today, there are clients of the service generating 100k requests per hour‼️, the bandwidth of BLD DNS allows to work with hight loads. Several million per day is the regular work of BLD today, but thanks to the abuse of the daily norm, it easily turns into an hourly norm, this is not good.

No objections - donate, and notify me and we will decide what we need to do, no problem(donations are not prohibited at all, but even welcome, since the support of the service comes at the expense of the internal resources of the project).

BLD+ mode specifically created for overlimits (there was an announcement about this a couple of months ago (https://news.1rj.ru/str/sysadm_in_channel/3740 )), therefore - welcome.

Preventive measures
Yesterday BLD received ~300k requests arrived in an hour from several IP addresses at once, it became clear that something needed to be done:
- The mechanism of automatic blocking of abusers was developed 🎉
- Today (so far) it works according to the formula - 20000k requests in 1 hour = ban 10 minutes (who will fall off, immediately contact me @sysadminkz, we will decide)
- The solution has "whitelists", so the are welcome to donate area and then welcome to BLD back.
- The blocking solution is completely autonomous, works in automatic mode.

Note: Who knows that he generates a large number of requests and knows own IP, you can contact me in advance.

Take you care. PEACE ✌️