1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

New Kloxo Exploit - Thousands of Servers Compromised

Discussion in 'Security' started by infinitnet, Jan 29, 2014.

  1. #1
    Yesterday a new exploit for the hosting control panel "Kloxo" was discovered. The hackers are using an SQL vulnerability in Kloxo to gain access the the system and then use it to send DDoS. Hundereds of hosting providers are affected and started to suspend servers that were running Kloxo. There is an ongoing discussion on WHT about this. If you are a hosting provider, you should notify your clients immediately. If you're running Kloxo, you should upgrade to Kloxo-MR immediately, which is a Kloxo fork which is still under active development and had this vulnerability patched a while ago. A better and more secure alternative to Kloxo would be ISPConfig.
    SEMrush
     
    infinitnet, Jan 29, 2014 IP
    SEMrush
  2. point2

    point2 Active Member

    Messages:
    698
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    75
    #2
    I got the same warning from one of my VPS provider.. Good thing I am using ISPConfig
     
    point2, Jan 30, 2014 IP
  3. infinitnet

    infinitnet Member

    Messages:
    56
    Likes Received:
    7
    Best Answers:
    1
    Trophy Points:
    35
    #3
    Yes, I don't recommend anyone to use Kloxo or it's forks, but rather ISPConfig or, if they like the interface, Webmin/Usermin.
     
    infinitnet, Jan 31, 2014 IP
  4. dayvo

    dayvo Active Member

    Messages:
    585
    Likes Received:
    52
    Best Answers:
    1
    Trophy Points:
    55
    #4
    Or cPanel
     
    dayvo, Jan 31, 2014 IP
  5. infinitnet

    infinitnet Member

    Messages:
    56
    Likes Received:
    7
    Best Answers:
    1
    Trophy Points:
    35
    #5
    Or LiveConfig, yes, but since Kloxo is open source, I'm only suggesting more secure open source solutions here and no commercial ones.
     
    infinitnet, Jan 31, 2014 IP
  6. HalfDedi

    HalfDedi Greenhorn

    Messages:
    30
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    8
    #6
    i personally prefer virtualmin for open source control panel
     
    HalfDedi, Jan 31, 2014 IP
  7. Adam James Jack

    Adam James Jack Banned

    Messages:
    39
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    48
    #7
    Yeah, Kloxo being open source will always be susceptible from these exploits. Open source software normally requires 3rd party coding amendments. As technology progresses, it is necessary to keep open source systems 'hardened'. This go's for any open source software. I have never used Kloxo, so i guess i am lucky!
     
    Adam James Jack, Feb 11, 2014 IP
  8. dedideals

    dedideals Member

    Messages:
    168
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    48
    #8
    Not used it for years, but had to spread the news to clients sadly, it has never been maintained.
     
    dedideals, Feb 11, 2014 IP
  9. Adam James Jack

    Adam James Jack Banned

    Messages:
    39
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    48
    #9
    Yeah, that comes with open source software unfortunately. I hope your clients take the news well :)
     
    Adam James Jack, Feb 11, 2014 IP
    dedideals likes this.
  10. dedideals

    dedideals Member

    Messages:
    168
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    48
    #10
    Luckily only a select few use it a custom version, hopefully they change over
     
    dedideals, Feb 11, 2014 IP
  11. internationalhost

    internationalhost Member

    Messages:
    6
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    36
    #11
    Do you know of the best sites to get near instant updates of security exploits on things like Kloxo, WHMCS, etc.
     
    internationalhost, Feb 11, 2014 IP
  12. infinitnet

    infinitnet Member

    Messages:
    56
    Likes Received:
    7
    Best Answers:
    1
    Trophy Points:
    35
    #12
    Check out: http://www.hostingseclist.com/
     
    infinitnet, Feb 12, 2014 IP