Yesterday a new exploit for the hosting control panel "Kloxo" was discovered. The hackers are using an SQL vulnerability in Kloxo to gain access the the system and then use it to send DDoS. Hundereds of hosting providers are affected and started to suspend servers that were running Kloxo. There is an ongoing discussion on WHT about this. If you are a hosting provider, you should notify your clients immediately. If you're running Kloxo, you should upgrade to Kloxo-MR immediately, which is a Kloxo fork which is still under active development and had this vulnerability patched a while ago. A better and more secure alternative to Kloxo would be ISPConfig.
Yes, I don't recommend anyone to use Kloxo or it's forks, but rather ISPConfig or, if they like the interface, Webmin/Usermin.
Or LiveConfig, yes, but since Kloxo is open source, I'm only suggesting more secure open source solutions here and no commercial ones.
Yeah, Kloxo being open source will always be susceptible from these exploits. Open source software normally requires 3rd party coding amendments. As technology progresses, it is necessary to keep open source systems 'hardened'. This go's for any open source software. I have never used Kloxo, so i guess i am lucky!
Do you know of the best sites to get near instant updates of security exploits on things like Kloxo, WHMCS, etc.