Beware Kloxo Exploit!
From the very beginning I never use Kloxo but that doesn’t mean I hate it. That’s simply because I was interested with something else than that phenomenal free hosting control panel that has been getting so much attention and fanatic users. It’s a nice control panel software can be installed even on a low end VPS and it’s also resource-friendly compared to its major competitor, WHM/cPanel.
Just recently I got few emails come in from several providers telling a big exclamation about Kloxo exploit and a notification that all clients who installed Kloxo have to remove it immediately due a recently zero day discovered exploit with no workaround currently.
Quoted from WeLoveServer:
Since this morning, we have been combating multiple DDoS attacks across all of our locations. Upon further investigation, this is stemming from compromised VPS containers that utilize the Kloxo control panel software.
We have been made aware of an active zero day exploit in Kloxo with no workaround available. Essentially the exploit spawns a large number of httpd processes that allows the affected system to participate in a DDoS.
We kindly request your immediate attention into this matter, and ask that if you are running Kloxo that you disable it immediately.
Due to the fact that Kloxo developers are inactive and appears to be poorly written, along with the severity of this zero day exploit, we are prohibiting Kloxo to be ran on our VPS servers moving forward in order to protect our network and our users. We believe this is the best resolution, as Kloxo is not a secure software that should be used in any production environment. If your VPS is currently running Kloxo, please wipe your Kloxo install immediately.
Quoted from Iniz:
We have recently become aware of a serious security risk in the Kloxo control panel, we removed the panel from our template list several months due to it being outdated and just recently as in the last few minutes we have seen several VPSs being infected by a vulnerability in Kloxo.
In effect immediately, we ask all clients to reinstall their VPS if they are using Kloxo Control Panel otherwise your VPS will face suspension as it causes 100+ load and high outgoing PPS from what we have discovered.
Far better alternatives exist which are available for free as well which are updated regurarly and a lot more secure, we suggest you move to them if you depend on a hosting control panel immediately.
If you still require a control panel, below is a list of alternative free control panels that you can consider installing:
- VestaCP (How to install)
- zPanel CP (How to Install)
Have some thought? Do not hesitate to share it in comment section below..
Remember, It’s not include Kloxo-MR (Kloxo fork by Mustafa Ramadhan; see http://forum.mratwork.com).