amuck-landowner

Kloxo installations compromised

Patrick

Patrick

INIZ.COM
Verified Provider
Keen said:
I hate Iniz.

If I pay I decide what I want to use! Iniz promotes Vesta. Why?
Click to expand...
We recommended it as an alternative, it's up to you if you want to use it. No way did the email force people to use it.  Or we can let clients flood in tickets asking what do we use now or we give them an suggestion which has active development.

Hate is very strong word, unless of course you wish to continue using Kloxo where the malicious script sends out DDoS to bank of america (of which we won't allow which is why every VPS will be suspended every time there caught running it by the spike in load from the exploit) in which it can also lead to your sites being hacked if not already done by the attackers. 
 
Last edited by a moderator:
Francisco

Francisco

Company Lube
Verified Provider
What a clusterfuck.

At peak we were pushing ~1.5M pps out over this crap.

A fairly big handful of nodes simply locked up from conntrack being so slammed.

Not a great thing to get woken up over. > :(

Oh well, I got some adjustments in place that I wanted to.

Francisco
 
D

dcdan

New Member
Verified Provider
Yeah, we too have received a long list of attacking IPs from BOFA (although we cleared everything up a few hours before they sent the abuse report). We will be making changes to Nodewatch so that this type of attacks is detected automatically.
 
peterw

peterw

New Member
A well prepared and executed attack. I hate old 0days that can catch such a lot of servers. At least every provider I am with was sending a email about shutting down all kloxo vps. Best thing to do is reinstalling the whole vps. You don't know if others add something else to your vps.
 
vRozenSch00n

vRozenSch00n

Active Member
To avoid confusion:

  1. Kloxo Official is the opensource version of former LxCenter's LxAdmin Enterprise, latest version is 6.1.12 (released in March 2012) only supports CentOS 5.x., unstable with lots of security issues.
  2. Kloxo HIB "Host-InA-Box" is an old OpenVZ template, and it is an official LxCenter release as a replacement of LxAdmin Host-InA-Box, but it has never been upgraded since its release, only supports CentOS 5.x., unstable with lots of security issues. 
  3. Kloxo-MR is a fork of Kloxo Official by Mustafa Ramadhan, it is actively developed, supports CentOS 5.x & 6.x. No known security issue.
 
K

keepass

New Member
Hello,

Ok guys but how I can permamently disable KLOXO for VPS which will be create in future? I don't see option like this "Disable KLOXO button"
 
KuJoe

KuJoe

Well-Known Member
Verified Provider
keepass said:
Hello,

Ok guys but how I can permamently disable KLOXO for VPS which will be create in future? I don't see option like this "Disable KLOXO button"
Click to expand...
What do you mean? Can you be more specific in what you're trying to do?

vRozenSch00n said:
  1. Kloxo-MR is a fork of Kloxo Official by Mustafa Ramadhan, it is actively developed, supports CentOS 5.x & 6.x. No known security issue.
Click to expand...
Looks like Rack911 found a critical root exploit within minutes of looking at the code. They won't do a free audit on the software but they recommend avoiding anything based off Kloxo including Kloxo-MR. So now I've been recommending a replacement that's not much better than the software being replaced. :(
 
Last edited by a moderator:
You must log in or register to reply here.
Top
amuck-landowner