As many of you’re aware, Kloxo is a free web-hosting control panel with a good interface. It has many features like simple two step panel installation, one touch CMS installations, easy client management(client/reseller). But just a few days back, a new Zero Day has been discovered in this panel. Which causes a serious server security threat.
What is a Zero Day?
It is an exploit in system, for which even the system developers are unaware. If you found a zero day in an operating system, then you can develop/deploy your own codes/threats in that system without triggering any alarm or changes in the system security. It is like a legal dark back door of a system. Zero days of various operating systems will be sold in the black market. (Hope NSA will be their first customer :p)
What does this zero day do with Kloxo?
Through this zero day, users are injected PHP scripts into the default site document root /home/kloxo/httpd/default/. Default is the site for which your server/vps main IP is assigned to. If you access your main IP via browser, your default site will be displayed.
These scripts are used to send amfult packets of data and thus acting as a source for DDOS attack.
What is the Fix?
Nothing. Currently, kloxo developers were unable to find a permanent solution to fix this zero day effectively. The main reason of this may be an Outdated operating system, if you wish to install kloxo, you must install Cent OS 5, to support the panel, you cannot use the latest Cent OS versions. Whereas the latest available centos version is Cent OS 6.5.
The current solution is to stop the kloxo daemon service and maintain the same, until the further notice arrives.
/etc/init.d/kloxo stop
Else, reinstall the operating system and install other different open source control panels. Currently kloxo have disabled it all services, even demo. Kloxo panel nows show internal error http://demo.kloxo.com:7778/