Kloxo
Encyclopedia
Kloxo is a free, opensource web hosting control panel
for the Red Hat
and CentOS
Linux distribution
s.
Kloxo allows the host administrators to run a combination of lighttpd or Apache with djbdns or bind, and provides a graphical interface to switch between these programs without losing data. Kloxo Enterprise can transparently move web/mail/dns from one server running Apache to another running lighttpd. It is also known as a good free alternative to cPanel hosting control panel.
Kloxo comes integrated with Installapp, which is a bundle of approximately 130 web applications that can be installed to the hosted websites. It is supported by Installatron - a third party application installer (similar to Fantastico
) as a plugin.
- was rumored to have been exploited in a massive attack at the British VAserv budget webhosting company. Crackers deleted the content of 100,000 hosted websites in one go, after gaining root access to the system. Evidence of HyperVM being the cause of the attack has never been proven to date. A detailed timeline of these events was posted several months later.
It is widely acknowledged by the hacker(s), and parties involved that the core exploit had to do with the administrator of those VPS's reusing the same password on all installs, and not utilizing the SSL security feature. Many believe that lead to the transmission of the password in plain text, allowing the hacker to sniff, and exploit the host.
Since then, it has since been discovered that only a few vulnerabilities were existent in both products, many of which have been patched. The remaining vulnerabilities are being patched.
It was announced on July 10, 2009, that Kloxo and HyperVM would be continued in an open source consortium to be formed by Arthur Thornton, Danny Terweij, and S Bhargava. However, on October 25, 2009, Arthur Thornton officially resigned as the lead developer of Kloxo and HyperVM. Following his resignation, the HyperVM and Kloxo source code was officially released to the public. Arthur Thornton resumed his work on Kloxo and HyperVM in the background in mid-February 2010. As of May 2010, he is now back in the public and should soon be back full time, though not as lead developer. Andre Allen became Project Manager at LxCenter in late February 2010, at the decision of Danny Terweij.
Control panel (Web hosting)
A control panel, in web hosting, is a web-based interface provided by the hosting company that allows customers to manage their various hosted services in a single place.Some of the commonly available modules in most control panels:* Access to server logs....
for the Red Hat
Red Hat
Red Hat, Inc. is an S&P 500 company in the free and open source software sector, and a major Linux distribution vendor. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North Carolina with satellite offices worldwide....
and CentOS
CentOS
CentOS is a free operating system based on Red Hat Enterprise Linux . It exists to provide a free enterprise class computing platform and strives to maintain 100% binary compatibility with its upstream distribution...
Linux distribution
Linux distribution
A Linux distribution is a member of the family of Unix-like operating systems built on top of the Linux kernel. Such distributions are operating systems including a large collection of software applications such as word processors, spreadsheets, media players, and database applications...
s.
Kloxo allows the host administrators to run a combination of lighttpd or Apache with djbdns or bind, and provides a graphical interface to switch between these programs without losing data. Kloxo Enterprise can transparently move web/mail/dns from one server running Apache to another running lighttpd. It is also known as a good free alternative to cPanel hosting control panel.
Kloxo comes integrated with Installapp, which is a bundle of approximately 130 web applications that can be installed to the hosted websites. It is supported by Installatron - a third party application installer (similar to Fantastico
Fantastico
Fantastico may refer to:*Fantastico , a Bulgarian supermarket chain*Fantástico, a Brazilian television newsmagazine*Fantastico, the arch-nemesis of superhero Terrifica*Fantastico , an application installer script library...
) as a plugin.
Lxadmin/Kloxo name change
Due to concerns about the appropriation of the name (Lxadmin) the name was replaced with Kloxo. There was an outcry from users as the name change involved a complete upgrade of file structures and it was about two weeks before there was an upgrade script for hosting companies.Security issues
In early June 2009, security related blogs and websites posted details of security loopholes in LxAdmin/Kloxo. Around this time, another piece of software created by the same vendor - HyperVMHyperVM
HyperVM is a multi-tiered, multi-server, multi-virtualization software product allowing a VPS vendor to provision, manage and delegate Xen or OpenVZ based virtual private servers. HyperVM also comes integrated with Kloxo hosting control panel which means that, using HyperVM, the provider can deploy...
- was rumored to have been exploited in a massive attack at the British VAserv budget webhosting company. Crackers deleted the content of 100,000 hosted websites in one go, after gaining root access to the system. Evidence of HyperVM being the cause of the attack has never been proven to date. A detailed timeline of these events was posted several months later.
It is widely acknowledged by the hacker(s), and parties involved that the core exploit had to do with the administrator of those VPS's reusing the same password on all installs, and not utilizing the SSL security feature. Many believe that lead to the transmission of the password in plain text, allowing the hacker to sniff, and exploit the host.
Since then, it has since been discovered that only a few vulnerabilities were existent in both products, many of which have been patched. The remaining vulnerabilities are being patched.
Project Continuity
The company's founder, K. T. Ligesh, then committed suicide on June 8, 2009 following the security failure and subsequent loss of a large bid to a competitor. Ligesh had long standing personal issues following his mother's suicide 5 years before.It was announced on July 10, 2009, that Kloxo and HyperVM would be continued in an open source consortium to be formed by Arthur Thornton, Danny Terweij, and S Bhargava. However, on October 25, 2009, Arthur Thornton officially resigned as the lead developer of Kloxo and HyperVM. Following his resignation, the HyperVM and Kloxo source code was officially released to the public. Arthur Thornton resumed his work on Kloxo and HyperVM in the background in mid-February 2010. As of May 2010, he is now back in the public and should soon be back full time, though not as lead developer. Andre Allen became Project Manager at LxCenter in late February 2010, at the decision of Danny Terweij.