Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Have the Kloxo security holes been fixed since 2009?


Have the Kloxo security holes been fixed since 2009?




Posted by Siterack_net, 07-17-2010, 02:46 PM
I'm looking to offer some free CP options for my vps offerings. I like Koxo's interface, but back in 2009 there were some security flaws that caused major uproar. Does anyone know if these flaws have been resolved, or is Kloxo still a risky environment?
Posted by CodyRo, 07-17-2010, 03:39 PM
They have been since it was released as an open source project. That being said I wouldn't consider it "secure". We're personally working on an in-house solution since it's pretty abysmal.
Posted by Siterack_net, 07-17-2010, 03:55 PM
would OSS panels, like this, be secure enough for people that just need a cp to host there own sites? Are security issues primarily a problem for those that would be selling hosting packages to end users?
Posted by PCS-Chris, 07-17-2010, 04:22 PM
You could always use it to get you setup, then disable the panel and bring up when you need it. If you are not too concerned about security and its for hosting a few personal domains, then go for it.
Posted by Siterack_net, 07-17-2010, 07:33 PM
What I am looking to do is start selling VPS units. I want to be able to provide low cost options for my end clients. It' not for me, but for them. I just want to make sure I am not going to be promoting something that is going to be unreliable or open my customers to potential issues. I understand all control panels can and do have security flaws. I just want to make sure an open source panel is not going to cause undue risk for my clients who opt to use them
Posted by Crashus, 07-17-2010, 08:55 PM
webmin or ispconfig is free and secured
Posted by mkniskanen, 08-26-2010, 11:00 AM
It is a bit uncertain whether "these flaws" ever even existed and if they did they were rumoured - but just rumoured to be in HyperVM, not Kloxo. There is a Wikipedia article about HyperVM. I happened to be in the middle of the storm as a customer and I still do not know what happened. From Wikipedia (search for HyperVM there): "However, the attacker(s) posted their method of attack on a popular webhosting forum, stating that they gained access by the owner's poor choice of passwords and password reuse, and not by any bugs in HyperVM. It was later found out that the owner's Gmail account had been broken into, which is where he stored his passwords." Well, it is possible that the truth will never be known. One may wonder, anyhow, why hundeds of other VPS providers using the same control panel were not exploited, only one single provider... I believe that if the security flaws had been real the damage would have been seen in dozens of data centres. Markku


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Help me choose WiredTree vs KnownHost VPS plans (Views: 708)
If I have csf do I really need fail2ban? (Views: 726)
Do i need sql update? (Views: 768)
Vbulletin - 2 sites, 1 server - want to seperate CMS (Views: 709)
is this the right situation for reseller, or dedicated? (Views: 702)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.