Kloxo漏洞处理方法-Kloxo-MR安装和升级方法

海南胡说2014 年 02 月 09 日7 条评论1 次浏览 6186 字 Linux

原创内容,转载请注明出处:https://www.myzhenai.com.cn/post/1691.html https://www.myzhenai.com/thread-16143-1-1.html
关键词: kloxo漏洞 kloxo-mr kloxo-mr安装 kloxo-mr安装方法 kloxo升级到kloxo-mr的方法 kloxo update kloxo-mr update
Kloxo是一个免费的主机控制面板,简单好用,但由于众所周知的原因,kloxo不再更新了,前段时间kloxo不断曝出一些严重的漏洞,例如前些天的Default目录上传漏洞可以让别有用心的人上传phpddos文件对外进行Ddos攻击,怪不得前段时间Ecvps的技术客服说我的服务器在对外发包,多半是因为这个漏洞造成的. 虽然说可以通过临时的方法来解决这个问题,但还是不太放心,恰好那几天,我收到BuvVM技术客服的一封邮件,要求所有安装了kloxo面板的用户要打上补丁及更新kloxo为kloxo-mr. 我这才注意到kloxo还有一个缓生版本,kloxo-mr的开发与维护者MRatWork好像是印尼人,据说以前也是kloxo维护小组的一员. 有一点需要说明的是,kloxo-mr和kloxo尽管大致上一样,但还是增加了不少的内容,并且一些配置方法也经kloxo麻烦一些了,升级前需要先了解这一点. 有问题可以到 https://forum.mratwork.com/kloxo-mr-technical-helps/ 注册并咨询.
Kloxo-mr readme: https://github.com/mustafaramadhan/kloxo/blob/dev/README.md
Kloxo-mr Instructions: https://github.com/mustafaramadhan/kloxo/blob/dev/how-to-install.txt
BuyVM Upgrade scripts: https://central.buyvm.net/updates/scripts/kloxoupgrade.sh.txt
Dropbox: https://www.dropbox.com/s/2ykyl47ce6sl14w/kloxoupgrade.sh
Installation:

# wget https://central.buyvm.net/updates/scripts/kloxoupgrade.sh.txt
# mv kloxoupgrade.sh.txt kloxoupgrade.sh
# sh kloxoupgrade.sh

 
/* 如果发生安装不能进行的问题,请 vi kloxoupgrade.sh 删除或用#号注释掉 if [ -e “/etc/kloxomr” ]; then 到 fi exit 0 这段内容.
Kloxo-mr Instructions:

A. pre-install -- better for fresh install

    cd /

    # update centos to latest version
    yum update -y
    # install some packages like package-cleanup, etc
    yum install yum-utils yum-priorities vim-minimal subversion curl zip unzip -y
    yum install telnet wget -y

    setenforce 0
    echo 'SELINUX=disabled' > /etc/selinux/config

    cd /

B. Install Kloxo-MR (select B.1 or B.2)

B.1 For Dev (alpha, beta, candidate) Release:

B.1.1. via non-RPM (not recommended for dev)
   - Install/reinstall/upgrade -- data not destroyed with this fork
     for existing kloxo (6.1.x), run 'sh /script/update' first.

    # move to /
    cd /tmp

    # delete if exist, create kloxo temp dir
    rm -rf /tmp/kloxo; mkdir /tmp/kloxo ; cd /tmp/kloxo;

    rm -f ./kloxo-mr-dev.sh

    # get kloxo-mr-dev installer from github
    wget https://github.com/mustafaramadhan/kloxo/raw/dev/kloxo/install/kloxo-mr-dev.sh --no-check-certificate

    # install kloxo
    sh ./kloxo-mr-dev.sh
    
    # better reboot
    reboot

B.1.2. via RPM (recommended for dev)

    # move to /
    cd /tmp

    # get repo file -- no need for 6.5.0.c and after
    wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate
    rpm -ivh mratwork-release-0.0.1-1.noarch.rpm

    # move to /
    cd /

    # update
    yum update mratwork-release

    # edit /etc/yum.repos.d/mratwork.repo
    # from:
    # [mratwork-testing-neutral-noarch]
    # name=MRatWork - testing-neutral-noarch
    # baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/
    # #mirrorlist=https://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt
    # enabled=0
    # gpgcheck=0

    # to:
    # [mratwork-testing-neutral-noarch]
    # name=MRatWork - testing-neutral-noarch
    # baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/
    # #mirrorlist=https://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt
    # enabled=1
    # gpgcheck=0
    # includepkgs=kloxomr

    yum clean all
    yum install kloxomr
   
B.2. For Final Release:
   - Install/reinstall/upgrade -- data not destroyed with this fork
     for existing kloxo (6.1.x), run 'sh /script/update' first.

    # move to /
    cd /tmp

    # get repo file -- no need for 6.5.0.c and after
    wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate
    rpm -ivh mratwork-release-0.0.1-1.noarch.rpm

    # move to /
    cd /

    # update
    yum update mratwork-release

    # additional step for update from Kloxo official
    mv -f /etc/yum.repos.d/lxcenter.repo /etc/yum.repos.d/lxcenter.nonrepo
    # to make sure CentOS 5 with version 5.6 or higher
    yum clean all
    yum update
    sh /script/convert-to-qmailtoaster
    
    # install
    yum install kloxomr -y
    sh /script/upcp -y

    # better reboot
    reboot
    

WARNING:

1. Need running 'sh /script/backup-patch' in Kloxo Official (6.1.12) before backup data.

    - In Kloxo offical run:

        cd /script
        wget https://github.com/mustafaramadhan/kloxo/raw/dev/kloxo/pscript/backup-patch
        sh ./backup-patch
    
2. Since 6.5.0.f-20130701, Kloxo-MR using MySQLi API instead MySQL API. Need update mysql 5.0.x to 5.1.x or above for Centos 5.

    - Check mysql version with:

        mysql -V|awk '{print $5}'

    - Update with 'yum replace mysql --replace-with=mysql55' (ask to forum for update to MariaDB)

 
BuyVM Upgrade scripts:

#!/bin/bash

if [ -e "/etc/kloxomr" ]; then
	rm -f kloxoupgrade.sh
fi	exit 0

echo "#################################################################"
echo "##                   kloxo->kloxo-mr Upgrade                   ##"
echo "#################################################################"


sh /script/update

wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate

rpm -ivh mratwork-release-0.0.1-1.noarch.rpm

yum update mratwork-release

rm -f mratwork-release-0.0.1-1.noarch.rpm

cd /

yum install kloxomr -y

sh /script/upcp -y

sh /script/convert-to-qmailtoaster

echo "#################################################################"
echo "## Install complete, please reboot via https://manage.buyvm.net ##"
echo "#################################################################"

echo "Kloxo upgraded to Kloxo-MR due to presense of /root/.kloxoupgrade
DO NOT REMOVE THIS FILE." > /etc/kloxomr

rm -f kloxoupgrade.sh

 

Kloxo 漏洞 处理 Kloxo-MR 安装 升级 方法
Kloxo漏洞处理方法-Kloxo-MR安装和升级方法

文章二维码

扫码在手机上继续阅读

文章二维码