原创内容,转载请注明出处:https://www.myzhenai.com.cn/post/1691.html https://www.myzhenai.com/thread-16143-1-1.html
关键词: kloxo漏洞 kloxo-mr kloxo-mr安装 kloxo-mr安装方法 kloxo升级到kloxo-mr的方法 kloxo update kloxo-mr update
Kloxo是一个免费的主机控制面板,简单好用,但由于众所周知的原因,kloxo不再更新了,前段时间kloxo不断曝出一些严重的漏洞,例如前些天的Default目录上传漏洞可以让别有用心的人上传phpddos文件对外进行Ddos攻击,怪不得前段时间Ecvps的技术客服说我的服务器在对外发包,多半是因为这个漏洞造成的. 虽然说可以通过临时的方法来解决这个问题,但还是不太放心,恰好那几天,我收到BuvVM技术客服的一封邮件,要求所有安装了kloxo面板的用户要打上补丁及更新kloxo为kloxo-mr. 我这才注意到kloxo还有一个缓生版本,kloxo-mr的开发与维护者MRatWork好像是印尼人,据说以前也是kloxo维护小组的一员. 有一点需要说明的是,kloxo-mr和kloxo尽管大致上一样,但还是增加了不少的内容,并且一些配置方法也经kloxo麻烦一些了,升级前需要先了解这一点. 有问题可以到 https://forum.mratwork.com/kloxo-mr-technical-helps/ 注册并咨询.
Kloxo-mr readme: https://github.com/mustafaramadhan/kloxo/blob/dev/README.md
Kloxo-mr Instructions: https://github.com/mustafaramadhan/kloxo/blob/dev/how-to-install.txt
BuyVM Upgrade scripts: https://central.buyvm.net/updates/scripts/kloxoupgrade.sh.txt
Dropbox: https://www.dropbox.com/s/2ykyl47ce6sl14w/kloxoupgrade.sh
Installation:
# wget https://central.buyvm.net/updates/scripts/kloxoupgrade.sh.txt # mv kloxoupgrade.sh.txt kloxoupgrade.sh # sh kloxoupgrade.sh
/* 如果发生安装不能进行的问题,请 vi kloxoupgrade.sh 删除或用#号注释掉 if [ -e “/etc/kloxomr” ]; then 到 fi exit 0 这段内容.
Kloxo-mr Instructions:
A. pre-install -- better for fresh install
cd /
# update centos to latest version
yum update -y
# install some packages like package-cleanup, etc
yum install yum-utils yum-priorities vim-minimal subversion curl zip unzip -y
yum install telnet wget -y
setenforce 0
echo 'SELINUX=disabled' > /etc/selinux/config
cd /
B. Install Kloxo-MR (select B.1 or B.2)
B.1 For Dev (alpha, beta, candidate) Release:
B.1.1. via non-RPM (not recommended for dev)
- Install/reinstall/upgrade -- data not destroyed with this fork
for existing kloxo (6.1.x), run 'sh /script/update' first.
# move to /
cd /tmp
# delete if exist, create kloxo temp dir
rm -rf /tmp/kloxo; mkdir /tmp/kloxo ; cd /tmp/kloxo;
rm -f ./kloxo-mr-dev.sh
# get kloxo-mr-dev installer from github
wget https://github.com/mustafaramadhan/kloxo/raw/dev/kloxo/install/kloxo-mr-dev.sh --no-check-certificate
# install kloxo
sh ./kloxo-mr-dev.sh
# better reboot
reboot
B.1.2. via RPM (recommended for dev)
# move to /
cd /tmp
# get repo file -- no need for 6.5.0.c and after
wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate
rpm -ivh mratwork-release-0.0.1-1.noarch.rpm
# move to /
cd /
# update
yum update mratwork-release
# edit /etc/yum.repos.d/mratwork.repo
# from:
# [mratwork-testing-neutral-noarch]
# name=MRatWork - testing-neutral-noarch
# baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/
# #mirrorlist=https://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt
# enabled=0
# gpgcheck=0
# to:
# [mratwork-testing-neutral-noarch]
# name=MRatWork - testing-neutral-noarch
# baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/
# #mirrorlist=https://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt
# enabled=1
# gpgcheck=0
# includepkgs=kloxomr
yum clean all
yum install kloxomr
B.2. For Final Release:
- Install/reinstall/upgrade -- data not destroyed with this fork
for existing kloxo (6.1.x), run 'sh /script/update' first.
# move to /
cd /tmp
# get repo file -- no need for 6.5.0.c and after
wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate
rpm -ivh mratwork-release-0.0.1-1.noarch.rpm
# move to /
cd /
# update
yum update mratwork-release
# additional step for update from Kloxo official
mv -f /etc/yum.repos.d/lxcenter.repo /etc/yum.repos.d/lxcenter.nonrepo
# to make sure CentOS 5 with version 5.6 or higher
yum clean all
yum update
sh /script/convert-to-qmailtoaster
# install
yum install kloxomr -y
sh /script/upcp -y
# better reboot
reboot
WARNING:
1. Need running 'sh /script/backup-patch' in Kloxo Official (6.1.12) before backup data.
- In Kloxo offical run:
cd /script
wget https://github.com/mustafaramadhan/kloxo/raw/dev/kloxo/pscript/backup-patch
sh ./backup-patch
2. Since 6.5.0.f-20130701, Kloxo-MR using MySQLi API instead MySQL API. Need update mysql 5.0.x to 5.1.x or above for Centos 5.
- Check mysql version with:
mysql -V|awk '{print $5}'
- Update with 'yum replace mysql --replace-with=mysql55' (ask to forum for update to MariaDB)
BuyVM Upgrade scripts:
#!/bin/bash if [ -e "/etc/kloxomr" ]; then rm -f kloxoupgrade.sh fi exit 0 echo "#################################################################" echo "## kloxo->kloxo-mr Upgrade ##" echo "#################################################################" sh /script/update wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate rpm -ivh mratwork-release-0.0.1-1.noarch.rpm yum update mratwork-release rm -f mratwork-release-0.0.1-1.noarch.rpm cd / yum install kloxomr -y sh /script/upcp -y sh /script/convert-to-qmailtoaster echo "#################################################################" echo "## Install complete, please reboot via https://manage.buyvm.net ##" echo "#################################################################" echo "Kloxo upgraded to Kloxo-MR due to presense of /root/.kloxoupgrade DO NOT REMOVE THIS FILE." > /etc/kloxomr rm -f kloxoupgrade.sh
Kloxo漏洞处理方法-Kloxo-MR安装和升级方法
sicnature ---------------------------------------------------------------------
I P 地 址: 216.73.216.107
区 域 位 置: 美国加利福尼亚洛杉矶
系 统 信 息:
Original content, please indicate the source:
同福客栈论坛 | 蟒蛇科普 | 海南乡情论坛 | JiaYu Blog
sicnature ---------------------------------------------------------------------
7条评论
假如您不愿意升级kloxo到Kloxo-mr,可以尝试使用临时的解决方法来避免漏洞攻击.
#rm -rf /home/kloxo/httpd/default/*.php
#chmod 000 /home/kloxo/httpd/default
#find /home/admin -type d -name cgi-bin -exec rm -r {} \;
你好 我不是升级 我是安装就抱这个错
以前装的蛮好的,是不是安装程序升级了 出的问题
请看这个安装包日期都是最新的: kloxomr-6.5.0.f-2015071401.mr.noarch.rpm
谢谢了
Kloxo-MR 今天开始就出现不能一键安装 请帮助解决下 谢谢
报错:
Total download size: 6.3 M
Installed size: 13 M
Downloading Packages:
https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/kloxomr-6.5.0.f-2015071401.mr.noarch.rpm: [Errno 14] PYCURL ERROR 22 – “The requested URL returned error: 404 Not Found”
Trying other mirror.
看错误,好像是你那里的网络问题,没办法打开这个地址造成的.
你是在哪一步报错? wget报错?
sh /script/upcp -y这一步很多报错是怎回事?
使用的是最新版的安装包吗?