原创内容,转载请注明出处:https://www.myzhenai.com.cn/post/1691.html https://www.myzhenai.com/thread-16143-1-1.html
关键词: kloxo漏洞 kloxo-mr kloxo-mr安装 kloxo-mr安装方法 kloxo升级到kloxo-mr的方法 kloxo update kloxo-mr update
Kloxo是一个免费的主机控制面板,简单好用,但由于众所周知的原因,kloxo不再更新了,前段时间kloxo不断曝出一些严重的漏洞,例如前些天的Default目录上传漏洞可以让别有用心的人上传phpddos文件对外进行Ddos攻击,怪不得前段时间Ecvps的技术客服说我的服务器在对外发包,多半是因为这个漏洞造成的. 虽然说可以通过临时的方法来解决这个问题,但还是不太放心,恰好那几天,我收到BuvVM技术客服的一封邮件,要求所有安装了kloxo面板的用户要打上补丁及更新kloxo为kloxo-mr. 我这才注意到kloxo还有一个缓生版本,kloxo-mr的开发与维护者MRatWork好像是印尼人,据说以前也是kloxo维护小组的一员. 有一点需要说明的是,kloxo-mr和kloxo尽管大致上一样,但还是增加了不少的内容,并且一些配置方法也经kloxo麻烦一些了,升级前需要先了解这一点. 有问题可以到 https://forum.mratwork.com/kloxo-mr-technical-helps/ 注册并咨询.
Kloxo-mr readme: https://github.com/mustafaramadhan/kloxo/blob/dev/README.md
Kloxo-mr Instructions: https://github.com/mustafaramadhan/kloxo/blob/dev/how-to-install.txt
BuyVM Upgrade scripts: https://central.buyvm.net/updates/scripts/kloxoupgrade.sh.txt
Dropbox: https://www.dropbox.com/s/2ykyl47ce6sl14w/kloxoupgrade.sh
Installation:
# wget https://central.buyvm.net/updates/scripts/kloxoupgrade.sh.txt # mv kloxoupgrade.sh.txt kloxoupgrade.sh # sh kloxoupgrade.sh
/* 如果发生安装不能进行的问题,请 vi kloxoupgrade.sh 删除或用#号注释掉 if [ -e “/etc/kloxomr” ]; then 到 fi exit 0 这段内容.
Kloxo-mr Instructions:
A. pre-install -- better for fresh install cd / # update centos to latest version yum update -y # install some packages like package-cleanup, etc yum install yum-utils yum-priorities vim-minimal subversion curl zip unzip -y yum install telnet wget -y setenforce 0 echo 'SELINUX=disabled' > /etc/selinux/config cd / B. Install Kloxo-MR (select B.1 or B.2) B.1 For Dev (alpha, beta, candidate) Release: B.1.1. via non-RPM (not recommended for dev) - Install/reinstall/upgrade -- data not destroyed with this fork for existing kloxo (6.1.x), run 'sh /script/update' first. # move to / cd /tmp # delete if exist, create kloxo temp dir rm -rf /tmp/kloxo; mkdir /tmp/kloxo ; cd /tmp/kloxo; rm -f ./kloxo-mr-dev.sh # get kloxo-mr-dev installer from github wget https://github.com/mustafaramadhan/kloxo/raw/dev/kloxo/install/kloxo-mr-dev.sh --no-check-certificate # install kloxo sh ./kloxo-mr-dev.sh # better reboot reboot B.1.2. via RPM (recommended for dev) # move to / cd /tmp # get repo file -- no need for 6.5.0.c and after wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate rpm -ivh mratwork-release-0.0.1-1.noarch.rpm # move to / cd / # update yum update mratwork-release # edit /etc/yum.repos.d/mratwork.repo # from: # [mratwork-testing-neutral-noarch] # name=MRatWork - testing-neutral-noarch # baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/ # #mirrorlist=https://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt # enabled=0 # gpgcheck=0 # to: # [mratwork-testing-neutral-noarch] # name=MRatWork - testing-neutral-noarch # baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/ # #mirrorlist=https://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt # enabled=1 # gpgcheck=0 # includepkgs=kloxomr yum clean all yum install kloxomr B.2. For Final Release: - Install/reinstall/upgrade -- data not destroyed with this fork for existing kloxo (6.1.x), run 'sh /script/update' first. # move to / cd /tmp # get repo file -- no need for 6.5.0.c and after wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate rpm -ivh mratwork-release-0.0.1-1.noarch.rpm # move to / cd / # update yum update mratwork-release # additional step for update from Kloxo official mv -f /etc/yum.repos.d/lxcenter.repo /etc/yum.repos.d/lxcenter.nonrepo # to make sure CentOS 5 with version 5.6 or higher yum clean all yum update sh /script/convert-to-qmailtoaster # install yum install kloxomr -y sh /script/upcp -y # better reboot reboot WARNING: 1. Need running 'sh /script/backup-patch' in Kloxo Official (6.1.12) before backup data. - In Kloxo offical run: cd /script wget https://github.com/mustafaramadhan/kloxo/raw/dev/kloxo/pscript/backup-patch sh ./backup-patch 2. Since 6.5.0.f-20130701, Kloxo-MR using MySQLi API instead MySQL API. Need update mysql 5.0.x to 5.1.x or above for Centos 5. - Check mysql version with: mysql -V|awk '{print $5}' - Update with 'yum replace mysql --replace-with=mysql55' (ask to forum for update to MariaDB)
BuyVM Upgrade scripts:
#!/bin/bash if [ -e "/etc/kloxomr" ]; then rm -f kloxoupgrade.sh fi exit 0 echo "#################################################################" echo "## kloxo->kloxo-mr Upgrade ##" echo "#################################################################" sh /script/update wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate rpm -ivh mratwork-release-0.0.1-1.noarch.rpm yum update mratwork-release rm -f mratwork-release-0.0.1-1.noarch.rpm cd / yum install kloxomr -y sh /script/upcp -y sh /script/convert-to-qmailtoaster echo "#################################################################" echo "## Install complete, please reboot via https://manage.buyvm.net ##" echo "#################################################################" echo "Kloxo upgraded to Kloxo-MR due to presense of /root/.kloxoupgrade DO NOT REMOVE THIS FILE." > /etc/kloxomr rm -f kloxoupgrade.sh
sicnature ---------------------------------------------------------------------
I P 地 址: 18.220.55.82
区 域 位 置: 美国俄亥俄
系 统 信 息:
Original content, please indicate the source:
同福客栈论坛 | 蟒蛇科普 | 海南乡情论坛 | JiaYu Blog
sicnature ---------------------------------------------------------------------
7条评论
假如您不愿意升级kloxo到Kloxo-mr,可以尝试使用临时的解决方法来避免漏洞攻击.
#rm -rf /home/kloxo/httpd/default/*.php
#chmod 000 /home/kloxo/httpd/default
#find /home/admin -type d -name cgi-bin -exec rm -r {} \;
你好 我不是升级 我是安装就抱这个错
以前装的蛮好的,是不是安装程序升级了 出的问题
请看这个安装包日期都是最新的: kloxomr-6.5.0.f-2015071401.mr.noarch.rpm
谢谢了
Kloxo-MR 今天开始就出现不能一键安装 请帮助解决下 谢谢
报错:
Total download size: 6.3 M
Installed size: 13 M
Downloading Packages:
https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/kloxomr-6.5.0.f-2015071401.mr.noarch.rpm: [Errno 14] PYCURL ERROR 22 – “The requested URL returned error: 404 Not Found”
Trying other mirror.
看错误,好像是你那里的网络问题,没办法打开这个地址造成的.
你是在哪一步报错? wget报错?
sh /script/upcp -y这一步很多报错是怎回事?
使用的是最新版的安装包吗?