Kloxo漏洞处理方法-Kloxo-MR安装和升级方法

2014年02月9日

原创内容,转载请注明出处:https://www.myzhenai.com.cn/post/1691.html https://www.myzhenai.com/thread-16143-1-1.html
关键词: kloxo漏洞 kloxo-mr kloxo-mr安装 kloxo-mr安装方法 kloxo升级到kloxo-mr的方法 kloxo update kloxo-mr update
Kloxo是一个免费的主机控制面板,简单好用,但由于众所周知的原因,kloxo不再更新了,前段时间kloxo不断曝出一些严重的漏洞,例如前些天的Default目录上传漏洞可以让别有用心的人上传phpddos文件对外进行Ddos攻击,怪不得前段时间Ecvps的技术客服说我的服务器在对外发包,多半是因为这个漏洞造成的. 虽然说可以通过临时的方法来解决这个问题,但还是不太放心,恰好那几天,我收到BuvVM技术客服的一封邮件,要求所有安装了kloxo面板的用户要打上补丁及更新kloxo为kloxo-mr. 我这才注意到kloxo还有一个缓生版本,kloxo-mr的开发与维护者MRatWork好像是印尼人,据说以前也是kloxo维护小组的一员. 有一点需要说明的是,kloxo-mr和kloxo尽管大致上一样,但还是增加了不少的内容,并且一些配置方法也经kloxo麻烦一些了,升级前需要先了解这一点. 有问题可以到 https://forum.mratwork.com/kloxo-mr-technical-helps/ 注册并咨询.
Kloxo-mr readme: https://github.com/mustafaramadhan/kloxo/blob/dev/README.md
Kloxo-mr Instructions: https://github.com/mustafaramadhan/kloxo/blob/dev/how-to-install.txt
BuyVM Upgrade scripts: https://central.buyvm.net/updates/scripts/kloxoupgrade.sh.txt
Dropbox: https://www.dropbox.com/s/2ykyl47ce6sl14w/kloxoupgrade.sh
Installation:

# wget https://central.buyvm.net/updates/scripts/kloxoupgrade.sh.txt
# mv kloxoupgrade.sh.txt kloxoupgrade.sh
# sh kloxoupgrade.sh

 
/* 如果发生安装不能进行的问题,请 vi kloxoupgrade.sh 删除或用#号注释掉 if [ -e “/etc/kloxomr” ]; then 到 fi exit 0 这段内容.
Kloxo-mr Instructions:

A. pre-install -- better for fresh install

    cd /

    # update centos to latest version
    yum update -y
    # install some packages like package-cleanup, etc
    yum install yum-utils yum-priorities vim-minimal subversion curl zip unzip -y
    yum install telnet wget -y

    setenforce 0
    echo 'SELINUX=disabled' > /etc/selinux/config

    cd /

B. Install Kloxo-MR (select B.1 or B.2)

B.1 For Dev (alpha, beta, candidate) Release:

B.1.1. via non-RPM (not recommended for dev)
   - Install/reinstall/upgrade -- data not destroyed with this fork
     for existing kloxo (6.1.x), run 'sh /script/update' first.

    # move to /
    cd /tmp

    # delete if exist, create kloxo temp dir
    rm -rf /tmp/kloxo; mkdir /tmp/kloxo ; cd /tmp/kloxo;

    rm -f ./kloxo-mr-dev.sh

    # get kloxo-mr-dev installer from github
    wget https://github.com/mustafaramadhan/kloxo/raw/dev/kloxo/install/kloxo-mr-dev.sh --no-check-certificate

    # install kloxo
    sh ./kloxo-mr-dev.sh
    
    # better reboot
    reboot

B.1.2. via RPM (recommended for dev)

    # move to /
    cd /tmp

    # get repo file -- no need for 6.5.0.c and after
    wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate
    rpm -ivh mratwork-release-0.0.1-1.noarch.rpm

    # move to /
    cd /

    # update
    yum update mratwork-release

    # edit /etc/yum.repos.d/mratwork.repo
    # from:
    # [mratwork-testing-neutral-noarch]
    # name=MRatWork - testing-neutral-noarch
    # baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/
    # #mirrorlist=https://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt
    # enabled=0
    # gpgcheck=0

    # to:
    # [mratwork-testing-neutral-noarch]
    # name=MRatWork - testing-neutral-noarch
    # baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/
    # #mirrorlist=https://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt
    # enabled=1
    # gpgcheck=0
    # includepkgs=kloxomr

    yum clean all
    yum install kloxomr
   
B.2. For Final Release:
   - Install/reinstall/upgrade -- data not destroyed with this fork
     for existing kloxo (6.1.x), run 'sh /script/update' first.

    # move to /
    cd /tmp

    # get repo file -- no need for 6.5.0.c and after
    wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate
    rpm -ivh mratwork-release-0.0.1-1.noarch.rpm

    # move to /
    cd /

    # update
    yum update mratwork-release

    # additional step for update from Kloxo official
    mv -f /etc/yum.repos.d/lxcenter.repo /etc/yum.repos.d/lxcenter.nonrepo
    # to make sure CentOS 5 with version 5.6 or higher
    yum clean all
    yum update
    sh /script/convert-to-qmailtoaster
    
    # install
    yum install kloxomr -y
    sh /script/upcp -y

    # better reboot
    reboot
    

WARNING:

1. Need running 'sh /script/backup-patch' in Kloxo Official (6.1.12) before backup data.

    - In Kloxo offical run:

        cd /script
        wget https://github.com/mustafaramadhan/kloxo/raw/dev/kloxo/pscript/backup-patch
        sh ./backup-patch
    
2. Since 6.5.0.f-20130701, Kloxo-MR using MySQLi API instead MySQL API. Need update mysql 5.0.x to 5.1.x or above for Centos 5.

    - Check mysql version with:

        mysql -V|awk '{print $5}'

    - Update with 'yum replace mysql --replace-with=mysql55' (ask to forum for update to MariaDB)

 
BuyVM Upgrade scripts:

#!/bin/bash

if [ -e "/etc/kloxomr" ]; then
	rm -f kloxoupgrade.sh
fi	exit 0

echo "#################################################################"
echo "##                   kloxo->kloxo-mr Upgrade                   ##"
echo "#################################################################"


sh /script/update

wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate

rpm -ivh mratwork-release-0.0.1-1.noarch.rpm

yum update mratwork-release

rm -f mratwork-release-0.0.1-1.noarch.rpm

cd /

yum install kloxomr -y

sh /script/upcp -y

sh /script/convert-to-qmailtoaster

echo "#################################################################"
echo "## Install complete, please reboot via https://manage.buyvm.net ##"
echo "#################################################################"

echo "Kloxo upgraded to Kloxo-MR due to presense of /root/.kloxoupgrade
DO NOT REMOVE THIS FILE." > /etc/kloxomr

rm -f kloxoupgrade.sh

 

Kloxo 漏洞 处理 Kloxo-MR 安装 升级 方法

Kloxo漏洞处理方法-Kloxo-MR安装和升级方法


sicnature ---------------------------------------------------------------------
I P 地 址: 18.220.55.82
区 域 位 置: 美国俄亥俄
系 统 信 息: 美国
Original content, please indicate the source:
同福客栈论坛 | 蟒蛇科普海南乡情论坛 | JiaYu Blog
sicnature ---------------------------------------------------------------------
Welcome to reprint. Please indicate the source http://myzhenai.com/post/1691.html

7条评论

  • 海南胡说 2014年02月9日在4:10 下午

    假如您不愿意升级kloxo到Kloxo-mr,可以尝试使用临时的解决方法来避免漏洞攻击.
    #rm -rf /home/kloxo/httpd/default/*.php
    #chmod 000 /home/kloxo/httpd/default
    #find /home/admin -type d -name cgi-bin -exec rm -r {} \;

    • 吴红正 2015年07月15日在11:56 上午

      你好 我不是升级 我是安装就抱这个错

      • 吴红正 2015年07月15日在12:00 下午

        以前装的蛮好的,是不是安装程序升级了 出的问题
        请看这个安装包日期都是最新的: kloxomr-6.5.0.f-2015071401.mr.noarch.rpm

        谢谢了

  • 吴红正 2015年07月15日在11:46 上午

    Kloxo-MR 今天开始就出现不能一键安装 请帮助解决下 谢谢
    报错:
    Total download size: 6.3 M
    Installed size: 13 M
    Downloading Packages:
    https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/kloxomr-6.5.0.f-2015071401.mr.noarch.rpm: [Errno 14] PYCURL ERROR 22 – “The requested URL returned error: 404 Not Found”
    Trying other mirror.

    • 海南胡说 2015年07月16日在11:46 下午

      看错误,好像是你那里的网络问题,没办法打开这个地址造成的.
      你是在哪一步报错? wget报错?

  • 国哥 2015年08月19日在11:36 下午

    sh /script/upcp -y这一步很多报错是怎回事?

    • 海南胡说 2015年08月25日在4:05 下午

      使用的是最新版的安装包吗?

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注