Kloxo漏洞处理方法-Kloxo-MR安装和升级方法

2014年02月9日

原创内容,转载请注明出处:https://www.myzhenai.com.cn/post/1691.html https://www.myzhenai.com/thread-16143-1-1.html
关键词: kloxo漏洞 kloxo-mr kloxo-mr安装 kloxo-mr安装方法 kloxo升级到kloxo-mr的方法 kloxo update kloxo-mr update
Kloxo是一个免费的主机控制面板,简单好用,但由于众所周知的原因,kloxo不再更新了,前段时间kloxo不断曝出一些严重的漏洞,例如前些天的Default目录上传漏洞可以让别有用心的人上传phpddos文件对外进行Ddos攻击,怪不得前段时间Ecvps的技术客服说我的服务器在对外发包,多半是因为这个漏洞造成的. 虽然说可以通过临时的方法来解决这个问题,但还是不太放心,恰好那几天,我收到BuvVM技术客服的一封邮件,要求所有安装了kloxo面板的用户要打上补丁及更新kloxo为kloxo-mr. 我这才注意到kloxo还有一个缓生版本,kloxo-mr的开发与维护者MRatWork好像是印尼人,据说以前也是kloxo维护小组的一员. 有一点需要说明的是,kloxo-mr和kloxo尽管大致上一样,但还是增加了不少的内容,并且一些配置方法也经kloxo麻烦一些了,升级前需要先了解这一点. 有问题可以到 https://forum.mratwork.com/kloxo-mr-technical-helps/ 注册并咨询.
Kloxo-mr readme: https://github.com/mustafaramadhan/kloxo/blob/dev/README.md
Kloxo-mr Instructions: https://github.com/mustafaramadhan/kloxo/blob/dev/how-to-install.txt
BuyVM Upgrade scripts: https://central.buyvm.net/updates/scripts/kloxoupgrade.sh.txt
Dropbox: https://www.dropbox.com/s/2ykyl47ce6sl14w/kloxoupgrade.sh
Installation:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
# wget https://central.buyvm.net/updates/scripts/kloxoupgrade.sh.txt
# mv kloxoupgrade.sh.txt kloxoupgrade.sh
# sh kloxoupgrade.sh
# wget https://central.buyvm.net/updates/scripts/kloxoupgrade.sh.txt # mv kloxoupgrade.sh.txt kloxoupgrade.sh # sh kloxoupgrade.sh
# wget https://central.buyvm.net/updates/scripts/kloxoupgrade.sh.txt
# mv kloxoupgrade.sh.txt kloxoupgrade.sh
# sh kloxoupgrade.sh

 
/* 如果发生安装不能进行的问题,请 vi kloxoupgrade.sh 删除或用#号注释掉 if [ -e “/etc/kloxomr” ]; then 到 fi exit 0 这段内容.
Kloxo-mr Instructions:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
A. pre-install -- better for fresh install
cd /
# update centos to latest version
yum update -y
# install some packages like package-cleanup, etc
yum install yum-utils yum-priorities vim-minimal subversion curl zip unzip -y
yum install telnet wget -y
setenforce 0
echo 'SELINUX=disabled' > /etc/selinux/config
cd /
B. Install Kloxo-MR (select B.1 or B.2)
B.1 For Dev (alpha, beta, candidate) Release:
B.1.1. via non-RPM (not recommended for dev)
- Install/reinstall/upgrade -- data not destroyed with this fork
for existing kloxo (6.1.x), run 'sh /script/update' first.
# move to /
cd /tmp
# delete if exist, create kloxo temp dir
rm -rf /tmp/kloxo; mkdir /tmp/kloxo ; cd /tmp/kloxo;
rm -f ./kloxo-mr-dev.sh
# get kloxo-mr-dev installer from github
wget https://github.com/mustafaramadhan/kloxo/raw/dev/kloxo/install/kloxo-mr-dev.sh --no-check-certificate
# install kloxo
sh ./kloxo-mr-dev.sh
# better reboot
reboot
B.1.2. via RPM (recommended for dev)
# move to /
cd /tmp
# get repo file -- no need for 6.5.0.c and after
wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate
rpm -ivh mratwork-release-0.0.1-1.noarch.rpm
# move to /
cd /
# update
yum update mratwork-release
# edit /etc/yum.repos.d/mratwork.repo
# from:
# [mratwork-testing-neutral-noarch]
# name=MRatWork - testing-neutral-noarch
# baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/
# #mirrorlist=https://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt
# enabled=0
# gpgcheck=0
# to:
# [mratwork-testing-neutral-noarch]
# name=MRatWork - testing-neutral-noarch
# baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/
# #mirrorlist=https://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt
# enabled=1
# gpgcheck=0
# includepkgs=kloxomr
yum clean all
yum install kloxomr
B.2. For Final Release:
- Install/reinstall/upgrade -- data not destroyed with this fork
for existing kloxo (6.1.x), run 'sh /script/update' first.
# move to /
cd /tmp
# get repo file -- no need for 6.5.0.c and after
wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate
rpm -ivh mratwork-release-0.0.1-1.noarch.rpm
# move to /
cd /
# update
yum update mratwork-release
# additional step for update from Kloxo official
mv -f /etc/yum.repos.d/lxcenter.repo /etc/yum.repos.d/lxcenter.nonrepo
# to make sure CentOS 5 with version 5.6 or higher
yum clean all
yum update
sh /script/convert-to-qmailtoaster
# install
yum install kloxomr -y
sh /script/upcp -y
# better reboot
reboot
WARNING:
1. Need running 'sh /script/backup-patch' in Kloxo Official (6.1.12) before backup data.
- In Kloxo offical run:
cd /script
wget https://github.com/mustafaramadhan/kloxo/raw/dev/kloxo/pscript/backup-patch
sh ./backup-patch
2. Since 6.5.0.f-20130701, Kloxo-MR using MySQLi API instead MySQL API. Need update mysql 5.0.x to 5.1.x or above for Centos 5.
- Check mysql version with:
mysql -V|awk '{print $5}'
- Update with 'yum replace mysql --replace-with=mysql55' (ask to forum for update to MariaDB)
A. pre-install -- better for fresh install cd / # update centos to latest version yum update -y # install some packages like package-cleanup, etc yum install yum-utils yum-priorities vim-minimal subversion curl zip unzip -y yum install telnet wget -y setenforce 0 echo 'SELINUX=disabled' > /etc/selinux/config cd / B. Install Kloxo-MR (select B.1 or B.2) B.1 For Dev (alpha, beta, candidate) Release: B.1.1. via non-RPM (not recommended for dev) - Install/reinstall/upgrade -- data not destroyed with this fork for existing kloxo (6.1.x), run 'sh /script/update' first. # move to / cd /tmp # delete if exist, create kloxo temp dir rm -rf /tmp/kloxo; mkdir /tmp/kloxo ; cd /tmp/kloxo; rm -f ./kloxo-mr-dev.sh # get kloxo-mr-dev installer from github wget https://github.com/mustafaramadhan/kloxo/raw/dev/kloxo/install/kloxo-mr-dev.sh --no-check-certificate # install kloxo sh ./kloxo-mr-dev.sh # better reboot reboot B.1.2. via RPM (recommended for dev) # move to / cd /tmp # get repo file -- no need for 6.5.0.c and after wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate rpm -ivh mratwork-release-0.0.1-1.noarch.rpm # move to / cd / # update yum update mratwork-release # edit /etc/yum.repos.d/mratwork.repo # from: # [mratwork-testing-neutral-noarch] # name=MRatWork - testing-neutral-noarch # baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/ # #mirrorlist=https://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt # enabled=0 # gpgcheck=0 # to: # [mratwork-testing-neutral-noarch] # name=MRatWork - testing-neutral-noarch # baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/ # #mirrorlist=https://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt # enabled=1 # gpgcheck=0 # includepkgs=kloxomr yum clean all yum install kloxomr B.2. For Final Release: - Install/reinstall/upgrade -- data not destroyed with this fork for existing kloxo (6.1.x), run 'sh /script/update' first. # move to / cd /tmp # get repo file -- no need for 6.5.0.c and after wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate rpm -ivh mratwork-release-0.0.1-1.noarch.rpm # move to / cd / # update yum update mratwork-release # additional step for update from Kloxo official mv -f /etc/yum.repos.d/lxcenter.repo /etc/yum.repos.d/lxcenter.nonrepo # to make sure CentOS 5 with version 5.6 or higher yum clean all yum update sh /script/convert-to-qmailtoaster # install yum install kloxomr -y sh /script/upcp -y # better reboot reboot WARNING: 1. Need running 'sh /script/backup-patch' in Kloxo Official (6.1.12) before backup data. - In Kloxo offical run: cd /script wget https://github.com/mustafaramadhan/kloxo/raw/dev/kloxo/pscript/backup-patch sh ./backup-patch 2. Since 6.5.0.f-20130701, Kloxo-MR using MySQLi API instead MySQL API. Need update mysql 5.0.x to 5.1.x or above for Centos 5. - Check mysql version with: mysql -V|awk '{print $5}' - Update with 'yum replace mysql --replace-with=mysql55' (ask to forum for update to MariaDB)
A. pre-install -- better for fresh install

    cd /

    # update centos to latest version
    yum update -y
    # install some packages like package-cleanup, etc
    yum install yum-utils yum-priorities vim-minimal subversion curl zip unzip -y
    yum install telnet wget -y

    setenforce 0
    echo 'SELINUX=disabled' > /etc/selinux/config

    cd /

B. Install Kloxo-MR (select B.1 or B.2)

B.1 For Dev (alpha, beta, candidate) Release:

B.1.1. via non-RPM (not recommended for dev)
   - Install/reinstall/upgrade -- data not destroyed with this fork
     for existing kloxo (6.1.x), run 'sh /script/update' first.

    # move to /
    cd /tmp

    # delete if exist, create kloxo temp dir
    rm -rf /tmp/kloxo; mkdir /tmp/kloxo ; cd /tmp/kloxo;

    rm -f ./kloxo-mr-dev.sh

    # get kloxo-mr-dev installer from github
    wget https://github.com/mustafaramadhan/kloxo/raw/dev/kloxo/install/kloxo-mr-dev.sh --no-check-certificate

    # install kloxo
    sh ./kloxo-mr-dev.sh
    
    # better reboot
    reboot

B.1.2. via RPM (recommended for dev)

    # move to /
    cd /tmp

    # get repo file -- no need for 6.5.0.c and after
    wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate
    rpm -ivh mratwork-release-0.0.1-1.noarch.rpm

    # move to /
    cd /

    # update
    yum update mratwork-release

    # edit /etc/yum.repos.d/mratwork.repo
    # from:
    # [mratwork-testing-neutral-noarch]
    # name=MRatWork - testing-neutral-noarch
    # baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/
    # #mirrorlist=https://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt
    # enabled=0
    # gpgcheck=0

    # to:
    # [mratwork-testing-neutral-noarch]
    # name=MRatWork - testing-neutral-noarch
    # baseurl=https://github.com/mustafaramadhan/kloxo/raw/rpms/testing/neutral/noarch/
    # #mirrorlist=https://rpms.potissima.com/repo/mirrors/mratwork-testing-neutral-noarch-mirrors.txt
    # enabled=1
    # gpgcheck=0
    # includepkgs=kloxomr

    yum clean all
    yum install kloxomr
   
B.2. For Final Release:
   - Install/reinstall/upgrade -- data not destroyed with this fork
     for existing kloxo (6.1.x), run 'sh /script/update' first.

    # move to /
    cd /tmp

    # get repo file -- no need for 6.5.0.c and after
    wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate
    rpm -ivh mratwork-release-0.0.1-1.noarch.rpm

    # move to /
    cd /

    # update
    yum update mratwork-release

    # additional step for update from Kloxo official
    mv -f /etc/yum.repos.d/lxcenter.repo /etc/yum.repos.d/lxcenter.nonrepo
    # to make sure CentOS 5 with version 5.6 or higher
    yum clean all
    yum update
    sh /script/convert-to-qmailtoaster
    
    # install
    yum install kloxomr -y
    sh /script/upcp -y

    # better reboot
    reboot
    

WARNING:

1. Need running 'sh /script/backup-patch' in Kloxo Official (6.1.12) before backup data.

    - In Kloxo offical run:

        cd /script
        wget https://github.com/mustafaramadhan/kloxo/raw/dev/kloxo/pscript/backup-patch
        sh ./backup-patch
    
2. Since 6.5.0.f-20130701, Kloxo-MR using MySQLi API instead MySQL API. Need update mysql 5.0.x to 5.1.x or above for Centos 5.

    - Check mysql version with:

        mysql -V|awk '{print $5}'

    - Update with 'yum replace mysql --replace-with=mysql55' (ask to forum for update to MariaDB)

 
BuyVM Upgrade scripts:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
#!/bin/bash
if [ -e "/etc/kloxomr" ]; then
rm -f kloxoupgrade.sh
fi exit 0
echo "#################################################################"
echo "## kloxo->kloxo-mr Upgrade ##"
echo "#################################################################"
sh /script/update
wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate
rpm -ivh mratwork-release-0.0.1-1.noarch.rpm
yum update mratwork-release
rm -f mratwork-release-0.0.1-1.noarch.rpm
cd /
yum install kloxomr -y
sh /script/upcp -y
sh /script/convert-to-qmailtoaster
echo "#################################################################"
echo "## Install complete, please reboot via https://manage.buyvm.net ##"
echo "#################################################################"
echo "Kloxo upgraded to Kloxo-MR due to presense of /root/.kloxoupgrade
DO NOT REMOVE THIS FILE." > /etc/kloxomr
rm -f kloxoupgrade.sh
#!/bin/bash if [ -e "/etc/kloxomr" ]; then rm -f kloxoupgrade.sh fi exit 0 echo "#################################################################" echo "## kloxo->kloxo-mr Upgrade ##" echo "#################################################################" sh /script/update wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate rpm -ivh mratwork-release-0.0.1-1.noarch.rpm yum update mratwork-release rm -f mratwork-release-0.0.1-1.noarch.rpm cd / yum install kloxomr -y sh /script/upcp -y sh /script/convert-to-qmailtoaster echo "#################################################################" echo "## Install complete, please reboot via https://manage.buyvm.net ##" echo "#################################################################" echo "Kloxo upgraded to Kloxo-MR due to presense of /root/.kloxoupgrade DO NOT REMOVE THIS FILE." > /etc/kloxomr rm -f kloxoupgrade.sh
#!/bin/bash

if [ -e "/etc/kloxomr" ]; then
	rm -f kloxoupgrade.sh
fi	exit 0

echo "#################################################################"
echo "##                   kloxo->kloxo-mr Upgrade                   ##"
echo "#################################################################"


sh /script/update

wget https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/mratwork-release-0.0.1-1.noarch.rpm --no-check-certificate

rpm -ivh mratwork-release-0.0.1-1.noarch.rpm

yum update mratwork-release

rm -f mratwork-release-0.0.1-1.noarch.rpm

cd /

yum install kloxomr -y

sh /script/upcp -y

sh /script/convert-to-qmailtoaster

echo "#################################################################"
echo "## Install complete, please reboot via https://manage.buyvm.net ##"
echo "#################################################################"

echo "Kloxo upgraded to Kloxo-MR due to presense of /root/.kloxoupgrade
DO NOT REMOVE THIS FILE." > /etc/kloxomr

rm -f kloxoupgrade.sh

 

Kloxo 漏洞 处理 Kloxo-MR 安装 升级 方法

Kloxo漏洞处理方法-Kloxo-MR安装和升级方法

打赏微海报分享

sicnature ---------------------------------------------------------------------
I P 地 址: 18.222.240.84
区 域 位 置: 美国俄亥俄
系 统 信 息: 美国
Original content, please indicate the source:
同福客栈论坛 | 蟒蛇科普海南乡情论坛 | JiaYu Blog
sicnature ---------------------------------------------------------------------
Welcome to reprint. Please indicate the source https://myzhenai.com/post/1691.html
标签:

7条评论

  • 回复
    海南胡说 2014年02月9日在4:10 下午

    假如您不愿意升级kloxo到Kloxo-mr,可以尝试使用临时的解决方法来避免漏洞攻击.
    #rm -rf /home/kloxo/httpd/default/*.php
    #chmod 000 /home/kloxo/httpd/default
    #find /home/admin -type d -name cgi-bin -exec rm -r {} \;

    • 回复
      吴红正 2015年07月15日在11:56 上午

      你好 我不是升级 我是安装就抱这个错

      • 回复
        吴红正 2015年07月15日在12:00 下午

        以前装的蛮好的,是不是安装程序升级了 出的问题
        请看这个安装包日期都是最新的: kloxomr-6.5.0.f-2015071401.mr.noarch.rpm

        谢谢了

  • 回复
    吴红正 2015年07月15日在11:46 上午

    Kloxo-MR 今天开始就出现不能一键安装 请帮助解决下 谢谢
    报错:
    Total download size: 6.3 M
    Installed size: 13 M
    Downloading Packages:
    https://github.com/mustafaramadhan/kloxo/raw/rpms/release/neutral/noarch/kloxomr-6.5.0.f-2015071401.mr.noarch.rpm: [Errno 14] PYCURL ERROR 22 – “The requested URL returned error: 404 Not Found”
    Trying other mirror.

    • 回复
      海南胡说 2015年07月16日在11:46 下午

      看错误,好像是你那里的网络问题,没办法打开这个地址造成的.
      你是在哪一步报错? wget报错?

  • 回复
    国哥 2015年08月19日在11:36 下午

    sh /script/upcp -y这一步很多报错是怎回事?

    • 回复
      海南胡说 2015年08月25日在4:05 下午

      使用的是最新版的安装包吗?

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注