Kloxo (formerly known as '
Lxadmin'') was a
free and open-source
Free and open-source software (FOSS) is software available under a Software license, license that grants users the right to use, modify, and distribute the software modified or not to everyone free of charge. FOSS is an inclusive umbrella term ...
web hosting control panel
A web hosting control panel is a web-based interface provided by a web hosting service that allows users to manage their servers and hosted services. Examples include cPanel, Plesk, ispmanager, My20i, CloudPanel, OpenPanel, and Enhance. For mo ...
for the
Red Hat
Red Hat, Inc. (formerly Red Hat Software, Inc.) is an American software company that provides open source software products to enterprises and is a subsidiary of IBM. Founded in 1993, Red Hat has its corporate headquarters in Raleigh, North ...
and
CentOS
CentOS (, from Community Enterprise Operating System; also known as CentOS Linux) is a discontinued Linux distribution that provided a free and open-source community-supported computing platform, functionally compatible with its upstream (softw ...
Linux distribution
A Linux distribution, often abbreviated as distro, is an operating system that includes the Linux kernel for its kernel functionality. Although the name does not imply product distribution per se, a distro—if distributed on its own—is oft ...
s. As of October 2017, the project has been unmaintained with a number of unresolved issues, and the project's website is offline.
Kloxo allows the host administrators to run a combination of lighttpd or Apache with
djbdns
The djbdns software package is a DNS implementation. It was created by Daniel J. Bernstein in response to his frustrations with repeated security holes in the widely used BIND DNS software. As a challenge, Bernstein offered a $1000 prize for the ...
or
BIND
BIND () is a suite of software for interacting with the Domain Name System (DNS). Its most prominent component, named (pronounced ''name-dee'': , short for ''name Daemon (computing), daemon''), performs both of the main DNS server roles, acting ...
, and provides a graphical interface to switch between these programs without losing data. Kloxo Enterprise can transparently move web/mail/dns from one server running Apache to another running lighttpd. It was formerly considered to be a good free alternative to cPanel hosting control panel.
Kloxo comes integrated with Installapp, which is a bundle of approximately 130 web applications that can be installed to the hosted websites. It is supported by Installatron – a third-party application installer (similar to Fantastico) as a plugin.
As of October 2017 the whol
LxCenter websiteappears to be down with only th
GitHubrepository (and some forks) remaining with the last notable changes being three years old.
Lxadmin/Kloxo name change
Security issues
In early June 2009, security related blogs and websites posted details of security loopholes in LxAdmin/Kloxo. Around this time, another piece of software created by the same vendor –
HyperVM – was rumored to have been exploited in a massive attack at the British
VAserv budget webhosting company.
Cracker
Cracker, crackers or The Crackers may refer to:
Animals
* ''Hamadryas'' (butterfly), or crackers, a genus of brush-footed butterflies
* '' Sparodon'', a monotypic genus whose species is sometimes known as "Cracker"
Arts and entertainment Films ...
s deleted the content of 100,000 hosted websites in one go, after gaining root access to the system. A detailed timeline of these events was posted several months later.
It is widely acknowledged by the hacker(s) and parties involved that the core exploit had to do with the administrator of those VPS's reusing the same password on all installs, and not utilizing the SSL security feature. Experts believe that this led to the transmission of the password in plain text, allowing hackers to sniff and exploit the host.
In early 2012 the message "''DO NOT INSTALL THESE APPS. The applications included in InstallApp are outrageously out of date, and contain known and public security vulnerabilities. Enabling this feature on a live server exposes your server and users to serious security flaws''" showed prominently at the top of the InstallApp page. This message was still there in January 2014.
In late 2012, a local privilege escalation exploit was found in Kloxo's lxsuexec and lxrestart programs, allowing an attacker to elevate privileges to root.
Project history
While Kloxo initially started as a proprietary control panel, Internal issues arose within the company after the death of its CEO.
It was later announced on July 10, 2009, that Kloxo and HyperVM would be continued in an open source consortium to be formed by Arthur Thornton, Danny Terweij, and S Bhargava. However, on October 25, 2009, Arthur Thornton officially resigned as the lead developer of Kloxo and HyperVM. Following his resignation, the HyperVM and Kloxo source code was officially released to the public. Arthur Thornton resumed his work on Kloxo and HyperVM in the background in mid-February 2010. As of May 2010, he is now back in the public and should soon be back full-time, though not as lead developer. Andre Allen became Project Manager at LxCenter in late February 2010, at the decision of Danny Terweij.
A fork of the project was created by Mustafa Ramadhan, entitle
Kloxo_MR Work was begun in late 2012 to add extra features to the project.
In September 2020, a new fork calle
Kloxo Next Generation (KloxoNG)was released as an upgrade pathway for existing Kloxo_MR users. KloxoNG is a rebuild of Kloxo_MR using the Fedora Copr build system. Later releases have included bug fixes and added support for PHP 7.4.
In August 2024, Kloxo Next Generation released Kloxo 8. Kloxo 8 is an upgrade of KloxoNG for RHEL 8 and RHEL 9 compatible OS, such as Rocky Linux and Alma Linux. Kloxo 8 includes the features of KloxoNG and added support of PHP 8.
References
{{WebManTools
Web server management software
Software using the GNU Affero General Public License
Free software programmed in PHP