You are here

Kloxo vulnerability causes devastating outbound ddos attacks

Recently Kloxo a fairly popular open source control panel for linux contained a vulnerability that allowed an attacker to take control of the server running kloxo and sending out attacks via multiple methods one of which was dns reflection due to misconfiguration. This is one of the reasons I decided to move on from kloxo a few years ago, it was extremely vulnerable and I wanted to sleep better at night. While they have released an update I am not convinced it is safe for production use. As for KloxoMR I really dont see how one man can keep up with maintaining it forever.