At the end of January 2014, Kloxo Control Panel security flaw was posted on a popular forum. ISPs has been suspending servers using the control panel. I was one among the unlucky users got into lock down as I used Kloxo for its ease of installation and use. One of my large servers was suspended due to this reason. I lost a couple of days on trying to move data from one server to another.
Kloxo and it’s fork Kloxo-MR is a very comprehensive control panel, lots of features, easy to install and use, unfortunately, the security hole was discovered and lots of servers has been compromised including some of my servers.
I have tried using some such ISPConfig, EHCP, Open Panel, etc but unfortunately, I may not even be able to install them. If I could, the GUI is not intuitive. I settled for a simplistic control panel called VestaCP. It lacks lots of features compared to Kloxo or Kloxo-MR but it does the job. I was able to install it over Kloxo-MR without much issues.
I followed the following steps.
- Backup all databases and files
- Renamed lxlabs at /usr/locals/
- Removed the following as it conflicts with VestaCP applications.
- Courier-imap-toaster (conflicts with Dovecot)
- djbdns (conflicts with bind)
- qmail-toaster (conflicts with exim)
- php5.3 (php5.4 will be installed)
- Installed VestaCP
- Restored files and Databases
I knew that only time will say that this control panel will have also some security issues but until then, I will used it due to its simplicity of installation and use.
While my server was in lock down, I was able to restore some sites with my backups. My backups saved my day.