Kloxo Security Issues

Kloxo Panel

Last few days so many vps providers has started suspending vps users who run Kloxo has their vps control panel. Can’t blame then because again some serious Kloxo security issues have surfaced. I have a vps at Iniz aka StormVPS and they have sent a mail to all their users asking to remove Kloxo and move to another better control pannel and they recommend VestaCP panel which is also free. It’s really become a huge problem.

I checked VestaCP and it seems easy to install and pretty solid and simple. It doesn’t that much user friendly like Kloxo. Which is really a big down side. Kloxo is mostly used by those who have started with cPanel shared hosting and then moved to a low cost vps for first time. They wouldn’t want to use a paid panel or can’t afford it so the next best thing they have is Kloxo which is very similar to cPanel. There are several good vps control panels but none of those are newbie friendly. This is why many use Kloxo and it’s hard for them to move to another different or more complicated control panel.

Good thing is there’s Kloxo-MR which is a fork created by another guy. I have moved to it white ago and it’s lot better and less messy than original Kloxo. Also I talked with Iniz support techs and they are fine with Kloxo-MR at long as we take care things from our end and keep an eye on sever. But again it’s based on Kloxo so it’s not hacker proof. I don’t think there are any control panels which anyone can say 100% hacker proof. There are so many people scream how bad Kloxo is and I hope they would contribute something to development of this great free panel rather than just complain about it. cPanel is great we all know that but not everyone can afford it. Also those security wise great panels are not so user friendly so not everyone who are not experts can use those.

Also there are many things you can do to keep your vps safe if you use Kloxo or Kloxo-MR

  • Use complicated passwords and don’t let those save in browser or ftp clients.
  • Change normal port and ssl port of control panel login to something else (7777/7778 to something else).
  • Change your SSL port 22 to something else.
  • Change Lexguard settings and set failed login attempts to less than 5.
  • Use a firewall like CSF.

These simple things can help you to avoid many nasty problems which could happen. Something better than nothing. Also it’s better learn more about server security.  Here’s 3 good forums you should visit and read,

I think moving to better panel is a good idea if you can do it or can afforded a paid panel. If you can’t then keep an eye on your sever.  Login to your vps control panel daily and see if anything unusual happens.


Leave a Reply

Your email address will not be published. Required fields are marked *