LxCenter Forum: Fixed Bugs, Security Issues and Implemented Features » Multiple Security Issues in hyperVM/Kloxo

HyperVM & Kloxo Support

Forum

Members

Help

Home

Home » Archive » Fixed Bugs, Security Issues and Implemented Features » Multiple Security Issues in hyperVM/Kloxo

Show: Today's Messages :: Show Polls :: Message Navigator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67624 is a reply to message #67620]

Tue, 09 June 2009 11:31

ctaborda

Messages: 64
Registered: April 2008
Location: Miami, FL

Valuable Member
Developer

bhargava,

Please give us some information so we can at least pay for the server expenses, so that the license server remains online.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67626 is a reply to message #67091]

Tue, 09 June 2009 11:40

R1Lover

Messages: 962
Registered: August 2007

Senior Master

What part of LXlabs is no longer don't you guys understand?

It's over.... done.......

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67628 is a reply to message #67626]

Tue, 09 June 2009 11:49

ctaborda

Messages: 64
Registered: April 2008
Location: Miami, FL

Valuable Member
Developer

R1Lover,

We just wanna make sure hypervm remains working while we find another solution.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67629 is a reply to message #67603]

Tue, 09 June 2009 11:58

whatever

Messages: 609
Registered: September 2006

Master

lxbhargava wrote on Tue, 09 June 2009 10:18

Hello,

I am very sad to let you all know that Ligesh is no more. Sorry, I could not respond earlier then this.
As you know Ligesh was the sole owner of Lxlabs. I am not sure whether the company Lxlabs will continue to operate in future. I personally am trying NOT to let the products Kloxo and HyperVM die. Since we all know that the software has severe security vulnerabilities at this point, please avoid using them till we get more information about the future of Lxlabs. I will do best what I can in this regard. I appreciate your support

SBhargava,
We all are very sorry to hear about Ligesh. I have been using ligesh product since April 2006 I know he has spent lot of time, energy and efforts to make lxadmin and hyperVM. Is there anyone else in the development team or support team or it was all handled by ligesh himself?
This project can not survive unless it goes opensource now. Let the developers all over the world work on project and continue what ligesh has left in middle. There is licesning server which need to be kept on if that server goes down all the hypervm/lxadmin will be blocked. If you have the code you can just release under GPL/GNU or you can continue the development and we all the users of lxadmin/hypervm continue to contribute.

Just one question. Was ligesh upset because of the security flaw and commit suicide or some other reason?

Ligesh was legend........
May his soul rest in peace.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67641 is a reply to message #67091]

Tue, 09 June 2009 12:48

Chow

Messages: 54
Registered: March 2008

Valuable Member

It's terrible to hear what happened and I do hope LXLabs will continu offering the great products.
However untill more is known I would like to have more information on how we can temporarily secure the servers. Is shutting down hypervm enough and will the vps-es stay up?
And if LXLabs won't continue I would appreciate some support in how to move the vps-es to another openvz server.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67645 is a reply to message #67641]

Tue, 09 June 2009 13:03

bliss

Messages: 288
Registered: July 2008

Senior Member

Chow wrote on Tue, 09 June 2009 12:48

You can shutdown hypervm service on all master and slaves and block access to its ports with iptables or similar, this would be a good start to securing your server. I know Xen still runs fine with no hypervm running its just all very manual.

Hope this helps

Jane

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67647 is a reply to message #67091]

Tue, 09 June 2009 13:20

Chow

Messages: 54
Registered: March 2008

Valuable Member

Yep, done that already. Now figuring out how to get vzdump installed. yum install vzdump doesnt work Confused

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67648 is a reply to message #67091]

Tue, 09 June 2009 13:22

splitz

Messages: 159
Registered: October 2008

Senior Member

Ligesh!!!!!!!!!!!!!!!!!!!!!! *R*I*P* wherever you are.
My deepest condolences to his family(/father)...

It would be a shame to let a great and superior product die. Please Sheenu, please, release the source code so we can get everything worked out. At last we can keep continuing his work so we all can make sure his efforts to make a secure, flexible and featured panel do not go in vain Sad

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67652 is a reply to message #67091]

Tue, 09 June 2009 14:05

jozeph

Messages: 18
Registered: September 2008

Member

I just stop hypervm services in all servers, but have no idea what to do now. Migrate? Wait?

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67653 is a reply to message #67091]

Tue, 09 June 2009 14:11

splitz

Messages: 159
Registered: October 2008

Senior Member

Look for an alternative or write your own...

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67654 is a reply to message #67091]

Tue, 09 June 2009 14:13

Chow

Messages: 54
Registered: March 2008

Valuable Member

Not using Kloxo so I'm migrating to Proxmox right at this moment.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67655 is a reply to message #67091]

Tue, 09 June 2009 14:15

splitz

Messages: 159
Registered: October 2008

Senior Member

the issue is for providers like us who use both - openvz and xen.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67657 is a reply to message #67091]

Tue, 09 June 2009 14:15

KevinCA

Messages: 23
Registered: October 2007

Member

Citrix's free XenServer product is really an awesome platform, but I've been unable to figure out how to get it installed remotely. My hosting company doesn't allow CD/DVD based installs, and only provides a limited set of Linux distributions to install. If we could figure out how to get XenServer installed remotely, I think it would be a very viable solution.

Any thoughts?

-Kevin

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67659 is a reply to message #67091]

Tue, 09 June 2009 14:19

whatever

Messages: 609
Registered: September 2006

Master

Why you guys want to migrate away from HyperVM? Because of the security flaw or some service provider got "F*****"

READ THIS

http://www.tjphippen.com/hackerpost.txt

If this is true then it's not lxlabs issue.
If Lighesh took this step because of some companies server were hacked then Ligesh did very wrong thing.
No software can be 100% bug free. Even windows OS have bugs, linux kernels have bugs but there is a solution.

I don't think HyperVM is an issue. We are waiting for Sbhargava to take some action for the code or support or to continue this project.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67661 is a reply to message #67091]

Tue, 09 June 2009 14:26

jozeph

Messages: 18
Registered: September 2008

Member

The problem now is: how many days we will need to wait to know something about the code? Our customers can't wait...

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67662 is a reply to message #67091]

Tue, 09 June 2009 14:27

Chow

Messages: 54
Registered: March 2008

Valuable Member

I'm not saying I won't use Hypervm anymore. I already use a mixed hypervm/proxmox environment and I will migrate till it's clear how things will go in the future. Hosting is not a hobby for us but business. Can't afford problems.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67663 is a reply to message #67091]

Tue, 09 June 2009 14:30

splitz

Messages: 159
Registered: October 2008

Senior Member

You need to find other cusomers if they can't wait. It's not like Go and release the code!

Whomsoever sbhargava is, as far as I'm aware, was living with Ligesh. Was this just an accident? No. THIS IS A SERIOUS MATTER GUYS!

BE A HUMAN!

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67664 is a reply to message #67662]

Tue, 09 June 2009 14:31

splitz

Messages: 159
Registered: October 2008

Senior Member

Chow wrote on Tue, 09 June 2009 23:57

Well, yes. That's what we've been doing. Although bit time consuming and expensive we're moving to ther control panel's temporarily as back plan till we get our system working.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67665 is a reply to message #67663]

Tue, 09 June 2009 14:32

Chow

Messages: 54
Registered: March 2008

Valuable Member

splitz wrote on Tue, 09 June 2009 14:30

You're getting emotional and it's a human thing to do. But you need to be realistic also. Getting other customers makes no sense. No customer will understand what happened. They pay for a service and want this service. Simple as that. And yes it's terrible what happened. Nobody will deny this fact.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67666 is a reply to message #67659]

Tue, 09 June 2009 14:34

KevinCA

Messages: 23
Registered: October 2007

Member

whatever wrote on Tue, 09 June 2009 14:19

I think you're still in denial. Look around, LxLabs is NOT going to resolve this. You're doing ALL of your customers a disservice if you continue to use this abandoned software.

These are SERIOUS vulnerabilities. I don't care if it's LxLabs fault or not, the fact that 12 huge vulnerabilities exist and you want to still use the software tells me that you're not thinking straight.

The security issues should not be taken lightly. This is a very severe situation. We should all be finding alternative solutions, not sitting on this waiting for LxLabs (who has proven to NOT be timely about anything, but even worse, the company doesn't even really exist).

-Kevin

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67667 is a reply to message #67091]

Tue, 09 June 2009 14:36

Chow

Messages: 54
Registered: March 2008

Valuable Member

Best thing we can do is help eachother with migrating and other issues that can arise.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67669 is a reply to message #67091]

Tue, 09 June 2009 14:37

splitz

Messages: 159
Registered: October 2008

Senior Member

If you run a business, you need to have a business plan. I have a backup plan in place if something goes wrong for times like this(I've faced similar issues 2 more times).

You just can't live in business without a plan. Simple as that.

I'm human and I do run business as well. You need to consider everything, and I really mean everything....consider dog ate your homework Wink

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67670 is a reply to message #67666]

Tue, 09 June 2009 14:40

splitz

Messages: 159
Registered: October 2008

Senior Member

KevinCA wrote on Wed, 10 June 2009 00:04

whatever wrote on Tue, 09 June 2009 14:19

hmmm...I...Er..really just remember a provider who had this issue and suffered serious consequences(they no longer own the business).

Incidents like this(and worse if your business gets drowned because of some idiot/hacker) then it starts affecting everyone who's involved.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67671 is a reply to message #67091]

Tue, 09 June 2009 14:44

Chow

Messages: 54
Registered: March 2008

Valuable Member

The security holes are not the issue. The issue is that it doesn't seem to be solved on short notice. That's painfull.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67672 is a reply to message #67091]

Tue, 09 June 2009 14:46

Matkorn

Messages: 3
Registered: June 2009

Member

what we can do if we are users with a vps with lxadmin install if we can enter to the hypervm and fromat and reinstall the dist? whe are fucked up or what :S?

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67674 is a reply to message #67672]

Tue, 09 June 2009 14:50

Chow

Messages: 54
Registered: March 2008

Valuable Member

Matkorn wrote on Tue, 09 June 2009 14:46

what we can do if we are users with a vps with lxadmin install if we can enter to the hypervm and fromat and reinstall the dist? whe are fucked up or what :S?

If you are using lxadmin you have a bigger issue than when you only use hypervm. That's true. Easy migration to another controlpanel isn't really possible I think.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67675 is a reply to message #67672]

Tue, 09 June 2009 14:52

bliss

Messages: 288
Registered: July 2008

Senior Member

If it is just you using the control panel then i would use iptables to block ports 7777 and 7778, this is a start to helping secure it (not total by any means)

Matkorn wrote on Tue, 09 June 2009 14:46

what we can do if we are users with a vps with lxadmin install if we can enter to the hypervm and fromat and reinstall the dist? whe are fucked up or what :S?

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67677 is a reply to message #67675]

Tue, 09 June 2009 14:57

Matkorn

Messages: 3
Registered: June 2009

Member

if i block the ports it will be fine or the danger still there? hypervm its down now but i cant migrate to another panel my web its new and like you say "backup plan" i havent a backup plan, never thing that lxadmin will got a problem like this its too sad :S. Sorry for my english :S

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67680 is a reply to message #67677]

Tue, 09 June 2009 15:05

Chow

Messages: 54
Registered: March 2008

Valuable Member

Matkorn wrote on Tue, 09 June 2009 14:57

I don't think there is another controlpanel which supports importing lxadmin. At least for as far as I know. So unless there is another way I'm afraid this will become a manual operation.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67681 is a reply to message #67680]

Tue, 09 June 2009 15:14

Matkorn

Messages: 3
Registered: June 2009

Member

So... what can i do?

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67682 is a reply to message #67091]

Tue, 09 June 2009 15:26

R1Lover

Messages: 962
Registered: August 2007

Senior Master

Migrat to a new panel manually.

ISPconfig is an open source FREE panel, it's what I'm looking at myself.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67683 is a reply to message #67091]

Tue, 09 June 2009 15:28

Chow

Messages: 54
Registered: March 2008

Valuable Member

We use Directadmin. If you apply for a datacenter license it's very affordable. I'm using it for years now and never faced serious issues.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67687 is a reply to message #67683]

Tue, 09 June 2009 15:46

dbmv

Messages: 305
Registered: October 2008

Senior Member

Chow wrote on Tue, 09 June 2009 15:28

We use Directadmin. If you apply for a datacenter license it's very affordable. I'm using it for years now and never faced serious issues.

Those of us with a clustered setup are extremely limited in how we can move.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67689 is a reply to message #67687]

Tue, 09 June 2009 16:01

Chow

Messages: 54
Registered: March 2008

Valuable Member

dbmv wrote on Tue, 09 June 2009 15:46

Chow wrote on Tue, 09 June 2009 15:28

We use Directadmin. If you apply for a datacenter license it's very affordable. I'm using it for years now and never faced serious issues.

Those of us with a clustered setup are extremely limited in how we can move.

Yes, I understand. Our company focusses on dedicated and vps hosting only so my situation is not too complicated. I understand that ppl which rely heavily on lxadmin have bigger issues to think off. I hope this community can help eachother where needed.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67694 is a reply to message #67689]

Tue, 09 June 2009 16:20

stev868

Messages: 332
Registered: March 2008

Senior Member

Hi,

ISPconfig looks good, i was looking to this panel at myself and it is free (http://www.ispconfig.org).

Of course it is different and have less options than Kloxo and you have to import everything manually.

Regards,

Steven

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67696 is a reply to message #67091]

Tue, 09 June 2009 16:36

Ales

Messages: 139
Registered: July 2008

Valuable Member

I was really sorry to hear that news about Ligesh's death are true. I admit I had my doubts when I first heard. Well, any other scenario would have been better and I can only hope he's at peace now...

There are many users here that are worried about the future of their business since it relies on the Lxlabs software. I'd like to say to S. Bhargava that I hope this isn't understood as disrespectful to the memory of Ligesh.

I can say for myself that I'm deeply touched by the events that occurred here in these past days and I'd like to express my sincere condolences to Ligesh's family and friends.

For the sake of clients here I hope Lxlabs can either continue to operate, sell the software or make it open source.

HyperVM and Kloxo are mature projects and I'm sure that fixing these recent exploits as a first step wouldn't be that difficult.

There seems to be a large enough community here that could sustain an open source project. We would gladly contribute by planning, coding, providing servers, etc. if it comes to that.

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67700 is a reply to message #67091]

Tue, 09 June 2009 17:47

pace

Messages: 248
Registered: May 2008

Senior Member

Anyone have any idea what happens to everything once the license server goes offline? Do our HyperVMs/Kloxos continue to have a control panel (even firewalled mode they are in) or does that go away?

pace

Report message to a moderator

Re: Multiple Security Issues in hyperVM/Kloxo [message #67701 is a reply to message #67091]

Tue, 09 June 2009 17:53

grk519

Messages: 25
Registered: February 2009

Member

HyperVM will stop working and tell you that you have exceeded vps_num -- which is 5 VPS.

So if you have more than 5 VPS and the licensing server fails HyperVM is useless.

EDIT: not sure about kloxo.

[Updated on: Tue, 09 June 2009 17:54]

Report message to a moderator