An old bug that afflicted the Kloxo server panel, a free server control panel similar to WebMin, a little over a year ago has come back with a vengeance. It appears that the webcommand.php file is being exploited and seems to be related to login parameters not being sanitized prior to a SQL (database) query, allowing for an SQL injection attack.
Though there are many supporters of the Kloxo project due to its general ease of use and features, the popular opinion is that development from the LxCenter team has slowed. Because a number of bugs have been reported lately, the best advice as of this moment is to begin migrating data, software, etc. onto a newer, more actively-developed platform.
The Kloxo control panel is similar in design to cPanel, though it lacks the strong developmental backing that the commercial success of cPanel has afforded itself.
Read more at https://vpsboard.com/topic/3384-kloxo-installations-compromised/