Apache Friends Support Forum

Try this by copy and paste and see if it works

Code: Select all

NameVirtualHost *:80

<VirtualHost *:80>
ServerName localhost
DocumentRoot "C:/xampp/htdocs"
</VirtualHost>

<VirtualHost *:80>
ServerName kambinator.myftp.biz
ServerAlias www.kambinator.myftp.biz
DocumentRoot "C:/xampp/htdocs/mysite"
ServerAdmin admin@kambinator.myftp.biz
ErrorLog "magazin.log"
CustomLog "magazin.log" combined
</VirtualHost>

<VirtualHost *:80>
ServerName magazin.myftp.biz
ServerAlias www.magazin.myftp.biz
DocumentRoot "C:/xampp/htdocs/prestashop"
ServerAdmin admin@kambinator.myftp.biz
ErrorLog "magazin.log"
CustomLog "magazin.log" combined
</VirtualHost>

No trailing slash in the DocumentRoot.
Save the file and restart Apache.

If Apache can't start read the C:\xampp\apache\logs\error.log file.

The first vhost will always be served by default unless the httpd-vhosts.conf file is in the correct format and all directives are included.

Make sure in your Windows hosts file (C:\Windows\system32\drivers\etc\HOSTS) you have the first line after the comments

Code: Select all

127.0.0.1 localhost

IMPORTANT SECURITY TIP:
Make sure in XAMPP 1.7.4 you have secured the C:\xampp\webdav folder if you intend to allow access from the Internet - the link in my signature will help.

Good luck.

In C:\xampp\mysql folder you will see resetroot.bat file give that a go and if successful then try and login to phpMyAdmin with root and no password.

You then set a new root password by going to http://localhost/xampp/index.php and select the Security tab and follow the link on the main window.

Let me know how it goes and I am pleased that the webdav folder was clear - you should read the link in my sig and secure it anyway, just in case.

The error messages are telling you someone is trying to access a secure section of your server to run a script which does not exist in your version of XAMPP.

Take a look in the C:\xampp\webdav folder and you should only see 2 files:
index.html
webdav.txt
If there are more than that then you have been compromised and you need to correct the problem.
See the link in my signature for some info and solutions.
This is a well know entry point for script kiddies to turn your server into a zombie.


Until the malware and a possible webdav exploit is cleaned up it may be futile to try and do anything with your XAMPP installation.

Can you remember how you set the MySQL\phpMyAdmin root password in the first place?

Can you access phpMyAdmin using just username root with no password?

Do you see a screen with a place to put your root username and password?

In C:\xampp\phpmyadmin folder is a file config.inc.php and if you drag that file into an open text/code editor like notpad++ or notepad the does this line look like this

Code: Select all

$cfg['Servers'][$i]['auth_type'] = 'config';

If it does then change it to look like this

Code: Select all

$cfg['Servers'][$i]['auth_type'] = 'cookie';

Save the file and try and restart Apache and MySQL.

Don't change or add anything else in this file at this stage.

Please let me know when you have cleaned up the malware and possibly the webdav folder then we can proceed to sort out any other issues.


BTW this is the full error message from your web site when I tried to access it

Site off-line

The site is currently not available due to technical problems. Please try again later. Thank you for your understanding.

If you are the maintainer of this site, please check your database settings in the settings.php file and ensure that your hosting provider's database server is running. For more help, see the handbook, or contact your hosting provider.

The mysqli error was: Access denied for user 'root'@'localhost' (using password: YES).

The last part usually means the MySQL server is not running so check in the control panel that it has started and keeps running.

To get the above page it means Apache has started.

Can you access http://localhost/xampp/index.php and test the demos especially the database demos?


Good luck.

Thanks for adding your OS.

Just to add to my first post, take a look in the XAMPP installation folder C:\xampp\webdav where you should only see 2 files:
index.html
webdav.txt

If you find more files than the above then chances are your server has been taken over and is being used as a zombie.

Let me know what you find.

I wonder how deleting the contents of those folders happened????

Go here
http://sourceforge.net/projects/xampp/f ... ows/1.7.3/
and download the xampp-win32-1.7.3.zip file to your desktop.

Open the archive and copy the needed folders to your xampp folder overwriting if required.

Then you will need to run the setup_xampp.bat file again and select the relocate option to once again set any paths that need setting (this will do no harm to the rest of your xampp installation) but as always best practice is to make a 'copy of' (backup) of your current xampp folder just in case.

After all the above is complete try and first access http://localhost and then if all looks in order try http://localhost/phpmyadmin again and let me know how it all end up.

As an additional issue check the WebDAV link in my signature and implement the instructions to make your webdav folder secure.

Thanks.

Your most welcome Mike.

Remember though that when we help you then we also help many thousands of other readers of these forums who may also appreciate the detaled way your questions are answered.

Best wishes.

as i read a lot about this webdav but yet didn't understand what is it for? i mean what is it doing in reality!?
just in 2 words

Why in 2 words when you post a simple question always in more words than just 2?

Don't they have Google in the AE?
http://www.webdav.org/other/faq.html


In short and to help others reading this topic:
webDAV is an acronym for Web-based Distributed Authoring and Versioning, a sort of extension to http/1.1, which allows you to edit documents on a remote web server.

WebDAV supports the following features:-
Editing:
Create, update, and delete files.

Properties:
Store meta data such as titles, author names, and publication dates. You can set, delete, and retrieve these meta data.

Collections:
Group resources into collections that are organized like a file system, similar to a directory or desktop folder.

Locking:
Use locks to prevent others from editing the same content you're working on in WebDAV. The duration of the locks is independent of any individual network connection.

webdav.org wrote:What is WebDAV?
Briefly: WebDAV stands for "Web-based Distributed Authoring and Versioning". It is a set of extensions to the HTTP protocol which allows users to collaboratively edit and manage files on remote web servers.

Classic webdav folder exploit.

Check the C:\xampp\webdav folder, it should only contain 2 files index.html and webdav.txt if there are more then you have been exploited.

Check my signature link 'Secure webdav Folder' if' this is so, it links to search results that will contain various methods to secure your webdav folder.

You may also need to uncomment this line in the httpd.conf file

Code: Select all

#LoadModule dav_module modules/mod_dav.so

Look in the \xampp\apache\conf\httpd.conf file near the end of the file for this section

Code: Select all

# Distributed authoring and versioning (WebDAV)
# Attention! WEB_DAV is a security risk without a new userspecific configuration for a secure authentifcation
# Include "conf/extra/httpd-dav.conf"

Then uncomment it so it looks like this

Code: Select all

# Distributed authoring and versioning (WebDAV)
# Attention! WEB_DAV is a security risk without a new userspecific configuration for a secure authentifcation
Include "conf/extra/httpd-dav.conf"

Save the file and restart Apache

Make sure that you change the default password found in the \xampp\readme_en.txt file and in the webdav.txt file to help eliminate your webdav becoming a zombie.

The webdav configuration can be found in \xampp\apache\conf\extra\httpd-dav.conf file.

marvolo1300 wrote:It seems that there is adware on my computer which is using the port which apache uses.

As pointed out in my first reply, you may be able to find out what is using the ports that Apache (XAMPP port 80/443/3306 etc.) needs by downloading and running this little portable utility Curr Ports from here:
http://www.nirsoft.net/utils/cports.html
It may also allow you to clear any app. that is using a particular port.

Check your \xampp\webdav folder only has 2 files stored in this folder and post back with details if you find more than 2 files.

Try the access.log and the error.log files in the apache\logs directory.

Then you can use this service to get some details about where the attacker is coming from:
http://centralops.net/co/DomainDossier.aspx

If you are using XAMPP then make sure your webdav directory is secured - an Advanced search in the English XAMPP for Windows forum for webdav using Sharley in the Search for author text box should help you do this by narrowing down the volume of search results returned to sift through.

Good luck.

iamme wrote:You know a User can be added and Remote desktop enabled all through webdav yes?

This topic may be a good read especially about what a remote connector in webdav can and can't do with regard to changing or creating a new user/pass combination:
viewtopic.php?f=16&t=38897

iamme wrote:Do you have a copy of any files the hacker uploaded?

For what reasons are you requesting this information?

Others who have posted requests and even pointed out where this information is available have had their posts deleted for obvious XAMPP security issues for others who may no be so aware.

BTW, in version 1.7.4 and later versions this webdav exploitation of the default user/pass to insert or in any way shape or form hijack the server for devious reasons, is now closed and so should be this topic.

That is a very good outcome with another zombie squished.

Your ISP may not have seen what you see now as the hackers were using a well know webdav port - if they even looked that closely at their logs - but anyway it would, without very close scrutiny, only have appeared as normal heavy traffic emanating from a web server using webdav on one of their nodes.

BTW you can delete all the files and folders in the webdav folder except for the index.html file and the webdav.txt file which are the default files from installation, just in case.

Alls well for now, try to keep your eye on the access log frequently and you will spot unusual activity - you can delete the content of the access.log file and the error.log file when Apache is stopped to prevent them from growing too large to read effectively, as you can't do anything with them while Apache is running and it only takes a few seconds to achieve a clean log file.

Good luck and best wishes and I hope you don't have any more security issues come your way anytime soon.

I take it you are using XAMPP and if so check your webdav folder for a well known exploit that has now gone viral.

Check by reading the Apache access.log file that will give clues and IP addresses of suspect connections to and from the server.

See if any of these posts in the XAMPP for Windows English forums help if it is webdav folder related and I must say the symptoms seem to indicate your server is now a zombie.

viewtopic.php?p=172808#p172808
viewtopic.php?p=172246#p172246

If not webdav or XAMPP related look for a rootkit exploit using the httpd.exe Apache server.