Rootkits and backdoors

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Rootkits and backdoors

Postby zark » 24. September 2008 11:07

Over the course of the last six months I've had three different attacks on the xampp install, which lead to infection of different rootkits and backdoors.

All of them targeted phpMyAdmin, and were specifically made to infect XAMPP installations. One, for example, managed to modify one of the php files in phpMyAdmin, allowing someone to upload a file to my server _and_ execute it. Some weeks later I could see from the apache logs that a file "Kit.exe" had in fact been uploaded from some machine in Holland. Soon after the computer where infected with rootkits and remote desktop login software. The Kit.exe was cleverly made, hiding all tracks of itself, cleaning logs, modifying file dates etc. Luckily for me the user behind this was stupid and I actually caught her/him logged in from remote desktop while I was doing the same.

Point of this story: xampp is specifically and widely targeted for infections, and imho it's because of the default security settings. I think these should be changed so the system can not be used until proper security has been set.

Another point is of course that I should have learned my lesson the first time and made sure I'd cranked up security before putting the computer online :) But I install xampp so often, mostly on offline computers, it's easy to forget. Then suddenly you need network and put the computer online over night...
zark
 
Posts: 1
Joined: 24. September 2008 10:56

Postby glitzi85 » 24. September 2008 18:17

If you would have read the philosophy article here: http://www.apachefriends.org/en/xampp.html#300 you would have recognized that XAMPP is not thought to be used in an Production environment. XAMPP is a project for developers to test their script local before uploading them onto the public server. If you use your microwave oven to dry your hamster you can not make the manufacturer of the oven responsible for the dead of your Animal ;-)

glitzi
User avatar
glitzi85
 
Posts: 1920
Joined: 05. March 2004 23:26
Location: Dahoim


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 60 guests