Page 1 of 1

Rootkits and backdoors

PostPosted: 24. September 2008 11:07
by zark
Over the course of the last six months I've had three different attacks on the xampp install, which lead to infection of different rootkits and backdoors.

All of them targeted phpMyAdmin, and were specifically made to infect XAMPP installations. One, for example, managed to modify one of the php files in phpMyAdmin, allowing someone to upload a file to my server _and_ execute it. Some weeks later I could see from the apache logs that a file "Kit.exe" had in fact been uploaded from some machine in Holland. Soon after the computer where infected with rootkits and remote desktop login software. The Kit.exe was cleverly made, hiding all tracks of itself, cleaning logs, modifying file dates etc. Luckily for me the user behind this was stupid and I actually caught her/him logged in from remote desktop while I was doing the same.

Point of this story: xampp is specifically and widely targeted for infections, and imho it's because of the default security settings. I think these should be changed so the system can not be used until proper security has been set.

Another point is of course that I should have learned my lesson the first time and made sure I'd cranked up security before putting the computer online :) But I install xampp so often, mostly on offline computers, it's easy to forget. Then suddenly you need network and put the computer online over night...

PostPosted: 24. September 2008 18:17
by glitzi85
If you would have read the philosophy article here: you would have recognized that XAMPP is not thought to be used in an Production environment. XAMPP is a project for developers to test their script local before uploading them onto the public server. If you use your microwave oven to dry your hamster you can not make the manufacturer of the oven responsible for the dead of your Animal ;-)