Apache Friends Support Forum


https://community.apachefriends.org/f/

Setting around a domain name and security

https://community.apachefriends.org/f/viewtopic.php?f=16&t=36611

Page 1 of 1

Setting around a domain name and security

PostPosted: 10. August 2009 15:25
by IanBo
How do I build around a domain name with xampp? I just installed joomla and have it up and running.

I imagine I have to download content for joomla and redirect my domain to my [static] ip, but, if that's true, how do I actually have it around my domain [might be more applicable with virtual hosting?]? If I have sites that are directing to my ip, how do they load the web page that's intended?

How do I make security good enough to remain personally unhacked [I don't think I'll need SSL because I can sell through clickbank, ebay, etc.]?

Thanks in advance.
IanBo.

Re: Setting around a domain name and security

PostPosted: 11. August 2009 03:21
by XamppHacker
IanBo wrote:How do I make security good enough to remain personally unhacked [I don't think I'll need SSL because I can sell through clickbank, ebay, etc.]?


The best way to remain unhacked is to uninstall XAMPP. It's insecure by design (bad design IMHO).

If you insist on plugging it into the internet, at least read this first:
http://robsnotebook.com/xampp-security-hardening

And, whatever else you do: PUT A @^*!@@! PASSWORD on MySQL root.

Hit your site from an external IP. If you can get to any of these, you are apt to be hacked:
http://<your site>/phpmyadmin <-- If you don't get prompted for a password, you will be hacked.
http://<your site>/webalizer <-- Google hackers best friend ;-)
http://<your site>xampp <-- no need for this to be on the net.
http://<your site>/xampp/phpinfo.php <-- way too much information.
http://<your site>/cgi-bin/printenv.pl <-- More way too much information.

If someone manages to put a .PHP file somewhere on your site, and they can get to it from the internet, here's what happens:
    They can run just about any command they want with the PHP eval() command
    They can see your ENTIRE MACHINE if they can do an eval()
    There are no limits from here.
    There are REALLY no limits if you aren't behind a good firewall. No firewall + Phpmyadmin access ==> remote desktop access to your machine from anywhere in the world.

So yes, you should be afraid....very...very afraid.

Regards,
XamppHacker (Because it's so easy, that's why)

Re: Setting around a domain name and security

PostPosted: 11. August 2009 14:11
by aj123cd
viewtopic.php?f=16&t=36448
All times are UTC + 1 hour
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/