htdocs, delete default files?

Problems with the Windows version of XAMPP, questions, comments, and anything related.

htdocs, delete default files?

Postby tzri » 30. March 2011 12:37

My xampp skills: Close to none.

Info:
-Installed xampp (apache, mysql, fiezilla) on windows 7 hp in a separate folder on the c-system-drive and installation succeeded.
-Portforwarded port 80 on the router.
-Using static IP between computer and 802.11g router.
-Running firefox localhost works.
-Create adm password and running firefox http://localhost/phpmyadmin/ works.

Q1: By default and first time running wampp there is a bunch of files in htdocs,
watch screenpicture here:
http://www.mediafire.com/i/?8h9bztpbipidnl0

Am I supposed to leave them there, or am I supposed to delete all or some of the files?


Q2: Am I supposed to portforward other ports, than port 80?

Thanks.
tzri
 
Posts: 4
Joined: 28. March 2011 18:58

Re: htdocs, delete default files?

Postby bilakios » 30. March 2011 18:10

Leave everything as is dont delete enything .
Create a new folder in htdocs and put your site files there.
You can see them at: http://localhost/yourfolder
Check if your ports are open by going here : http://www.canyouseeme.org/
You open port 80 for web and port 21 for ftp thats all you need for local testing.
Here is a list of Common Ports
---------
FTP 21
SSH 22
Telnet 23
SMTP 25
Web 80
Pop 3 110
IMAP 143
Other Applications
Remote Desktop 3389
PC Anywhere 5631
bilakios
 
Posts: 6
Joined: 14. June 2005 13:10

Re: htdocs, delete default files?

Postby tzri » 30. March 2011 18:26

Thank you for your answer.
tzri
 
Posts: 4
Joined: 28. March 2011 18:58

Re: htdocs, delete default files?

Postby Altrea » 30. March 2011 23:42

I have a different side of view.
tzri wrote:Am I supposed to leave them there, or am I supposed to delete all or some of the files?

You can delete any files you want to. Some of the folders are just for demonstration of example techniques you can find in the XAMPP Administration Panel.
The Administration Panel itself is inside your \xampp\htdocs\xampp folder. You should leave this folder, if you want to use the XAP.
You can replace the index.php file in your htdocs folder if you want to. This file only redirects directly to your htdocs\xampp folder.
But the best way is to make your own subfolders inside htdocs.

tzri wrote:Am I supposed to portforward other ports, than port 80?

You shouldn't forward ANY Ports (including Port 80). XAMPP is not made for production environments! It is not secure enough! Your server can be hijacked in seconds if you let listen it to the internet.
If you don't know how to harden your Apache and PHP and MySQL don't use it as live server!
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 8294
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: htdocs, delete default files?

Postby bilakios » 31. March 2011 10:41

Altrea said
You shouldn't forward ANY Ports (including Port 80). XAMPP is not made for production environments! It is not secure enough! Your server can be hijacked in seconds if you let listen it to the internet.
If you don't know how to harden your Apache and PHP and MySQL don't use it as live server!


I totally agree with that, but if you want to test your site from another computer (friends pc ) you need to open the ports .
Just make sure you use strong pwords to access your servers (http,PHPmyadmin and FTP Mysql) ,research it a bit .
You must understand that if you open the ports everyboby can see your site by going to http://123.123.123.123/yourfile where
123.123.123.123 is your ip address (external).
bilakios
 
Posts: 6
Joined: 14. June 2005 13:10

Re: htdocs, delete default files?

Postby Altrea » 31. March 2011 19:19

bilakios wrote:but if you want to test your site from another computer (friends pc ) you need to open the ports .

The question is, why do someone want to test his site from a friends pc? You recommented a totally noob (XAMPP skills close to none) to give his server free for the next zombie-botnet.

bilakios wrote:Just make sure you use strong pwords to access your servers (http,PHPmyadmin and FTP Mysql) ,research it a bit .

Do you think thats all whats insecure in a XAMPP package? What about the WebDAV Folder? (this months number one security hole), or error reporting settings? or server signature? or all the Apache modules activated by default which most of the users don't need or use? Or all the php-modules and functions activated and accessable by default?
(just to say no word about the php skill of the programmer itself, which can be a high security risk).
Last edited by Altrea on 31. March 2011 20:05, edited 1 time in total.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 8294
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: htdocs, delete default files?

Postby bilakios » 31. March 2011 20:00

Altrea said
The question is, why do someone want to test his site from a friends pc? You recommented a totally noob (XAMPP skills close to none) to give his server free for the next zombie-botnet.


When you start making your first php site and you get a dynamic ip address etc, you do want to test things from your pc ,mates pc ,whatever ,
its part of the learning proccess .
If you get your server hijacked for the 10 minutes you open your ports to test it then its better to happen early rather than late, thats part of the learning proccess too.
Anyway I dont recomment to tzri to do anything , I just answered his question best I could.
I think one should learn what ports are how to open them and how to manage a servers security if one intents to do serious work with it.
bilakios
 
Posts: 6
Joined: 14. June 2005 13:10

Re: htdocs, delete default files?

Postby tzri » 01. April 2011 12:36

Thank you for your answers.

First: Yes I don't know about xampp, and yes it is a learning proces. However I'm using a test computer and I'm only running
xampp and programs to be installed on xampp for testing purposes.
Nothing else is running on the computer.
There is no data on the computer that needs to be privacy protected.
And I can erase the computer at any point. If the computer is open for hacking, then what is there to get?


If you still think that my setup is irresponsible, please let me know and why.
But of cource I want to be able to run xampp and programs as secure as possible,
therefore any instructions regarding security are appreciated.

I don't have any webhosting, and I wanted to learn about xampp in order to be able to learn about applications running
on webhosts.

My understanding was that xampp is a fully featured server installation, and making it accessible from other computers
wasn't a problem.
Appearently I was wrong.

So far xampp is running, and oscommerce is installed and running.

Q: I don't have a domain so if I from another computer call oscommerce I write "http://"ip address"/oscommerce/catalog/
The webpage is shown, but only text, no graphics or pictures.
Can that be solved?
On the xampp host computer, graphics pictures works when running localhost.

Is there another more secure server software I should use?

Thanks again.
tzri
 
Posts: 4
Joined: 28. March 2011 18:58

Re: htdocs, delete default files?

Postby Altrea » 01. April 2011 14:08

tzri wrote:However I'm using a test computer and I'm only running
xampp and programs to be installed on xampp for testing purposes.
Nothing else is running on the computer.
There is no data on the computer that needs to be privacy protected.
And I can erase the computer at any point. If the computer is open for hacking, then what is there to get?


Thats not only for the security of your system and data. Remember that your webserver could be used as Spam-Bot, Hacking-Station or whatever else which can affect other people computers or data.

tzri wrote:But of cource I want to be able to run xampp and programs as secure as possible,
therefore any instructions regarding security are appreciated.

very simple: don't use XAMPP as live server. Don't let XAMPP listen to the internet.
Install all the single components on their own, just include and enable the modules you really need and learn how to configure each component to get them safe. But XAMPP is not a good solution for learning that.

tzri wrote:I don't have any webhosting, and I wanted to learn about xampp in order to be able to learn about applications running
on webhosts.
Webhosting is really really cheap nowadays. This few bucks a year are no comparison to the thousand of dollars you maybe have to pay for the damage your webserver does to other people. And you can't say you couldn't know anything about how insecure XAMPP is. The XAMPP main page says
The default configuration is not good from a securtiy point of view and it's not secure enough for a production environment - please don't use XAMPP in such environment.

I have told you that XAMPP isn't secure. Now you are on your own.

tzri wrote:My understanding was that xampp is a fully featured server installation, and making it accessible from other computers
wasn't a problem.

Sure, it's very easy to make XAMPP accessible from other computers. But thats not the philosophy behind XAMPP.
Again a quote from the main XAMPP site
The philosophy behind XAMPP is to build an easy to install distribution for developers to get into the world of Apache. To make it convenient for developers XAMPP is configured with all features turned on.


tzri wrote:Is there another more secure server software I should use?

The most secure solution in your case is to pay a few bucks for a webhosting package. The serious one know exactly what they does and how the servers must be configured to have a quite stable and secure solution for many webpages.
The second best solution is to first learn how to configure Apache, PHP, MySQL, etc on your local machine WITHOUT to let them listen to the internet. Just if you feel familiar with the settings and configuration you should try the step to the internet.

But thats maybe just my point of view.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 8294
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 36 guests