how can i make xampp more secure, anti hacker and anti ddos

Problems with the Windows version of XAMPP, questions, comments, and anything related.

how can i make xampp more secure, anti hacker and anti ddos

Postby khang0001 » 27. August 2011 15:44

i build my webserver use xampp version 1.71. and my website use ssl. i find some tip in google to secure same
Code: Select all
1. Launch your favorite browser.

2. Enter the following URL in your address bar: http://localhost

3. You should then see the XAMPP splash page. Click "English." You will then see the XAMPP administrator panel, where you can find the XAMPP status and security configuration settings.

4. Click "Security."

5. XAMPP will then perform a security audit in your Windows system and setup. You will likely see errors; do not panic. Since you have not secured your XAMPP installation yet, you will likely see the following warnings:

    These XAMPP pages are accessible by network for everyone -UNSECURE
    The MySQL admin user root has NO password - UNSECURE
    PhpMyAdmin is free accessible by network - UNSECURE
    The FileZilla FTP password is still 'wampp' - UNSECURE
    PHP is NOT running in "safe mode" – UNSECURE
    A POP3 server like Mercury Mail is not running or is blocked by a firewall! - Unknown

7. The priority items to be fixed are: Directory Permissions, MySQL Password and PHPMyAdmin. Click the link: http://localhost/security/xamppsecurity.php that appears below the warning messages.

8. Under the MySQL section: “Root” Password, assign a new password and make sure to take note of it by writing it down in a safe location. Select “cookie” for PHPMyAdmin authentication.

Warning: Do NOT check “Save plain password in text file?”

Click “Password Changing.” You should then see: “The root password was successfully changed. Please restart MYSQL for loading these changes!”

9. To restart MySQL, go to the XAMPP Control panel (screenshot shown previously). Click “Stop” for MySQL. This will stop the MySQL service. It should look like the image below:

Click the “Start” button again to restart MySQL and implement your new password settings. If you see “running” under MySQL service, it has successfully restarted.

10. Now go back to the XAMPP security page (http://localhost/security/index.php). Let’s secure the XAMPP directory by implementing “Directory protection (.htaccess).”

First, enter the desired username and password under “XAMPP DIRECTORY PROTECTION (.htaccess).” Take note of these credentials and write them down in a safe location.

Warning: Do NOT check the “Safe plain password in text file?”

Now, click “Make Safe the XAMPP directory.” If the changes are successful, you should see the message:

SUCCESS: The XAMPP directory is protected now! All personal data was saved in the following file:

The password gets encrypted once it is stored in that location.

11. You can stop the “Filezilla” service in the XAMPP Control panel, as it is not required to test applications. The two most important services for developing web applications are Apache and MySQL. These should not be disabled if you want to properly test your applications locally.

but i think that not enought. some one can give me more tip to secure my webserver.
- i use ssl, what mod i can disabe in apache for more secure
- what function i can disable to anti backdoor and localhack, anti hacker
- how can i protect mysql database
- what way i can secure my winserver ?
please help me. thanks a lot
Posts: 7
Joined: 27. July 2011 12:35

Re: how can i make xampp more secure, anti hacker and anti d

Postby khang0001 » 28. August 2011 08:22

please help me
Posts: 7
Joined: 27. July 2011 12:35

Re: how can i make xampp more secure, anti hacker and anti d

Postby peterwt » 29. August 2011 15:08

You should be aware that xampp is not designed to be a production server - it is for testing purposes on your local pc.

If you allow remote connections there are the security implications you quoted. In addition there is a potential threat using webdav. You should delete the webdav directory or change the pasword for webdav.
Posts: 42
Joined: 17. March 2009 11:06
Operating System: Windows 7 64 bit Professional

Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 85 guests