To match/strange traffic (Server 2003) 1.7.2 [SOLVED]

Problems with the Windows version of XAMPP, questions, comments, and anything related.

To match/strange traffic (Server 2003) 1.7.2 [SOLVED]

Postby rvanherp » 19. September 2011 22:57

Hi,

I host my sites using xampp for a 3 to 4 years now, and never had any big problems.
But last I found out that do to a outdated wordpress install, some malware got access to the system and added some strange php code is .php files.

I used a cleaner to fix this and for a view days everything looks fine. ((post about this here.) I just want to be complete)

But yesterday I noticed that my internet connection dropped from time to time for a view minutes.
Today I saw that it is allot of traffic that is going to or coming from the web server.
So match that my fill network freezes and I can't access anything.

Normal traffic is about 2Mbits but at the freezing moment, my gateway shows about 90Mbits !!!
Thant's more the the internet connection will allow me to!!

Also my gateway shows that in 3 hours I pushed out 19 GB of date!!
Normally that takes about one and a half day!

Can anyone give me some tips, because I know this is no normal site loading traffic
but also no ddos attack because if stopped after a view minutes and starts again a little later.

Thanks in advance.

I'm running xampp 1.7.3
on Windows 2003 server and control center 3.0.2
rvanherp
 
Posts: 46
Joined: 27. November 2006 23:23
Location: Some where on the WWW or in a red truck
Operating System: Windows Server 2003

Re: To match/strange traffic

Postby Sharley » 19. September 2011 23:03

Classic webdav folder exploit.

Check the C:\xampp\webdav folder, it should only contain 2 files index.html and webdav.txt if there are more then you have been exploited.

Check my signature link 'Secure webdav Folder' if' this is so, it links to search results that will contain various methods to secure your webdav folder.
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3

Re: To match/strange traffic

Postby rvanherp » 19. September 2011 23:26

Bingo...

there's a ab.php file there with a UDP Flood...

I will take a look at how to secure the folder.
Thanks.
rvanherp
 
Posts: 46
Joined: 27. November 2006 23:23
Location: Some where on the WWW or in a red truck
Operating System: Windows Server 2003

[Solved] Re: To match/strange traffic

Postby rvanherp » 20. September 2011 00:03

I turned off webdav by editing the \xampp\apache\conf\extra\httpd-dav.conf file
Code: Select all
Dav OFF

and commanded out this line
Code: Select all
# Include "conf/extra/httpd-dav.conf"

and renamed the webdav folder.

Hope the server is save now.

Thanks for you fast replay Sharley!
rvanherp
 
Posts: 46
Joined: 27. November 2006 23:23
Location: Some where on the WWW or in a red truck
Operating System: Windows Server 2003

Re: To match/strange traffic

Postby Sharley » 20. September 2011 00:10

Your most welcome and thanks for the detailed post and feedback. :)
User avatar
Sharley
AF Moderator
 
Posts: 3316
Joined: 03. October 2008 05:10
Location: Yeppoon, Australia Time Zone: GMT/UTC+10
Operating System: Win 7 Pro 32bit/XP Pro SP3


Return to XAMPP for Windows

Who is online

Users browsing this forum: Nobbie and 131 guests