Apache Friends Support Forum

Hi,

I host my sites using xampp for a 3 to 4 years now, and never had any big problems.
But last I found out that do to a outdated wordpress install, some malware got access to the system and added some strange php code is .php files.

I used a cleaner to fix this and for a view days everything looks fine. ((post about this here.) I just want to be complete)

But yesterday I noticed that my internet connection dropped from time to time for a view minutes.
Today I saw that it is allot of traffic that is going to or coming from the web server.
So match that my fill network freezes and I can't access anything.

Normal traffic is about 2Mbits but at the freezing moment, my gateway shows about 90Mbits !!!
Thant's more the the internet connection will allow me to!!

Also my gateway shows that in 3 hours I pushed out 19 GB of date!!
Normally that takes about one and a half day!

Can anyone give me some tips, because I know this is no normal site loading traffic
but also no ddos attack because if stopped after a view minutes and starts again a little later.

Thanks in advance.

I'm running xampp 1.7.3
on Windows 2003 server and control center 3.0.2

Classic webdav folder exploit.

Check the C:\xampp\webdav folder, it should only contain 2 files index.html and webdav.txt if there are more then you have been exploited.

Check my signature link 'Secure webdav Folder' if' this is so, it links to search results that will contain various methods to secure your webdav folder.

Bingo...

there's a ab.php file there with a UDP Flood...

I will take a look at how to secure the folder.
Thanks.

I turned off webdav by editing the \xampp\apache\conf\extra\httpd-dav.conf file

Code: Select all

Dav OFF

and commanded out this line

Code: Select all

# Include "conf/extra/httpd-dav.conf"

and renamed the webdav folder.

Hope the server is save now.

Thanks for you fast replay Sharley!

Your most welcome and thanks for the detailed post and feedback.