Apache Friends Support Forum

Running XAMPP 1.6.6.a on a Windows Server 2003, 10+ sites keeps getting infected with "base64_decode" in all *.php files, in all the php files from c:\path\xampp

How to prevent this?
What is normal Windows Security on the folders here? Special the folders in "htdocs"

And before you say "upgrade XAMPP", well, customers have old PHP version, so no.

Ph1L wrote:How to prevent this?

By reading and following readme.txt (instead of ignoring it):

A matter of security (A MUST READ!)

As mentioned before, XAMPP is not meant for production use but only for developers in a development environment. The way XAMPP is configured is to be open as possible and allowing the developer anything he/she wants. For development environments this is great but in a production environment it could be fatal.

I know, but that didn't answer my questions.

PHP is not inherently a security hole. What you use it for and how you use it introduces the security issues. Without knowing what your code is, there is no way to speculate how someone is uploading injectors to the system. Use of .htaccess and mod_rewrites are a good place to start.

Hi Ph1L,

Ph1L wrote:I know, but that didn't answer my questions.

you are using XAMPP in an unsupported manner, so which answeres do you expect?
Using XAMPP in insecure networks indicates that you have taken some time to evaluate if you have the needed knowledge to make and keep the package secure.

Ph1L wrote:How to prevent this?

Search the security hole and close it.
That can be anything from a true security issue in one of the components, an insecure module (e.g. webDAV), an insecure webapplication from one of your customers, etc.
We can't do the work for you, sorry.

best wishes,
Altrea