So a few weeks ago I threw in XAMPP and set it up to the best of my knowledge. I was using it for a Minecraft Forum, as well as the MySQL for Multicraft. The OS XAMPP was installed on was Windows Server 2012 Datacenter ED. It ran fine for the first few weeks. I had XenForo and Multicraft running stable. One day I log in, and I see that XAMPP_control.exe crapped out and Windows asking me to "Close Program" I close it, go back into my XAMPP file and run the _control.exe as an Admin, it starts up. As it's enabling Apache it gives me a Netstat Error along the lines of TCP error. Then an Error Code 6, and then Apache tells me it can't stop, and then crashed and gave me the "Close Program" window. Nothing worked in starting it up, I couldn't find any logs of it. Didn't know exactly where to look. Then I started getting several emails that I was under a DDoS attack. I contacted my datacenter and went through Event Viewer. Couldn't find anything.
I reinstalled my OS out of frustration thinking I must have changed something XAMPP didn't like. I put XAMPP back on, instead of restoring my backups, I went and reinstalled everything manually going to every website and redownloading everything. Got almost everything back up before XAMPP crashed out again. This install being not even 2 hours old.
I found a bunch of failed login attempts by someone in Hong Kong. So I went through my datacenters firewall and blocked that IP from making requests to the Server. I was also told by them since I don't use SSH, and just Remote Desktop, to just block port 22 through the firewall as well. Before I did all that, I had moved XAMPP to NameCheap hosting and I'm not all that happy with it, mainly because I have zero idea how to make Multicraft work in two different locations. Kind of gave up and reinstalled XAMPP so I could just put everything back on my server, but leave my forums to be hosted with NameCheap. I changed XAMPP to use ports 81,443 (Apache) and set up MySQL and turned on Apache for a few minutes to use phpmyadmin then turned it back off so it wouldn't crash again.
I got it all set up, but since I have no idea how to set up Multicraft DB in two different areas (It's weird) I turned Apache back on so I could just set it up from there and work on it from there. I'd like to know if I could just move everything back and continue so my OCD can be happy. As I'm typing this according to XAMPP, Apache switched from 81, 443. To 55496, 57121, and it keeps changing to displaying both of those ports, to just the 55496. I haven't done anything in the file systems other than in the httpd.conf to listen to port 81.
I don't have the logs from before so I probably won't get much help for those. Could all this have happened because of the person in Hong Kong attacking my Server with brute force attacks on thousands of ports, as well as a DDoS attack?