Malware suddenly appeared in htdocs?!

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Malware suddenly appeared in htdocs?!

Postby danvim » 18. August 2016 13:48

I'm don't know much about server but I've installed XAMPP for website testing. I originally setup my routing for HTTP to route to my local IP, I've closed the port now.

Today, my anti-virus found several malwares including .vbs, .exe at /htdocs/ and .tmp in the PHP temp folder.

What I know:
- I did create a script for file upload though, but I have implemented an MIME testing before the file could be uploaded, and the file is uploaded to a specific path and absolutely not the root directory.
- I don't believe they've cracked my Windows password since it is >12 characters long and I believe it is strong enough.
- I did not share my IP online (intentionally) and my ISP will constantly change my IP.

How is it possible that people can upload files to my server when I have no scripts serving them? I'm no server expert, I've searched Google but what security hole did they use :/

Here is the list of malware quarantined from my root:
520.exe Trojan DDOS
a.vbs Trojan downloader
ssss.exe Trojan

I don't know what else to provide though, so please tell me and I will gladly provide more info. Please help.
danvim
 
Posts: 2
Joined: 18. August 2016 13:33
XAMPP version: 5.6.3
Operating System: Windows 10

Re: Malware suddenly appeared in htdocs?!

Postby Altrea » 18. August 2016 15:36

The Internet is full of scanning daemons. From time to time they hit an unsecured server like yours.
They don't need to crack your windows password.

Never use XAMPP as public accessible webserver stack. A changable ISP IP address will not secure your server.
We don't provide any support via personal channels like PM, email, Skype, TeamViewer!

It's like porn for programmers 8)
User avatar
Altrea
AF Moderator
 
Posts: 8293
Joined: 17. August 2009 13:05
XAMPP version: several
Operating System: Windows 10 Pro x64

Re: Malware suddenly appeared in htdocs?!

Postby danvim » 18. August 2016 16:03

I'm sorry. But I don't know much about server security. I tried searching with keywords "hack xampp inject upload file" but to no avail. Can you suggest a page or 2 on how XAMPP can be hacked in this particular way? Because I'm now curious on how this security hole originally existed :/ And of course, how to fix this particular problem.

And additional info: I don't host an FTP server.
danvim
 
Posts: 2
Joined: 18. August 2016 13:33
XAMPP version: 5.6.3
Operating System: Windows 10


Return to XAMPP for Windows

Who is online

Users browsing this forum: DrSeussFreak and 69 guests