I'm don't know much about server but I've installed XAMPP for website testing. I originally setup my routing for HTTP to route to my local IP, I've closed the port now.
Today, my anti-virus found several malwares including .vbs, .exe at /htdocs/ and .tmp in the PHP temp folder.
What I know:
- I did create a script for file upload though, but I have implemented an MIME testing before the file could be uploaded, and the file is uploaded to a specific path and absolutely not the root directory.
- I don't believe they've cracked my Windows password since it is >12 characters long and I believe it is strong enough.
- I did not share my IP online (intentionally) and my ISP will constantly change my IP.
How is it possible that people can upload files to my server when I have no scripts serving them? I'm no server expert, I've searched Google but what security hole did they use :/
Here is the list of malware quarantined from my root:
520.exe Trojan DDOS
a.vbs Trojan downloader
I don't know what else to provide though, so please tell me and I will gladly provide more info. Please help.