Apache Friends Support Forum

[danvim]

I'm don't know much about server but I've installed XAMPP for website testing. I originally setup my routing for HTTP to route to my local IP, I've closed the port now.

Today, my anti-virus found several malwares including .vbs, .exe at /htdocs/ and .tmp in the PHP temp folder.

What I know:
- I did create a script for file upload though, but I have implemented an MIME testing before the file could be uploaded, and the file is uploaded to a specific path and absolutely not the root directory.
- I don't believe they've cracked my Windows password since it is >12 characters long and I believe it is strong enough.
- I did not share my IP online (intentionally) and my ISP will constantly change my IP.

How is it possible that people can upload files to my server when I have no scripts serving them? I'm no server expert, I've searched Google but what security hole did they use :/

Here is the list of malware quarantined from my root:
520.exe Trojan DDOS
a.vbs Trojan downloader
ssss.exe Trojan

I don't know what else to provide though, so please tell me and I will gladly provide more info. Please help.

[Altrea]

The Internet is full of scanning daemons. From time to time they hit an unsecured server like yours.
They don't need to crack your windows password.

Never use XAMPP as public accessible webserver stack. A changable ISP IP address will not secure your server.

[danvim]

I'm sorry. But I don't know much about server security. I tried searching with keywords "hack xampp inject upload file" but to no avail. Can you suggest a page or 2 on how XAMPP can be hacked in this particular way? Because I'm now curious on how this security hole originally existed :/ And of course, how to fix this particular problem.

And additional info: I don't host an FTP server.