Page 1 of 1

security issues

PostPosted: 04. May 2019 12:09
by silent06
Hello,

I was wondering if anyone has any tips on securing xampp better? Ive been hacked a few times. I have a listener that works with clients as they connect to my VPS. The only thing I work with is the panel, so I really dont need a website. So, what happened was, someone made a duplicate account with admin privilages & basically go into my vps. Im thinking it was sql injections, but im not sure. I was using an SSL certificate from lets encrypt, but the httdocs folder was still using http. Would it be possible to turn http off & just use https?


thanks,

-silent

Re: security issues

PostPosted: 04. May 2019 16:34
by Altrea
Don't use XAMPP on public accessible environments

Re: security issues

PostPosted: 04. May 2019 17:35
by Nobbie
silent06 wrote: Would it be possible to turn http off & just use https?


Of course. Simply switch off listening to Port 80 (i.e. delete "Listen *:80" or similar line in your httpd.conf) and you are done.

Re: security issues

PostPosted: 05. May 2019 05:48
by silent06
ok, different question. I need to be able to access myphpadmin. Could I just do this locally on my vps? Like, I dont want any external connections to be able to access it.

Re: security issues

PostPosted: 05. May 2019 09:29
by Nobbie
Thats exactly how Xampp is configured out of the box: phpmyadmin can only accessed from localhost.