Apache Friends Support Forum

[markzil]

Good morning,
After months of warnings to upgrade our PHP version to 7.*.* we upgraded to 7.3.9. Sadly, a week after I had it up and running, we were hacked, our databases removed and held for ransom. We are running Joomla! 3.8.4 and WordPress 5.2.3 on a Windows 2012 r2 server. I thought you might like to know and perhaps you can help me with a fix. We were able to restore the site with a back-up and we shut it down to the outside world, but I have international students who need access to the content.
Thank you,
Mark

[Altrea]

Hi Mark,

I cannot emphasise strongly enough that XAMPP is not meant for public accessible servers.
It is listed in the stickies and several dozens of posts here at this forum
it is listed in every XAMPP installation readme_en.txt
it is listed on the official Apachefriends FAQ

Maybe you have learned a lesson now.

best wishes,
Altrea

[Nobbie]

Good morning,
After months of warnings to upgrade our PHP version to 7.*.* we upgraded to 7.3.9. Sadly, a week after I had it up and running, we were hacked, our databases removed and held for ransom.

Of course. Not very surprising. From http://localhost/dashboard

XAMPP is meant only for development purposes. It has certain configuration settings that make it easy to develop locally but that are insecure if you want to have your installation accessible to others.

What part of it is incomprehensible?