Okay I've been running xampp with what I thought were no issues until tonight. Okay I password protected phpmyadmin and all that and xampp says all secured. Okay then I put in .htaccess and .htpasswd files in all my directories except for my forums directory besides. Some guy came into my forum tonight and told me what my username and pass were to access all my databases. I have a router and a software firewall but obviously I have to have the server ports open. Needless to say I was shocked and need to know which direction to go now. I didn't find this guy very amusing to say the least.
Okay nevermind me. It was something really stupid and my own fault. I was helping him to set up a chatroom on his forum and I myself forgot to delete the install file on my chatroom so he just ran that script and it was like taking candy from a baby. I'll never figure out why some people don't mask that info on their installers especially when you're paying for it. I can't be the only sleep deprived person on the internet.