This may an indication that you have been hacked through the webdav directory.
If so then all that should be in this directory are 2 files, index.html and webdav.txt.
If you have more than this then chances are your computer is a zombie.
Options:
Check your Apache access.log file for clues.
Change the webdav password or turn it Off in the etc/extra/httpd-dav.conf file if you are not using it.
(
It may be turned On by default but the default user/pass is easy to find which is why it is being hacked)
Make sure in the httpd.conf file that this section is commented out and looks like this:
- Code: Select all
# Distributed authoring and versioning (WebDAV)
#Include etc/extra/httpd-dav.conf
Change permissions to restrict total access.
Delete the webdav folder if you are not using it.
Add a report for your webdav issue to the already present WebDAV Exploit bug at:
http://bugs.xampp.org/view.php?id=170This exploit is currently 'in the wild' especially infecting XAMPP for Windows:
viewtopic.php?f=16&t=43824viewtopic.php?f=16&t=44140If this does not apply then, sorry I don't have any more clues for you.
Good luck and best wishes.