Apache Friends Support Forum

Skip to content

Setting around a domain name and security

Problems with the Windows version of XAMPP, questions, comments, and anything related.
Forum rules
Post a reply

Setting around a domain name and security

Postby IanBo » 10. August 2009 15:25

How do I build around a domain name with xampp? I just installed joomla and have it up and running.

I imagine I have to download content for joomla and redirect my domain to my [static] ip, but, if that's true, how do I actually have it around my domain [might be more applicable with virtual hosting?]? If I have sites that are directing to my ip, how do they load the web page that's intended?

How do I make security good enough to remain personally unhacked [I don't think I'll need SSL because I can sell through clickbank, ebay, etc.]?

Thanks in advance.
IanBo.
IanBo
 
Posts: 1
Joined: 10. August 2009 15:07
Top

Re: Setting around a domain name and security

Postby XamppHacker » 11. August 2009 03:21

IanBo wrote:How do I make security good enough to remain personally unhacked [I don't think I'll need SSL because I can sell through clickbank, ebay, etc.]?


The best way to remain unhacked is to uninstall XAMPP. It's insecure by design (bad design IMHO).

If you insist on plugging it into the internet, at least read this first:
http://robsnotebook.com/xampp-security-hardening

And, whatever else you do: PUT A @^*!@@! PASSWORD on MySQL root.

Hit your site from an external IP. If you can get to any of these, you are apt to be hacked:
http://<your site>/phpmyadmin <-- If you don't get prompted for a password, you will be hacked.
http://<your site>/webalizer <-- Google hackers best friend ;-)
http://<your site>xampp <-- no need for this to be on the net.
http://<your site>/xampp/phpinfo.php <-- way too much information.
http://<your site>/cgi-bin/printenv.pl <-- More way too much information.

If someone manages to put a .PHP file somewhere on your site, and they can get to it from the internet, here's what happens:
    They can run just about any command they want with the PHP eval() command
    They can see your ENTIRE MACHINE if they can do an eval()
    There are no limits from here.
    There are REALLY no limits if you aren't behind a good firewall. No firewall + Phpmyadmin access ==> remote desktop access to your machine from anywhere in the world.

So yes, you should be afraid....very...very afraid.

Regards,
XamppHacker (Because it's so easy, that's why)
XamppHacker
 
Posts: 4
Joined: 26. July 2009 07:36
Top

Re: Setting around a domain name and security

Postby aj123cd » 11. August 2009 14:11

viewtopic.php?f=16&t=36448
aj123cd
 
Posts: 62
Joined: 03. June 2009 08:19
Location: London,UK
Top
Post a reply

Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 223 guests

Powered by Bitnami phpBB
Privacy Policy