Tyree wrote:I've been using XAMPP for years to play with website development and never had much issue. But, I have XAMPP installed on a computer in my office for a local intranet site (it can also be accessed from outside by employees).
Anyway, in the last couple weeks our internet bandwidth took a nose dive, and after some investigation, we found that the computer with XAMPP installed was flooding with tons of packets on various UDP ports (to the tune of approx. 100,000 every 20-30 seconds!). If we kill the httpd process (stop the apache server), then the UDP traffic stops. So, obviously there is something hacking or exploiting my server.
Has anyone else seen this before? How did you go about fixing it?
Thanks!
Matt
I hope my post is not too late - before taking the drastic measure of format reinstall you can first look in the \xampp\apache\logs\access.log file and ascertain where this bot has planted it's files.
Usually you will find multiple files in the insecure webdav folder where there should be only 2 files.
If you format and install again without securing the webdav folder then it will happen again as it is now a well know exploit for XAMPP that has gone viral.
viewtopic.php?f=16&t=44140viewtopic.php?p=172808#p172808Securing this folder will go along way to preventing this type of exploit but as mentioned above a search of the Internet using windows apache hardening may give you some interesting reading.
BTW which version of XAMPP are you using?
Best wishes.