[How To] Securely setup Xampp

Was this helpful?

  • Yes

  • No

  • Sorta


Results are only viewable after voting.

JayC

Always Learning
Aug 8, 2013
5,493
1,398
So I have noticed a problem with people messaging me or creating help threads "How do I setup IIS because Xampp isn't secure" this is actually false. Anyone who wishes to argue then just leave the thread now. I have owned a large majority of retros, every one of them using Xampp and I have never been hacked. So I am going to give a quick tutorial on how to set it up and get it to work correctly.

First Step: Install Xampp
This is done simply by googling Xampp Install
You only need the required components, you can uncheck Firebird and such

Second Step: Install Apache and Mysql
nZSz23V.png

Most Xampp's will look nicer then this, this is a very old version :) You just check the Service and it will install. It takes a few seconds and then you're ready to rock.

Third Step: Secure external connections
You want to delete your Webdav folder from your htdocs otherwise people can connect to your Xampp.
vbO7wbi.png


Fourth Step: Secure your folders
Open Xampp Directory -> Apache -> Conf -> httpd.conf
Search For
"Options Indexes FollowSymLinks"
Replace that part with:
"Options -Indexes +FollowSymlinks"
This will make it so people can't view your R63 folder Directory!
mOvRkdd.png


Fifth Step: Change your default password for Xampp and Secure your database!

Sixth Step: Run Apache/Mysql and you are good to go!

Links that might help you if you're stuck:


 

BIOS

ಠ‿ಠ
Apr 25, 2012
906
247
The reason people say you shouldn't use XAMPP is because it is made for development purposes and it states that on their site meaning it isn't recommended that you use it for a public site.
 

JayC

Always Learning
Aug 8, 2013
5,493
1,398
Yes but the fact of the matter is, you can't hack into it if you set it up correctly and its easy to use and there a lot of hotel tutorials that use Xampp to setup and people are like "IIS Tutorial?" well now they don't need to do that because they know how to setup Xampp securely.
 

Khalil

IDK
Dec 6, 2011
1,642
786
Even if you fully secure XAMPP, it's a bad choice to use it for a live environment. XAMPP was created originally only to be used as a development tool, not for live production. Hence why most of it's security features are disabled by default.
Officially, XAMPP's designers intended it for use only as a development tool, to allow website designers and programmers to test their work on their own computers without any access to the Internet. To make this as easy as possible, many important security features are disabled by default.

Source:

However, we do appreciate your effort.
 

JayC

Always Learning
Aug 8, 2013
5,493
1,398
I do think that it's a good tutorial but.

1. You can't patch Apache, it's always been weak, so you're indeed better off using NGINX or IIS. Because it's exactly what Khalil said. XAMPP is only for developing purpose, it's not meant for pub sites etc.

2. You should also go to your Apache configuration file and search for SeverSignature and turn that off. That way people won't be able to see that your using Apache or anything that shows up below. ( Doesn't help much ).

3. What you're saying is not true, you're lucky that nobody hacked your hotel. But there are hotels that are being hacked when they use XAMPP. Also that Apache is weak for DDoS attacks and thus useless.
Sorry you don't believe this is the best tutorial. I also found this to help secure your Apache:
There is an Apache module that was created to prevent a DDoS attack, although it's probably not installed by default. Follow these steps to install the module.

1. Open your terminal window.

2. Issue the command sudo apt-get -y install libapache2-mod-evasive.

3. Issue the command sudo mkdir -p /var/log/apache2/evasive.

4. Issue the command sudo chown -R www-data:root /var/log/apache2/evasive.

5. Open the /etc/apache2/mods-available/mod-evasive.load file (using sudo and your favorite text editor) and append the following to the bottom of that file (this is one configuration per line):



DOSHashTableSize 2048
DOSPageCount 20 # maximum number of requests for the same page
DOSSiteCount 300 # total number of requests for any object by the same client IP on the same listener
DOSPageInterval 1.0 # interval for the page count threshold
DOSSiteInterval 1.0 # interval for the site count threshold
DOSBlockingPeriod 10.0 # time that a client IP will be blocked for
DOSLogDir “/var/log/apache2/evasive”
DOSEmailNotify [email protected]


6. Save the file and restart Apache.

You should now be better protected from DDoS attacks.
 

RyanzRetros

Developer of ChakCMS
Jan 14, 2015
978
182
Great work Jay, I do like IIS but XAMPP is equally good. I do agree, I would never run a hotel off of XAMPP publicly.
 

JayC

Always Learning
Aug 8, 2013
5,493
1,398
I wouldn't use xampp. Even if i was getting paid too.
Stick to graphics please, because web servers are web servers and Xampp is commonly used. It has only got a bad name because of people who don't know how to delete the webdav folder which allows external connections
 

RyanzRetros

Developer of ChakCMS
Jan 14, 2015
978
182
Stick to graphics please, because web servers are web servers and Xampp is commonly used. It has only got a bad name because of people who don't know how to delete the webdav folder which allows external connections
Well put. I wouldn't disregard XAMPP, only use IIS because you don't have to start up every time but yes, I agree, XAMPP is secure enough to be used.
 

RyanzRetros

Developer of ChakCMS
Jan 14, 2015
978
182
Don't tell me where to stay kid.
I wouldn't use the term kid... Also, he does have a point... I can see you're new but please, get used to being wrong. XAMPP is perfectly secure, it is just noobs who beleive everything everybody says that say it isn't... If I said my house was the size of my penis, would you believe it? Exactly. Also, Jay is one of the most respected users in the retr community of Devbest so fuck off back to FaGZONE if you don't like it here. *Rant is over*
 

Clu

ripping useful stuff from habbo
Jan 18, 2015
36
7
@Backpack & Never been on rz for many reasons. You're standing up for xampp like you own it,It's my opinion im going to stick to that.
 

Users who are viewing this thread

Top