Help me to secure XAMPP!

[Tony Wolf]

Hello! Can nobody help me to secure XAMPP, with teamviewer, join.me or skype?

 

[Jerry]

I - Information:
Well as i said before, this is a simple tutorial on how to secure your ran using xampp..

II - Tutorial LIST:
1: How to secure people from uploading shells.
2: How to secure people from sql injecting (PMA).

III - Guide(s):
1 - How to secure people from uploading shells:
Connecting to xampp:
Delete "WebDav" folder from your xampp folder. (Drive:\xampp\webdav)

Reason: People (usually beginner hackers) can log in to your webdav folder (using username: "webdav" password: "wampp"/"xampp") and upload anything they wan't, delete anything, download ect. They can also navigate around your VPS/Dedi/PC when they have connected to webdav, so this is pretty dangerous having webdav in your xampp folder.

File uploader:
1) If you have a file uploader, then make sure you have coded 'Available File Extensions'.

2) Make sure nobody knows what the folder's path is.

Reason:
1) If you don't have any 'Available File Extensions' then people can just upload c99 shell or what so ever and hack your site.

2) Well here, if you also don't have 'Available File Extensions', people can simply upload a shell and find the local path then hack the website.


2 - How to secure people from sql injecting (PMA):
Well here there is several ways on how to secure people from sql injecting your PMA.

*Here is the other tutorial on how to secure your site from being SQL injected via PMA.

You go to Drive:\xampp and find a folder called: "PHPMyAdmin", change it to whatever you want but something safe that nobody would ever think of like: "This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker"
Well after changing path to folder you will probably see you can't access

You must be registered for see links

anywhere.
Here is the fix on how to make it able to access even with another folder name:

Go to Drive:\xampp\apache\conf\extra\httpd-xampp.conf and find the bottom line. Here is the lines you will have to change


Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
<Directory "C:/xampp/phpMyAdmin">
AllowOverride AuthConfig
</Directory>

Alias /webalizer "C:/xampp/webalizer/"
<Directory "C:/xampp/webalizer">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
</Directory>
</IfModule>Change to :
So we will have to change everywhere where it says: phpmyadmin. So it will look like this actually (If you used the folder name i just made before


Alias /This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker "C:/xampp/This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker/"
<Directory "C:/xampp/This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker">
AllowOverride AuthConfig
</Directory>

Alias /webalizer "C:/xampp/webalizer/"
<Directory "C:/xampp/webalizer">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
</Directory>
</IfModule>credit:
Procrastinaire
and mr google

 

[Tony Wolf]

I - Information:
Well as i said before, this is a simple tutorial on how to secure your ran using xampp..

II - Tutorial LIST:
1: How to secure people from uploading shells.
2: How to secure people from sql injecting (PMA).

III - Guide(s):
1 - How to secure people from uploading shells:
Connecting to xampp:
Delete "WebDav" folder from your xampp folder. (Drive:\xampp\webdav)

Reason: People (usually beginner hackers) can log in to your webdav folder (using username: "webdav" password: "wampp"/"xampp") and upload anything they wan't, delete anything, download ect. They can also navigate around your VPS/Dedi/PC when they have connected to webdav, so this is pretty dangerous having webdav in your xampp folder.

File uploader:
1) If you have a file uploader, then make sure you have coded 'Available File Extensions'.

2) Make sure nobody knows what the folder's path is.

Reason:
1) If you don't have any 'Available File Extensions' then people can just upload c99 shell or what so ever and hack your site.

2) Well here, if you also don't have 'Available File Extensions', people can simply upload a shell and find the local path then hack the website.

2 - How to secure people from sql injecting (PMA):
Well here there is several ways on how to secure people from sql injecting your PMA.

*Here is the other tutorial on how to secure your site from being SQL injected via PMA.

You go to Drive:\xampp and find a folder called: "PHPMyAdmin", change it to whatever you want but something safe that nobody would ever think of like: "This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker"
Well after changing path to folder you will probably see you can't access

You must be registered for see links

anywhere.
Here is the fix on how to make it able to access even with another folder name:

Go to Drive:\xampp\apache\conf\extra\httpd-xampp.conf and find the bottom line. Here is the lines you will have to change


Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
<Directory "C:/xampp/phpMyAdmin">
AllowOverride AuthConfig
</Directory>

Alias /webalizer "C:/xampp/webalizer/"
<Directory "C:/xampp/webalizer">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
</Directory>
</IfModule>Change to :
So we will have to change everywhere where it says: phpmyadmin. So it will look like this actually (If you used the folder name i just made before


Alias /This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker "C:/xampp/This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker/"
<Directory "C:/xampp/This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker">
AllowOverride AuthConfig
</Directory>

Alias /webalizer "C:/xampp/webalizer/"
<Directory "C:/xampp/webalizer">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
</Directory>
</IfModule>credit:
Procrastinaire
and mr google

I don't understand about 'Available File Extensions.. I have fixed others.. Mean need help with 'Available File Extensions

 

[JayC]

Don't worry about that unless you have one^

 

[Tony Wolf]

Don't worry about that unless you have one^

Maybe u will help me with this? And need more help with my retro.. Add me on skype please: tony.scarface01

 

[JayC]

I have my own hotel to be working on instead of fussing with all of the problems you keep posting and spamming my profile about. If you don't NEED something or don't know what some thing is or don't have something then don't WORRY about it until you can get anything on your hotel actually working.

 

[Tony Wolf]

I have my own hotel to be working on instead of fussing with all of the problems you keep posting and spamming my profile about. If you don't NEED something or don't know what some thing is or don't have something then don't WORRY about it until you can get anything on your hotel actually working.

Stable emulator for r63b?

 

[Jerry]

Stable emulator for r63b?

Lmfao, Use PlusEMU which every R63B hotel uses.

 

[Tony Wolf]

Lmfao, Use PlusEMU which every R63B hotel uses.

Many bugs, + i get errors!

 

[JayC]

Then learn how to fix the errors^ or go R63A, Nobody is going to food spoon you.

 

[Tony Wolf]

Then learn how to fix the errors^ or go R63A, Nobody is going to food spoon you.

Ofc, i will learn how to fix a errors! Mean can you show me how i do it, first

 

[Jerry]

Here are a couple things to fix errors;

1. Check Error Logs
2. Try and fix it
3. Go to MySQL or something to fix the sql error

Simple!

 

[Tony Wolf]

Here are a couple things to fix errors;

1. Check Error Logs
2. Try and fix it
3. Go to MySQL or something to fix the sql error

Simple!

Thanks.. mean can u help me with plusemu

 

[JayC]

omg @JerryCool don't even bother anymore, let someone else help him