Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Q&A
Help me to secure XAMPP!
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Jerry" data-source="post: 273522" data-attributes="member: 35321"><p><strong>I - Information:</strong></p><p><strong>Well as i said before, this is a simple tutorial on how to secure your ran using xampp..</strong></p><p><strong></strong></p><p><strong>II - Tutorial LIST:</strong></p><p><strong>1: How to secure people from uploading shells.</strong></p><p><strong>2: How to secure people from sql injecting (PMA).</strong></p><p><strong></strong></p><p><strong>III - Guide(s):</strong></p><p><strong>1 - How to secure people from uploading shells:</strong></p><p><strong>Connecting to xampp:</strong></p><p><strong>Delete "WebDav" folder from your xampp folder. (Drive:\xampp\webdav)</strong></p><p><strong></strong></p><p><strong>Reason: People (usually beginner hackers) can log in to your webdav folder (using username: "webdav" password: "wampp"/"xampp") and upload anything they wan't, delete anything, download ect. They can also navigate around your VPS/Dedi/PC when they have connected to webdav, so this is pretty dangerous having webdav in your xampp folder.</strong></p><p><strong></strong></p><p><strong>File uploader:</strong></p><p><strong>1) If you have a file uploader, then make sure you have coded 'Available File Extensions'.</strong></p><p><strong></strong></p><p><strong>2) Make sure nobody knows what the folder's path is.</strong></p><p><strong></strong></p><p><strong>Reason:</strong></p><p><strong>1) If you don't have any 'Available File Extensions' then people can just upload c99 shell or what so ever and hack your site.</strong></p><p><strong></strong></p><p><strong>2) Well here, if you also don't have 'Available File Extensions', people can simply upload a shell and find the local path then hack the website.</strong></p><p><strong></strong></p><p><strong></strong></p><p><strong>2 - How to secure people from sql injecting (PMA):</strong></p><p><strong>Well here there is several ways on how to secure people from sql injecting your PMA.</strong></p><p><strong></strong></p><p><strong>*Here is the other tutorial on how to secure your site from being SQL injected via PMA.</strong></p><p><strong></strong></p><p><strong>You go to Drive:\xampp and find a folder called: "PHPMyAdmin", change it to whatever you want but something safe that nobody would ever think of like: "This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker"</strong></p><p><strong>Well after changing path to folder you will probably see you can't access <a href="http://yourdomain.domain/phpmyadmin" target="_blank">http://yourdomain.domain/phpmyadmin</a> anywhere.</strong></p><p><strong>Here is the fix on how to make it able to access even with another folder name:</strong></p><p><strong></strong></p><p><strong>Go to Drive:\xampp\apache\conf\extra\httpd-xampp.conf and find the bottom line. Here is the lines you will have to change</strong></p><p></p><p></p><p>Alias /<strong>phpmyadmin "C:/xampp/phpMyAdmin</strong>/"</p><p><Directory "<strong>C:/xampp/phpMyAdmin</strong>"></p><p>AllowOverride AuthConfig</p><p></Directory></p><p></p><p>Alias /webalizer "C:/xampp/webalizer/"</p><p><Directory "C:/xampp/webalizer"></p><p><IfModule php5_module></p><p><Files "webalizer.php"></p><p>php_admin_flag safe_mode off</p><p></Files></p><p></IfModule></p><p>AllowOverride AuthConfig</p><p></Directory></p><p></IfModule><strong>Change to :</strong></p><p><strong>So we will have to change everywhere where it says: phpmyadmin. So it will look like this actually (If you used the folder name i just made before</strong></p><p></p><p></p><p>Alias /<strong>This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker</strong> "<strong>C:/xampp/This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker</strong>/"</p><p><Directory "C:/xampp/This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker"></p><p>AllowOverride AuthConfig</p><p></Directory></p><p></p><p>Alias /webalizer "C:/xampp/webalizer/"</p><p><Directory "C:/xampp/webalizer"></p><p><IfModule php5_module></p><p><Files "webalizer.php"></p><p>php_admin_flag safe_mode off</p><p></Files></p><p></IfModule></p><p>AllowOverride AuthConfig</p><p></Directory></p><p></IfModule>credit:</p><p>Procrastinaire</p><p>and mr google</p></blockquote><p></p>
[QUOTE="Jerry, post: 273522, member: 35321"] [B]I - Information: Well as i said before, this is a simple tutorial on how to secure your ran using xampp.. II - Tutorial LIST: 1: How to secure people from uploading shells. 2: How to secure people from sql injecting (PMA). III - Guide(s): 1 - How to secure people from uploading shells: Connecting to xampp: Delete "WebDav" folder from your xampp folder. (Drive:\xampp\webdav) Reason: People (usually beginner hackers) can log in to your webdav folder (using username: "webdav" password: "wampp"/"xampp") and upload anything they wan't, delete anything, download ect. They can also navigate around your VPS/Dedi/PC when they have connected to webdav, so this is pretty dangerous having webdav in your xampp folder. File uploader: 1) If you have a file uploader, then make sure you have coded 'Available File Extensions'. 2) Make sure nobody knows what the folder's path is. Reason: 1) If you don't have any 'Available File Extensions' then people can just upload c99 shell or what so ever and hack your site. 2) Well here, if you also don't have 'Available File Extensions', people can simply upload a shell and find the local path then hack the website. 2 - How to secure people from sql injecting (PMA): Well here there is several ways on how to secure people from sql injecting your PMA. *Here is the other tutorial on how to secure your site from being SQL injected via PMA. You go to Drive:\xampp and find a folder called: "PHPMyAdmin", change it to whatever you want but something safe that nobody would ever think of like: "This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker" Well after changing path to folder you will probably see you can't access [URL]http://yourdomain.domain/phpmyadmin[/URL] anywhere. Here is the fix on how to make it able to access even with another folder name: Go to Drive:\xampp\apache\conf\extra\httpd-xampp.conf and find the bottom line. Here is the lines you will have to change[/B] Alias /[B]phpmyadmin "C:/xampp/phpMyAdmin[/B]/" <Directory "[B]C:/xampp/phpMyAdmin[/B]"> AllowOverride AuthConfig </Directory> Alias /webalizer "C:/xampp/webalizer/" <Directory "C:/xampp/webalizer"> <IfModule php5_module> <Files "webalizer.php"> php_admin_flag safe_mode off </Files> </IfModule> AllowOverride AuthConfig </Directory> </IfModule>[B]Change to : So we will have to change everywhere where it says: phpmyadmin. So it will look like this actually (If you used the folder name i just made before[/B] Alias /[B]This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker[/B] "[B]C:/xampp/This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker[/B]/" <Directory "C:/xampp/This-Is-Not-PMA-So-Do-Not-Go-Here-Any-Hacker"> AllowOverride AuthConfig </Directory> Alias /webalizer "C:/xampp/webalizer/" <Directory "C:/xampp/webalizer"> <IfModule php5_module> <Files "webalizer.php"> php_admin_flag safe_mode off </Files> </IfModule> AllowOverride AuthConfig </Directory> </IfModule>credit: Procrastinaire and mr google [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Q&A
Help me to secure XAMPP!
Top