Securing XAMPP [Tutorial]

[Ayumi]

»How to secure XAMPP so people can't deface your site as easily«​

Once you have downloaded XAMPP, it is probably a good idea to not release your website/hotel to the public without doing what it shown in this tutorial first, if you don't do this then people can easily deface your website.


Tutorial:
When downloaded and installed XAMPP, locate the directory you have installed XAMPP in, for me this is in C:/xampp/

Now, when in this directory, you shall see a folder named: 'webdav' simply delete this directory and restart your XAMPP.

Now that you have deleted this folder, your XAMPP is no longer exploitable. This means people like 'stoneface' cannot hack your website due to you deleting this directory.

Thanks for reading, more tutorials coming soon based around XAMPP and coding, sorry if this is in the wrong section by the way. Didn't really know where to put it.

Credits: Hmm from Devbest.com for making this tutorial and taking the images.
Please don't steal, but feel free to take and give credits. -Josh.

 

[Kryptos]

Nice tutorial, I already knew this but it is really helpful, also, xampp has a bunch of exploits(I've heard) so it is still exploitable, but yea, this is the most common exploit people use. Thanks for sharing!

 

[Ayumi]

Nice tutorial, I already knew this but it is really helpful, also, xampp has a bunch of exploits(I've heard) so it is still exploitable, but yea, this is the most common exploit people use. Thanks for sharing!

I know most of the other exploits as well, but if I put a tutorial on how to protect against those then that is also teaching them how to do it to other hotels, which is basically teaching them how to exploit other servers which is against the rules. Although, this will help a lot of other retro makers out their, and thanks for the comments.

 

[RastaLulz]

Thanks for this nice little tutorial! Hopefully it helps some people.

 

[Benden]

How does deleting this fix an exploit? and what was that even there for?

 

[Kryptos]

This is how the exploit works:
A guy uses a program which I won't mention to access your WebDAV installation. And since the password is default (unless you have changed it) the person can upload a shell, and gain access to everything on your server.

"Web-based Distributed Authoring and Versioning, or WebDAV, is a set of extensions to the Hypertext Transfer Protocol (HTTP) that allows computer-users to edit and manage files collaboratively on remote World Wide Web servers. RFC 4918 defines the extensions. ..."
en.wikipedia.org/wiki/WebDAV

 

[Benden]

Oh. Thanks for the information this makes sense now.

 

[SuperBoogie]

Nice thank you

 

[Ayumi]

This is how the exploit works:
A guy uses a program which I won't mention to access your WebDAV installation. And since the password is default (unless you have changed it) the person can upload a shell, and gain access to everything on your server.

"Web-based Distributed Authoring and Versioning, or WebDAV, is a set of extensions to the Hypertext Transfer Protocol (HTTP) that allows computer-users to edit and manage files collaboratively on remote World Wide Web servers. RFC 4918 defines the extensions. ..."
en.wikipedia.org/wiki/WebDAV

Well, I wouldn't say it is a program as it is on your computer, just in a directory you wouldn't expect it to be in... And most people don't know how to change their webdav password, but at least this will help them out! And yourwelcome guys.

 

[Roper]

Excellent tutorial, this was very helpful.

 

[Mango2735]

I really appreciate this tutorial is so nice. Awesome Hmm

 

[Ayumi]

Thank's guys. More coming soon! Don't forget, if you haven't already, press the Thanks button!

 

[Sledmore]

Thanks, It is easy though, You don't need to restart xampp btw, I customized my xampp, removed the webdav, from the config files xD.

 

[Ayumi]

Thanks, It is easy though, You don't need to restart xampp btw, I customized my xampp, removed the webdav, from the config files xD.

Sometimes you have to restart xampp because the file doesn't register properly until you have restarted it, like when you remove it, people can't hack it any more but they can still see WebDav test page.

 

[Mango2735]

Very true indeed. Its not hard to customize xampp

 

[Bazinga]

Nice, tutorial. I got hacked using this before I knew about it (when I was a noob ) So it will help many people who are new to the habbo community.

 

[StrongFaith II]

As i heard , WebDAV folder should not be removed , it should be renamed . if u will delete WebDAV folder , u will have problems with htdocs

 

[SeanRog]

Bullshit.. Delete it and remove it from Apache (to remove it from Apache is not for noobs it can fuck your xampp!!!!) take backup