Securing XAMPP [Tutorial]

Status
Not open for further replies.

Ayumi

Joshua Pike.
Sep 13, 2010
1,028
73
»How to secure XAMPP so people can't deface your site as easily«

Once you have downloaded XAMPP, it is probably a good idea to not release your website/hotel to the public without doing what it shown in this tutorial first, if you don't do this then people can easily deface your website.


Tutorial:
When downloaded and installed XAMPP, locate the directory you have installed XAMPP in, for me this is in C:/xampp/
dqn884.png

Now, when in this directory, you shall see a folder named: 'webdav' simply delete this directory and restart your XAMPP.
5cgjlh.png

Now that you have deleted this folder, your XAMPP is no longer exploitable. This means people like 'stoneface' cannot hack your website due to you deleting this directory.

Thanks for reading, more tutorials coming soon based around XAMPP and coding, sorry if this is in the wrong section by the way. Didn't really know where to put it.

Credits: Hmm from Devbest.com for making this tutorial and taking the images.
Please don't steal, but feel free to take and give credits. -Josh.
 

Kryptos

prjRev.com
Jul 21, 2010
2,205
1,252
Nice tutorial, I already knew this but it is really helpful, also, xampp has a bunch of exploits(I've heard) so it is still exploitable, but yea, this is the most common exploit people use. Thanks for sharing!
 

Ayumi

Joshua Pike.
Sep 13, 2010
1,028
73
Nice tutorial, I already knew this but it is really helpful, also, xampp has a bunch of exploits(I've heard) so it is still exploitable, but yea, this is the most common exploit people use. Thanks for sharing!

I know most of the other exploits as well, but if I put a tutorial on how to protect against those then that is also teaching them how to do it to other hotels, which is basically teaching them how to exploit other servers which is against the rules. Although, this will help a lot of other retro makers out their, and thanks for the comments.
 

RastaLulz

fight teh power
Staff member
May 3, 2010
3,934
3,933
Thanks for this nice little tutorial! Hopefully it helps some people.
 

Benden

maging ang maganda mamatay
Jun 4, 2010
2,286
1,482
How does deleting this fix an exploit? and what was that even there for?
 

Kryptos

prjRev.com
Jul 21, 2010
2,205
1,252
This is how the exploit works:
A guy uses a program which I won't mention to access your WebDAV installation. And since the password is default (unless you have changed it) the person can upload a shell, and gain access to everything on your server.

"Web-based Distributed Authoring and Versioning, or WebDAV, is a set of extensions to the Hypertext Transfer Protocol (HTTP) that allows computer-users to edit and manage files collaboratively on remote World Wide Web servers. RFC 4918 defines the extensions. ..."
en.wikipedia.org/wiki/WebDAV
 

Ayumi

Joshua Pike.
Sep 13, 2010
1,028
73
This is how the exploit works:
A guy uses a program which I won't mention to access your WebDAV installation. And since the password is default (unless you have changed it) the person can upload a shell, and gain access to everything on your server.

"Web-based Distributed Authoring and Versioning, or WebDAV, is a set of extensions to the Hypertext Transfer Protocol (HTTP) that allows computer-users to edit and manage files collaboratively on remote World Wide Web servers. RFC 4918 defines the extensions. ..."
en.wikipedia.org/wiki/WebDAV

Well, I wouldn't say it is a program as it is on your computer, just in a directory you wouldn't expect it to be in... And most people don't know how to change their webdav password, but at least this will help them out! And yourwelcome guys.
 

Ayumi

Joshua Pike.
Sep 13, 2010
1,028
73
Thank's guys. More coming soon! Don't forget, if you haven't already, press the Thanks button!
 

Sledmore

Chaturbate Livestreamer
Staff member
FindRetros Moderator
Jul 24, 2010
5,199
3,934
Thanks, It is easy though, You don't need to restart xampp btw, I customized my xampp, removed the webdav, from the config files xD.
 

Ayumi

Joshua Pike.
Sep 13, 2010
1,028
73
Thanks, It is easy though, You don't need to restart xampp btw, I customized my xampp, removed the webdav, from the config files xD.

Sometimes you have to restart xampp because the file doesn't register properly until you have restarted it, like when you remove it, people can't hack it any more but they can still see WebDav test page.
 

Bazinga

Posting Freak
Aug 3, 2010
819
54
Nice, tutorial. I got hacked using this before I knew about it (when I was a noob :D) So it will help many people who are new to the habbo community.
 
Nov 23, 2010
307
2
As i heard , WebDAV folder should not be removed , it should be renamed . if u will delete WebDAV folder , u will have problems with htdocs
 

SeanRog

Member
Jul 24, 2010
51
10
Bullshit.. Delete it and remove it from Apache (to remove it from Apache is not for noobs it can fuck your xampp!!!!) take backup
 
Status
Not open for further replies.

Users who are viewing this thread

Top