Thursday, January 08, 2009

Set Xampp Security

To check how secure your XAMPP application go to you localhost http://localhost/security/ That page gives you a quick overview about the security status of your XAMPP installation. There are five item on that page.

1. Password for MySQL
2. Password for PhpMyAdmin
3. Password for FileZilla FTP
4. Safe Mode on PHP
5. newuser username on POP3 Server (Mercury Mail)

To fix the problems for mysql, phpmyadmin and the xampp directory just go to
=> http://localhost/security/xamppsecurity.php
But remember, it's only allowed for localhost only.

And how to set the other if it's mark as unsecured?

FileZilla FTP
First you need to install FileZilla as service. You can do that from XAMPP Control Panel. Check on Module FileZilla then follow the instruction. If your FileZilla server have started then click on Admin. You will ask for password that you must submit 'wampp' and click OK.

If success you will see FileZilla server interface.
Click on menu Edit > Users
Choose newuser on Users column
Change the password with your new password
Click Rename to rename username
Click OK after finish.

Now you can check on http://localhost/security/xamppsecurity.php to see if your FileZilla server get secure now.

PHP Safe Mode
Safe mode configuration is useful if you don't want to offer PHP executions for outside persons
But remember if you set safe mode some important functions will not working then. Click here to see more information about safe mode.

To set safe mode go to php.ini. Usually it located on %xampp installation folder%\apache\bin\php.ini.
Find safe_mode = Off and change to safe_mode = On
Find safe_mode_gid = Off and change to safe_mode_gid = On
Then restart your apache and check if your PHP is secure now

Mercury Mail
Usually newuser doesn't exist so you don't need to remove it.

Some Important Notes
1. If your computer is not online or blocked by a firewall or not running, your servers are SECURE against outside attacks so you can ignore the setting except your computer is public.
2. Use firewall to block access from outside and just open some function that need to be open.

Here The XAMPP default ports:
ftp 21/tcp # File Transfer [Control] (XAMPP: FTP Default Port)
smtp 25/tcp mail # Simple Mail Transfer (XAMPP: SMTP Default Port)
http 80/tcp # World Wide Web HTTP (XAMPP: Apache Default Port)
pop3 110/tcp # Post Office Protocol - Version 3 (XAMPP: POP3 Default Port)
imap 143/tcp # Internet Message Access Protocol (XAMPP: IMAP Default Port)
https 443/tcp # http protocol over TLS/SSL (XAMPP: Apache SSL Port)
mysql 3306/tcp # MySQL (XAMPP: MySQL Default Port)
AJP/1.3 8009 # AJP/1.3 (XAMPP: Tomcat AJP/1.3 Port)
http-alt 8080/tcp # HTTP Alternate (see port 80) (XAMPP: Tomcat Default Port)

Have a nice try!

1 comment:

  1. To seek a new team system, we must first be able to select their own as a dps / lineage 2 power leveling / tank that three kinds of roles in which (several) types of cheap dofus power leveling