Xamp Security Someone understand well Xamp?

Xamp Security Someone understand well Xamp?
for security for people no hack Data Base dekaron
I have change all pw and root but how people can continue hacker after change all pw and root id
if someone understand and can help thankyou!

Just change xamp port ! or make API

Xampp is not the best idea in win, if you use atleast linux to host it, well than the modules will be more secure. At the begining what i can say is remove webdav folder, deny connections to it because if you just delete the folder an easy shell can mkdir again, and edit some modules and protect them with htacess. This applys to your htdocs but i use much linux to host webserver that i almost forgot how windows is quite unstable for that porpuse.

what is good for windows server 2012?

Well you can use Appserver but also you can use xampp but you'll need to disable some modules and protect your htdocs at max. Well i kinda recommend to use a vm machine with linux for just webhost but that's not necessary if you wanna go with winsv12.
Just delete webdav and his access, protect your htdocs (use htaccess rules) and also disable some unecessary modules.
You can google more about it

thats why i stop using xampp long time ago.

Action10 maybe here you find something [Only registered and activated users can see links. Click Here To Register...]

thankyou!
i have change all id pw xamp but people continued hacking now i will try this!

you're welcome Action10 but i suggest using nginx i think one of best web server i ever see.

First.

Deleted Webdav folder from c:/xampp
Deleted PhpMyAdmin Folder from c:/xampp and use Navicat for Manage your databases.


Two:
Use cloudflare dns for more secure again ddos attack in the domain.. Only in the domain :P

i've do this!
Deleted Webdav folder from c:/xampp
i rename PhpMyAdmin Folder from c:/xampp
and fix again all pw DB Sql and MySql Xamp
and people continue hacking db

[Only registered and activated users can see links. Click Here To Register...]

i'm using this page register

Quote:

<?php // fill in your mssql info here $mssql = array( 'host' => "127.0.0.1", 'user' => "sa", 'pass' => "" ); echo "<center>"; if($_POST['activ'] == '1') { $con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']); $result1 = mssql_query("SELECT * FROM account.dbo.USER_PROFILE WHERE user_id = '".$_POST['accname']."'",$con); $row1 = mssql_num_rows($result1); $dk_time=strftime("%y%m%d%H%M%S"); list($usec1, $sec1) = explode(" ",microtime()); $dk_user_no=$dk_time.substr($usec1,2,2); if(empty($_POST['accname']) || empty($_POST['accpass1']) || empty($_POST['accpass2'])|| empty($_POST['accname']) || empty($_POST['accmail'])) { echo "<br>You didnt fill in all fields<a href='javascript:history.back()'>Go Back</a>"; } elseif($row1 > '0' || $row2 > '0') { echo "<br>This Account name already exists.<a href='javascript:history.back()'>Go Back</a>"; } elseif($row3 > '0') { echo "<br>This E-Mail is already in use.<a href='javascript:history.back()'>Go Back</a>"; } elseif($_POST['accpass1'] != $_POST['accpass2']) { echo "<br>The passwords did not match<a href='javascript:history.back()'>Go Back</a>"; } elseif($_POST['accpass1'] == $_POST['accname']) { echo "<br>Account name and password are the same.<a href='javascript:history.back()'>Go Back</a>"; } elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $_POST['accname'])) { echo "<br>Enter a account name only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>"; } elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $_POST['accpass1'])) { echo "<br>Enter a password only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>"; } elseif(!preg_match("/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/i",$_POST['accmail'])) { echo "<br>Your e-Mail is not correct.<a href='javascript:history.back()'>Go Back</a>"; } elseif(strlen($_POST['accname']) < 3 || strlen($_POST['accname']) > 15) { echo "<br>The Accountname must at least 3 indications long and may maximally 15 indications long.<a href='javascript:history.back()'>Go Back</a>"; } elseif(strlen($_POST['accpass1']) < 3 || strlen($_POST['accpass1']) > 15) { echo "<br>The Password must at least 3 indications long and may maximally 15 indications long.<a href='javascript:history.back()'>Go Back</a>"; } else { $accpass = md5($_POST['accpass1']); mssql_query("INSERT INTO account.dbo.USER_PROFILE (user_no,user_id,user_pwd,resident_no,user_type,lo gin_flag,login_tag,ipt_time,login_time,logout_time ,user_ip_addr,server_id) VALUES ('$dk_user_no','".$_POST['accname']."','".$accpass."','801011000000','1','0','Y','".$ date."',null,null,null,'000')",$con); echo "<center><b><u>The account was successfully created. Have fun !</b></u></center><br><br>"; echo "<center>Here is your login info again:</center>"; echo "<center>Your account name is: <b>".$_POST['accname']."</b></center>"; echo "<center>Your password is: <b>".$_POST['accpass1']."</b></center>"; echo "DO NOT LOOSE THIS INFO, YOU MAY WRITE IS DOWN AND HIDE IT"; } } else { $con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']); $result1 = mssql_query("SELECT * FROM account.dbo.USER_PROFILE",$con); $row1 = mssql_num_rows($result1); echo "<center><b><u>This time we have ".$row1." Registed Accounts on our Server<br>Join us.</b></u></center><br>"; echo "<form action='".$_SEVER['PHP_SELF']."' method='POST'>"; echo "<center><table>"; echo "<tr><td colspan='2' align='center'><b><u>Your Account Info</u></b></td></tr>"; echo "<tr><td>Account Name</td><td><input type='text' name='accname' maxlength='12'></td></tr>"; echo "<tr><td>Password</td><td><input type='password' name='accpass1' maxlength='12'></td></tr>"; echo "<tr><td>Again pass.</td><td><input type='password' name='accpass2' maxlength='12'></td></tr>"; echo "<tr><td>&nbsp;</td><td>&nbsp;</td></tr>"; echo "<tr><td colspan='2' align='center'><b><u>Other account info</u></b></td></tr>"; echo "<tr><td>Email</td><td><input type='text' name='accmail' maxlength='50'></td></tr>"; echo "<tr><td>&nbsp;</td><td>&nbsp;</td></tr>"; echo "<tr><td colspan='2' align='center'> <input type='hidden' name='activ' value='1'> <input type='submit' value='Create Account'></td></tr>"; echo "</table></center>"; echo "</form>"; } echo "</center>"; ?>

It is awesome with that kinda input in the database :p

Please use a captcha script its more secure because someone can easily create a input script and randomly insert multiple accounts and its not a big deal.
Btw its not necessary use navicat for manage phpmyadmin, simply use another login details and as i said disable some modules and protect it.

Quote:

Originally Posted by Underfisk Please use a captcha script its more secure because someone can easily create a input script and randomly insert multiple accounts and its not a big deal. Btw its not necessary use navicat for manage phpmyadmin, simply use another login details and as i said disable some modules and protect it.

Navicat is better than phpmyadmin and u can connect to sql server and mysql :) already help him, he not have anti gm hack, he uses sql server express and not have sql server agent for made jobs.

Well i guess you're shooting in the dark saying that navicat is better but well i'll not discuss about that with you. Anyway if it helped him, it's nice to hear.

Quote:

Originally Posted by tno1 It is awesome with that kinda input in the database :p

By people like you the dekaron community on private servers is in the shit.
Believing they know everything and fucking those who strive to have a server.