WampServer
Apache, PHP, MySQL
on Windows
Vulnerabilities with older versions
Posted by:
zorro777
(223.196.84.---)
Date: August 27, 2015 03:46PM
I did some security scans yesterday and found many vulnarabilities with all the softwares that come bundled with wampserver and even latest version ships with older version of softwares.
Following are my questions,
1. I keep wamp local only still can it be compromised by someone from outside?
2. Apache doesn't log anymore after 12th of august, was I compromised?
3. I was planning to occasionally make my site accessible for client(just for few minutes) via Page Kite or other such tunneling softwares, will it be okay or bad idea?
4. After seeing all these vulnerabilities I was thinking of dropping wampserver and install all softwares manually, will it be too complicated? I guess I can play around before completely uninstalling wampserver right?
5. Size of wampserver is below 100Mb which ships with more than one software and MySQL community edition comes around 230Mb anything I miss here?
6. Not much related but after downloading Wampserver 64 bit it still runs under 32 bits.
Any help, suggestion will be great.
Following are my questions,
1. I keep wamp local only still can it be compromised by someone from outside?
2. Apache doesn't log anymore after 12th of august, was I compromised?
3. I was planning to occasionally make my site accessible for client(just for few minutes) via Page Kite or other such tunneling softwares, will it be okay or bad idea?
4. After seeing all these vulnerabilities I was thinking of dropping wampserver and install all softwares manually, will it be too complicated? I guess I can play around before completely uninstalling wampserver right?
5. Size of wampserver is below 100Mb which ships with more than one software and MySQL community edition comes around 230Mb anything I miss here?
6. Not much related but after downloading Wampserver 64 bit it still runs under 32 bits.
Any help, suggestion will be great.
Re: Vulnerabilities with older versions
Posted by:
Otomatic
(Moderator)
Date: August 27, 2015 05:53PM
Hi,
If you:
- 1 - do not change "httpd.conf" and let:
5 - Many files in the MySQL distribution are useless to the average user and can be deleted without any problems.
For exemple, unzip MySQL mysql-5.6.26-win32.zip gives 1521 MB with folders:
bin\
data\
docs\
include\
lib\
mysql-test\
scripts\
share\
sql-bench\
Folders docs, include, lib, mysql-test, scripts and sql-bench can be deleted, so, after there is 532 MB.
All 32 bits version run well under Windows 64 bits.
Apache, PHP and MySQL 64 bits versions give nothing more nor better than the 32-bit versions and are considered experimental. Only the PHP version 7.0.0 will be a real support for 64 bit with 64-bit integer variables and support files larger than 4 TB
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
If you:
- 1 - do not change "httpd.conf" and let:
<Directory />
AllowOverride none
Require all denied
</Directory>
and
# onlineoffline tag - don't remove
Require local
</Directory>
- 2 - use VirtualHost with:
<Directory "path_to_dir/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require local
</Directory>
- 3 - open only the site you want for client with the IP of your client like this:
<Directory "G:/www/aviatechno/">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require local
Require ip ip_of_client
</Directory>
Only the client may access the local site.5 - Many files in the MySQL distribution are useless to the average user and can be deleted without any problems.
For exemple, unzip MySQL mysql-5.6.26-win32.zip gives 1521 MB with folders:
bin\
data\
docs\
include\
lib\
mysql-test\
scripts\
share\
sql-bench\
Folders docs, include, lib, mysql-test, scripts and sql-bench can be deleted, so, after there is 532 MB.
All 32 bits version run well under Windows 64 bits.
Apache, PHP and MySQL 64 bits versions give nothing more nor better than the 32-bit versions and are considered experimental. Only the PHP version 7.0.0 will be a real support for 64 bit with 64-bit integer variables and support files larger than 4 TB
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Sorry, only registered users may post in this forum.
