WampServer
Apache, PHP, MySQL
on Windows
tmp directory setting
Posted by:
meror
(---.client.rionet.cz)
Date: October 13, 2020 03:41PM
Hello,
I am pretty happy how my wamp is running now, but still feeling I need to set something better - secure better if possible.
I started to get messages from Defender that there were multiple attempts to attack with trojans and backdoors and that the threat was removed.
All the time same scenario - somehow the bad guys are trying to upload files into wamp tmp dir but I did not figure out how from all the logs I am collecting.
As an example:
wamp\tmp\phpE865.tmp
wamp\tmp\php96AA.tmp
wamp\tmp\phpF0EC.tmp->[EmbeddedEnc]
wamp\tmp\php9EA3.tmp
and many others...
First what came into my mind that these files are successfully uploaded into wamp tmp through some virtual host running on server.
But although I am logging many things I was unable to find how the file was uploaded.
And I believe make wamp tmp read-only is not an option as wamp need rw access there.
Please any suggestion how wamp can tell me how these bad files were uploaded to tmp and possible to find a way how to properly restrict this but not affect running virtual hosts from their proper run?
Thank you.
I am pretty happy how my wamp is running now, but still feeling I need to set something better - secure better if possible.
I started to get messages from Defender that there were multiple attempts to attack with trojans and backdoors and that the threat was removed.
All the time same scenario - somehow the bad guys are trying to upload files into wamp tmp dir but I did not figure out how from all the logs I am collecting.
As an example:
wamp\tmp\phpE865.tmp
wamp\tmp\php96AA.tmp
wamp\tmp\phpF0EC.tmp->[EmbeddedEnc]
wamp\tmp\php9EA3.tmp
and many others...
First what came into my mind that these files are successfully uploaded into wamp tmp through some virtual host running on server.
But although I am logging many things I was unable to find how the file was uploaded.
And I believe make wamp tmp read-only is not an option as wamp need rw access there.
Please any suggestion how wamp can tell me how these bad files were uploaded to tmp and possible to find a way how to properly restrict this but not affect running virtual hosts from their proper run?
Thank you.
Re: tmp directory setting
Posted by:
Otomatic
(Moderator)
Date: October 13, 2020 04:06PM
Hi,
wamp(64)\tmp is the folder dedicated to several "things":
- PHP session.save_path
- PHP upload_tmp_dir
- PHP soap.wsdl_cache_dir
- PHP xdebug.profiler_output_dir
- MySQL secure_file_priv
- MySQL tmpdir
So there can be many files of all kinds in this folder and they are not necessarily "bad files".
What makes you say they are "bad files"?
Access to this folder, which is part of the server, is basically forbidden by the directive in the httpd.conf file.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
wamp(64)\tmp is the folder dedicated to several "things":
- PHP session.save_path
- PHP upload_tmp_dir
- PHP soap.wsdl_cache_dir
- PHP xdebug.profiler_output_dir
- MySQL secure_file_priv
- MySQL tmpdir
So there can be many files of all kinds in this folder and they are not necessarily "bad files".
What makes you say they are "bad files"?
Access to this folder, which is part of the server, is basically forbidden by the directive in the httpd.conf file.
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride none
Require all denied
</Directory>---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Re: tmp directory setting
Posted by:
meror
(---.client.rionet.cz)
Date: October 13, 2020 09:46PM
Thank you for your answer.
httpd.conf directive set as you stated.
So maybe allowed by some virtual host as there are running couple of wordpress instances.
In regards to bad files - as I stated, this was discovered by MS Defender and those files automatically removed.
Defender report example:
Status: Removed
Threat found: Backdoor:Win32/Dirtelti!ml
Severity: High
Category: Backdoor
Related files:
...\wamp\tmp\php9EA3.tmp
Similar for other files as well - Trojans, Backdoors, Malware etc...
Trojan
HP/Obfuse!MSR
Trojan
cript/Wacatac.B!ml
all of them via uploaded phpxxx.tmp files into wamp tmp folder.
In my opinion, somebody is abusing some security hole somewhere in wamp or wordpress to upload infected file to wamp tmp folder, fortunately Defender realtime control does not allow any more actions I hope.
My goal is to make sure such files cannot be uploaded to wamp tmp / or in other words nobody could anyhow force php/apache to upload such file. I am sorry if using bad terminology.
Thank you.
httpd.conf directive set as you stated.
So maybe allowed by some virtual host as there are running couple of wordpress instances.
In regards to bad files - as I stated, this was discovered by MS Defender and those files automatically removed.
Defender report example:
Status: Removed
Threat found: Backdoor:Win32/Dirtelti!ml
Severity: High
Category: Backdoor
Related files:
...\wamp\tmp\php9EA3.tmp
Similar for other files as well - Trojans, Backdoors, Malware etc...
Trojan
HP/Obfuse!MSRTrojan
cript/Wacatac.B!mlall of them via uploaded phpxxx.tmp files into wamp tmp folder.
In my opinion, somebody is abusing some security hole somewhere in wamp or wordpress to upload infected file to wamp tmp folder, fortunately Defender realtime control does not allow any more actions I hope.
My goal is to make sure such files cannot be uploaded to wamp tmp / or in other words nobody could anyhow force php/apache to upload such file. I am sorry if using bad terminology.
Thank you.
Re: tmp directory setting
Posted by:
Otomatic
(Moderator)
Date: October 14, 2020 12:22PM
Hi,
À In my humble opinion, it is in WordPress that you should prohibit file uploads, except to duly authorized "members".
You can also, in the phpForApache.ini file of the PHP web version used, change the folder defined by upload_tmp_dir.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
À In my humble opinion, it is in WordPress that you should prohibit file uploads, except to duly authorized "members".
You can also, in the phpForApache.ini file of the PHP web version used, change the folder defined by upload_tmp_dir.
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Re: tmp directory setting
Posted by:
meror
(---.client.rionet.cz)
Date: October 19, 2020 12:27PM
Thank you for your reply.
I tried some tweaks in Wordpress, hopefully it will be helpful and not destructive to the pages.
I tried some tweaks in Wordpress, hopefully it will be helpful and not destructive to the pages.
Sorry, only registered users may post in this forum.
