Security issues
Posted by: cborghoff (---.dial-up.telesp.net.br)
Date: December 16, 2006 12:39AM

Hi, I'm using WAMP to test my web site locally and to keep a versioning control system, but I don't want to grant access to my computer files to anyone. The problem is that I don't know how secure it will be to work on regular basis with the WAMP server runing in the background while editing both my localhost site and remote server web site..

Until today I was running version 1.6.1, so now (with 1.6.6) I have the option to not put the server online. The "Put online" option is turned off by default, what suggest that nobody can reach my local server from the web, correct? But I have made a test with Symantec Security Test allowing WAMP to access the web on my Firewall and leaving the server on offline mode. It returned a vunerability about port 80 being opened. Is that normal?

Additionally, my web site has applets that access external web sites like Googla Maps and even if I put the WAMP server on offline mode and block it on the firewall I still can read Google Maps applet from inside my localhost site running under WAMP. Is that normal too?

So, for maxximum security I think I should leave the WAMP on offline mode, and block its communication with the web on my firewall. Is there any other configuration that can improve my security?

If someone manage to reach my localhost site, even with this configuration, will he be able to browse folders and documents outside the www root?

Any help will be very appreciated.

Thanks

Options: ReplyQuote
Re: Security issues
Posted by: yfastud (---.mia.bellsouth.net)
Date: December 16, 2006 03:07AM

check these links and please, tell me if you CAN get something outside those links. similarly, if you leave everything by default after installation, your sites should be fine.

[test.jlbn.com]
[mail.jlbn.com]
[forum.jlbn.com]
[ftp.jlbn.com]
[jlbn.com] (Images Testing)
[jlbn.com] (Flashes Testing)




Post Edited (12-18-06 14:10)

Have fun,

FREE One A Day
FREE Photo
FREE Games
FREE Websites
FREE Portable GPS
FREE WAMP Guides

Options: ReplyQuote
Re: Security issues
Posted by: steveryherd (---.central.biz.rr.com)
Date: December 17, 2006 09:58PM

cborghoff, if you do not change the http.conf,
Keep it in offline mode,
And have disabled port 80 on your network firewall you're fairly secure.

With wamp in offline mode, it's set to reject all requests from outside your computer.

Even if you opened your server to public viewing, it's not likely that Apache would immediately serve files outside of your "www" directory. -- PHP however may have the necessary permissions to manipulate files anywhere on your computer, So be careful which scripts you install.

Options: ReplyQuote
Re: Security issues
Posted by: cborghoff (---.dial-up.telesp.net.br)
Date: December 18, 2006 05:00AM

Thank you very much.

Options: ReplyQuote
Re: Security issues
Posted by: Mark Jones (---.buckeyecom.net)
Date: December 18, 2006 08:45AM

Is there any plug-in for Apache to detect and block intrusion attempts?

Options: ReplyQuote
Re: Security issues
Posted by: Mark Jones (---.buckeyecom.net)
Date: December 20, 2006 09:04PM

Aaaha! There is a plugin for this... see a writeup about mod_security at www.securityfocus.com/columnists/418

Options: ReplyQuote
Re: Security issues
Posted by: eliezer (---.suth.com)
Date: December 20, 2006 09:21PM

you guys could also try a .htaccess file that denys access to people outside YOUR IP, you can deny access to everyone outside the local host, or allow everyone, or allow specific IPs or deny access to specific IPs.

you can try that.
just put the file in your /www folder.
heres a (hopefully) useful link:
[sniptools.com]

(btw, make sure you have "AccessFileName" and "AllowOverride" set right in you httpd.conf)

Options: ReplyQuote
Re: Security issues
Posted by: yfastud (---.cable.mindspring.com)
Date: December 21, 2006 12:54AM

htaccess might stop invalid users but not spy bots. already downloaded and will check it out.

Options: ReplyQuote


Sorry, only registered users may post in this forum.