WampServer

You guys freaked me out with wamp5 not being secure at all. So I moved both of my sites, firstaramusements.com and freetoforum.com to a server through pixelsoupdeisgn.com. I did some research about security. SO I fugured it was in my best interest to not host them at home anymore. Gonna cost a bit every month but ah well. Just gonna use my wamp for testing stuff then move future sites to a hosting company. Thanks for all the help and advice with past stuff though guys. Greatly appreciated!

Jason101

Listen ..............JASON101
its not just wamp5...hackers and crackers i call them...the moment your connected to the internet ur safety is at risk...especially those who are on constanelty browsing threw sites, i wouldnt worry man about wamp5 id worry more on what your using to protect yourself from the bad guys !
a good virus protection is NOD32
a good firewall protection is ISS BLACKICE
i find both are EXCELLENT protective programs to use !

techno_man, yesterday you were a total newbie, who did not know anything about wamp, apache, php, securiy, etc. It took me years of hard work, training, studying, etc to get the knowledge about web hosting and security i have today. i hardly think you have gained enough experience in one day to dole out any comments or ideas about web hostring or security.

also, while nod32 and blackice are some good security programs, they are designed for regular desktop use, not for web hosting. once again your lack of knowlege of web security is quite evident since both programs offer no server security protection against dns attacks, sql injections, intrusion detection/prevention, cross site scripting, spambots, etc.


CyberSpatium
----------------------
WAMP English Forum Admin

Need help? Check out my WAMP User Manual/Guide here!

Please visit my latest website Clarify Loans:
clarifyloans.com

I totally agree CyberSpatium. I am not saying wamp5 is bad techno_man. All I am saying is that it is not secure AT ALL. Wamp5 is awesome, I love it! With my sites I had to move to a real hosting company because I was worried about security. I don't think there is a firewall or antivirus program out there that is totally secure. The only way to stay 100 percent secure is to unplug from the net. That is coming from a newbie to!

Peace all.

Jason101

yah very true jason101

Well ive been on the internety for along time, im new to the webserver side, but i have been hacked last summer 2006 threw a chat site, man it scared me alot and now im cautious to where i go when it comes to online internet activity !

Yup some websites should be shutdown for sure. Like sXXXXXs.ws. Go there, and your garanteed a few toolbars and some spyware on your machine. Do not goto that site, even if curious. I paid the price a few months ago, hehe.

Jason101

yah i call them sites *crack sites*, dont forget you pay the price when you go too those sites, i know ive been there too and i had tons of spyware all over my PC before!

windows/apache and linux/apache.. doesn't matter.. same secure.. all you need to get same tips for your server.. if your using windows, use NOD32 to protect your server against virus, and use a good Firewall software such as kaspersky..

As for file permission, theres a feature called as "OWNERSHIP" rights for each file on windows.. and its much secure then linux.

Feel free to use windows for your server.. if you dont want to pay for a server. theres no way to get user password from any db unless you dont use md5

OWNERSHIP, heard about it, but can you be more specific, link? reference? detail?

Have fun,

[www.jlbn.net] (testing WAMPS)
[test.jlbn.net] (testing codes)

keisko wrote:

> windows/apache and linux/apache.. doesn't matter.. same
> secure.. all you need to get same tips for your server.. if
> your using windows, use NOD32 to protect your server against
> virus, and use a good Firewall software such as kaspersky..
>
> As for file permission, theres a feature called as "OWNERSHIP"
> rights for each file on windows.. and its much secure then
> linux.
>
> Feel free to use windows for your server.. if you dont want to
> pay for a server. theres no way to get user password from any
> db unless you dont use md5

keisko, a few posts up from your post i posted why nod32 and blackice firewall will do nothing to improve server security. this also applies to kaspersky. here it is:

CyberSpatium wrote:

> techno_man, yesterday you were a total newbie, who did not know
> anything about wamp, apache, php, securiy, etc. It took me
> years of hard work, training, studying, etc to get the
> knowledge about web hosting and security i have today. i hardly
> think you have gained enough experience in one day to dole out
> any comments or ideas about web hostring or security.
>
> also, while nod32 and blackice are some good security programs,
> they are designed for regular desktop use, not for web hosting.
> once again your lack of knowlege of web security is quite
> evident since both programs offer no server security protection
> against dns attacks, sql injections, intrusion
> detection/prevention, cross site scripting, spambots, etc.
>

there is no case you could present to me where windows /apache is in any way a secure web server. and ownership permissions are not even close to linux user:group permissions.


CyberSpatium
----------------------
WAMP English Forum Admin

Need help? Check out my WAMP User Manual/Guide here!

Please visit my latest website Clarify Loans:
clarifyloans.com

******************** BLACKICE FIREWALL ***************************

BlackICE teams a personal firewall with an advanced intrusion detection system to constantly watch your Internet connection for suspicious behavior. BlackICE responds immediately by alerting you to trouble and instantly blocking the threat. BlackICE automatically detects and blocks attacks through a comprehensive inspection of all inbound and outbound information to your computer. And BlackICE PC Protection is constantly working to secure your dial-up, DSL, and cable modem from hackers 24 hours a day, every day of the year.
BlackICE's Application Protection quickly and invisibly defeats dangerous programs that attackers deliver through instant messaging, email, or even your Web browser! BlackICE stops these destructive programs before they do harm-like damaging your PC or launching email attacks against your friends and co-workers.

BlackICE PC Protection scans all inbound Internet traffic for suspicious activity on home or small business systems. BlackICE PC Protection features Application Protection, an exciting new feature designed to shield your PCs, laptops and workstations from hijack by an attacker, and protects you from Trojan horse applications, worms and other destructive threats.

-------------- > * BlackICE Server Protection SOHO *delivers the same bulletproof protection as our award-winning BlackICE PC Protection product with additional defense against specific attacks directed at Windows NT or 2000,2003 Servers. < ----------------------

*** BlackICE PC Protection Guards and Secures Against:
- Theft of personal identity, passwords or credit card info and more?
- Hackers using your PC to launch attacks against other PC users
- Computer downtime and system crashes

*** BlackICE STOPS ATTACKERS COLD:
- BLOCKS hacker attacks instantly
- PREVENTS destructive applications like worms and Trojans from ever starting
- REPORTS attempted attacks and identifies intruders
- SECURES any Internet connection, including dial-up, DSL, or cable modem

*** BlackICE PC Protection is Powerful and Easy-to-Use:
- BlackICE teams a personal firewall with an advanced intrusion detection system to constantly watch your Internet connection for suspicious behavior. BlackICE responds immediately by alerting you to trouble and instantly blocking the threat.
- BlackICE PC Protection now features Application Protection, an exciting new feature designed to shield your PCs, laptops and workstations from hijack by an attacker, and protects you from Trojan horse applications, worms and other destructive threats.
- BlackICE's Application Protection quickly and invisibly defeats dangerous programs that attackers deliver through instant messaging, email, or even your Web browser! BlackICE stops these destructive programs before they do harm-like damaging your PC or launching email attacks against your friends and co-workers.
- BlackICE automatically detects and blocks attacks through a comprehensive inspection of all inbound and outbound information to your computer. And BlackICE PC Protection is constantly working to secure your dial-up, DSL, and cable modem from hackers 24 hours a day, every day of the year.

BlackICE PC Protection: Windows 98, XP Home, XP Pro, Server 2003,2000 Pro, Me, NT 4.0 Workstation



Post Edited (04-17-07 20:25)

I tried black ice. norton, kapersky, zonealarm and bitdefender. The program I use now works better than all of those. Etrust internet security. Sorta of looks like zone alarm a bit.

Jason101

BlackICE™ Server Protection

Operating Systems
Microsoft Windows® NT® 4.0 Workstation or Server (Service Pack 4 or better)
Windows 2000 Professional, Server, or Advanced Server (Service Packs 1&2)
Internet Security Systems' BlackICE Server Protection application offers professional strength protection for Web, file, database, or application servers. By merging advanced intrusion detection with a commercial strength firewall, BlackICE provides a powerful one-two combination to guard server-based information against attack or misuse.
--------------------------------------
Server Protection Solutions
Protect your servers ahead of the threat with multi-layered protection from Internet Security Systems (ISS).

BlackICE PC Protection 3.6
BlackICE PC Protection 3.6 Intrusion protection and personal firewall solution featuring new Application Protection Release Notes 6.3 MB 10 April 2007
BlackICE Server Protection 3.6
BlackICE Server Protection 3.6 Intrusion protection and personal firewall solution for server systems featuring new Application Protection Release Notes 6.3 MB 10 April 2007

--------------------------
PS: $299.00 usa for the product !!!



Post Edited (04-17-07 21:07)

What's your point for Sql injection, cross site scripting, DNS attack? If u write your code secure, its doesn't matter what software your using..

example (sql injection)
$id = $_GET['id'];
$sql = mysql_query("SELECT id from table WHere id = $id";
^^ Thats insecure..

$id = intval($_GET['id']);
$sql = mysql_query("SELECT id from table Where id = ".mysql_real_escape_string($id));
^^ Thats pretty secure

example (Cross site scripting)
$name = $_GET['name'];
echo "YOUR name is $name";
Insecure...

$name = $_GET['name'];
echo "Your name is ".htmlspecialchars($name));
^^ Secure..

Same results on windows or linux, with wamp or anything.. Sorry but i didnt understood your point..

This is my oppion to CYBER
if you think that a hacker will bypass *BLACKICE SERVER FIREWALL*
Talk to ------ >BLACKICE< ----- Administration
Listen i dont want to argue about firewalls and antivirus's
but dont ever understimate me about SECURITTY
i have SECURRITY and i aint afraid of the BIG BAD WOLF !!!!
If i had credit cards and money and bank accounts all in 1, then id pay for even better securtitty, its not about money, its about PROTECTION !
Norton,Mcafree, ETC... are viruse's all together.
if you think a hacker will send me a trojan or a worm threw NOD32 GUESS again !
--------------------
If you’re managing thousands of workstations and servers across remote locations, you need a robust, comprehensive solution you can rely on. NOD32’s all-in-one protection, small footprint, and fast performance will be a welcome upgrade from competitive solutions.

Remote Administrator makes it easy to deploy, monitor and manage 10,000 machines from a single console. This powerful centralized management console installs in minutes. An entire network of 500 machines can be installed in just a few hours.

Find out more about:

NOD32 Enterprise Edition

NOD32 for Microsoft Exchange

NOD32 LAN Update Server

NOD32 for Linux File Server

dns attacks has nothing do do with how secure your code is. and there are many more types of attacks that have nothing to do with how secure your code is. running a secure sever requires much more then just secure code.



CyberSpatium
----------------------
WAMP English Forum Admin

Need help? Check out my WAMP User Manual/Guide here!

Please visit my latest website Clarify Loans:
clarifyloans.com

-------------------------BlackICE Defender stops 250 plus dns attacks --------------------------

To understand how firewalls work, it is necessary to have a basic understanding about how computers communicate over a TCP/IP network, such as the Internet. You get services on other machines through virtual connections known as ports. There are TCP and UDP ports. UDP connections are similar to TCP but UDP does not include error correction.

When your web browser tries to load a web page, it tries to connect to port 80 on the remote machine. If a web server is listening at port 80, it sends the default web page to your browser. To send e-mail to a remote server, you try to connect to port 25 on the other machine. If an SMTP daemon is listening on port 25, it answers with a standard greeting. Services can listen on non-standard port numbers, but in most cases this defeats the purpose, since the machine connecting to them must know to attempt the connection on the different port number. PUB II uses this capability to support an extra FTP server used to maintain web pages.

There are a total of 64K ports available. These are categorized as system ports (those under 1024) and application ports (those over 1024). System ports are generally more powerful. This comes from the fact that, under Unix, only processes running under the root context (the most powerful account on the system) may open ports under 1024.

Enter BlackICE Defender. It has four basic configurations. The most open is Trusting, where no ports are blocked and a connection may be made to any listening port. Other settings are Cautious, Nervous, and Paranoid. Each setting blocks more inbound TCP and UDP ports. Paranoid blocks all inbound ports. If someone can't connect to a port on your computer, they can't exploit a weakness there. The more ports you block, the more secure the machine will be.

The manual says outbound connections are never blocked, meaning you can connect from a BlackICE-protected machine to other computers without interference from BlackICE. Tech support tells me that due to UDP's connectionless nature, all outbound UDP ports are blocked when set to Paranoid, meaning some applications like ICQ will not work at Paranoid.

If BlackICE does not block a port, it must try to determine if the packets of data are normal traffic or an attack. This is not a simple task and this ability, more than anything else, separates a good firewall from a bad one. Even set to Trusting BlackICE has a lot of work to do. It must allow all connections to happen normally. It then has to decide if the traffic is legitimate or an attack which it must block. BlackICE can detect and block over 250 different types of attacks.

The default configuration is Cautious which blocks TCP and UDP ports under number 1024. PUB II hosts a web server, two FTP servers, a POP3 mail server, Telnet services and an SMTP daemon, all of which listen on port numbers under 1024. One alternative was to use Trusting, where no ports are blocked, and rely on BlackICE's ability to detect and block attacks. A better alternative was to use a customized firewall.ini file that allows the use of the Cautious configuration while opening the specific ports we need for proper PUB II operation.

-------------------------BlackICE Defender stops 250 plus dns attacks ----------------------



Post Edited (04-18-07 10:13)

like i said before techno_man. yesterday you where a totally newbie who new nothing, now after a day you think you now everything.

CyberSpatium
----------------------
WAMP English Forum Admin

Need help? Check out my WAMP User Manual/Guide here!

Please visit my latest website Clarify Loans:
clarifyloans.com

CyberSpatium wrote:

> if you have windows 2k3, you should use iis as your webserver
> since it comes with win2k3 and was developed to work with it,
> not apache. it is the much more secure way to go.
>
> you can install php and mysql for win2k3, so why do you need
> apache?
>
Security advised to use Apache, wo we're using Apache

I still have no answer about the "why", since everytime I get the same answer and that is that user:group is different under Linux than Windows. I can accept that it is different, but that's giving me no reason at all why WAMP is insecure...

The server will be tested btw using an internet attack package which is also used for the Linux boxes, so I'm really curious about what the result will be. Of course It won't proof everything if the WAMP server shows no vulnerabilities, but at least if it passes the test, the security department doesn't see a difference with the existing Linux boxes...

Furhermore for the firewall discussion: If you're using a production server, use a production firewall (hardware) or corportate firewall (like WinRoute) on both sides of the server (WAN and LAN)!

thats because computer associates[CA] (makers of etrust ez armor) BOUGHT ZoneAlarms! they actually bought alot of software that most of us are familiar with and trust.....

and as for firewall software....

i know its not 100% secure.... as a hacker in my younger days i used to blow threw alot of firewalls...hardware and software...

Windows ITSELF is a security risk if it is in anyway connected to the internet....

yes NIX installs are more secure than windows but even they have weaknesses....
the most obvious being the "server" side stuff

to tell the truth....the only way to make any system 100% safe is to not own one.....lmao
my 5 year old daughter proved that firewalls like blackice aren't even remotely secure when she screwed my system a few months ago... she connected to a site i was hosting and managed to blow a hole through my connection....dunno how she did it...as i said she's only 5 but that proves that anyone just fooling around with anything on a website might be able to crash the system....

btw...she did this from another computer in the house... and the reason i know it was her is that the server she connected to is on a local area network and is in NO WAY connected to the internet...
its a website i made to make her feel like she was "online" because i dont trust alot of the internet....



A Massive Heart Attack = Computer Crash

I am a member of CAF -&gt; Computer Addicts Forever