{"id":33,"date":"2007-08-20T12:15:36","date_gmt":"2007-08-20T10:15:36","guid":{"rendered":"http:\/\/blog.robinward.com\/?p=33"},"modified":"2013-08-15T15:18:23","modified_gmt":"2013-08-15T14:18:23","slug":"windows-services-cough","status":"publish","type":"post","link":"https:\/\/robinward.com\/?p=33","title":{"rendered":"Windows + XAMPP + NOOB + WEB = *cough*"},"content":{"rendered":"<p><strong>Note: The initial IP and Domain have been replaced by x.x.x.y in order to spare the shame and keeping anybody from doing something stupid \ud83d\ude09<\/strong><\/p>\n<p>Today i ran a routine check on my Apache logs&#8230;.the same as usual&#8230;<\/p>\n<p>[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: \/var\/www\/mysqladmin<br \/>\n[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: \/var\/www\/db<br \/>\n[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: \/var\/www\/dbadmin<br \/>\n[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: \/var\/www\/web<br \/>\n[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: \/var\/www\/phpmyadmin2<br \/>\n[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: \/var\/www\/phpmyadmin1<br \/>\n[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: \/var\/www\/phpadmin<br \/>\n[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: \/var\/www\/myadmin<br \/>\n[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: \/var\/www\/phpMyAdmin-2.2.3<br \/>\n[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: \/var\/www\/phpMyAdmin-2.5.6<br \/>\n[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: \/var\/www\/phpMyAdmin-2.5.7-pl1<\/p>\n<p>&#8230;<\/p>\n<p>This goes on forever &#8230; big deal&#8230;.<\/p>\n<p>But the host was pretty aggressive so i decided to take a closer look:<\/p>\n<p>traceroute x.x.x.y<\/p>\n<p>&#8230;.<\/p>\n<p>7 somebody.something.net (bla.bla.bla.bla)  18.017 ms  17.852 ms  17.231 ms<br \/>\n8 somedomain.de (x.x.x.y)  16.701 ms  16.391 ms  16.322 ms<\/p>\n<p>So i take a look at somedomain.de and find this:<\/p>\n<p><a href=\"http:\/\/robinward.com\/wp-content\/uploads\/2007\/08\/lol1.jpg\" title=\"lol1.jpg\"><img decoding=\"async\" src=\"http:\/\/robinward.com\/wp-content\/uploads\/2007\/08\/lol1.thumbnail.jpg\" alt=\"lol1.jpg\" \/><\/a><\/p>\n<p>Looks like someones Windows Server was compromised or so to say&#8230;. <strong>owned<\/strong>.<\/p>\n<p><strong>Conclusion:<\/strong> Dont use XAMMP on the web, it may be superb for testing your stuff before sending it to the real world but not meant to survive in hazardous environments, especially with Windows up your back&#8230;<\/p>\n<p>The least thing you could do is make sure your webservices aren&#8217;t running on blank or default passwords!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Note: The initial IP and Domain have been replaced by x.x.x.y in order to spare the shame and keeping anybody from doing something stupid \ud83d\ude09 Today i ran a routine check on my Apache logs&#8230;.the same as usual&#8230; [Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: \/var\/www\/mysqladmin [Mon Aug 20 07:36:43 &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/robinward.com\/?p=33\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Windows + XAMPP + NOOB + WEB = *cough*&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"class_list":["post-33","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/robinward.com\/index.php?rest_route=\/wp\/v2\/posts\/33","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/robinward.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/robinward.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/robinward.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/robinward.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=33"}],"version-history":[{"count":1,"href":"https:\/\/robinward.com\/index.php?rest_route=\/wp\/v2\/posts\/33\/revisions"}],"predecessor-version":[{"id":812,"href":"https:\/\/robinward.com\/index.php?rest_route=\/wp\/v2\/posts\/33\/revisions\/812"}],"wp:attachment":[{"href":"https:\/\/robinward.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=33"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/robinward.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=33"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/robinward.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=33"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}