Page 1 of 1
Securing Apache 2.2 on Windows XP
Posted: Wed Mar 26, 2008 11:53 am
by seodevhead
Hey guys...
I just installed Apache 2.2 on Windows XP and want to make sure I don't have many security exploits available to any hackers out there. So I set my Listen directive in httpd.conf to 'Listen 127.0.0.1:80'.
Since it seems that Apache uses Port 80... I thought perhaps I would set up my home router to block port 80... is that smart? I know nothing about how ports work, nor if blocking port 80 would make anything more secure, or if I'd be messing up other stuff that may use port 80 (do other things use port 80?). Just thought I'd ask to see if any of you know a thing or two about this stuff.
Any other recommendations for securing WAMP? I set my router to block port 3306 to prevent any MySQL exploits.
Re: Securing Apache 2.2 on Windows XP
Posted: Wed Mar 26, 2008 1:20 pm
by timvw
Imho, your router should be set up to deny all (incoming) connections... Only when you consider it absolutely necessary you should pinch holes to allow a specific type of traffic....
Re: Securing Apache 2.2 on Windows XP
Posted: Wed Mar 26, 2008 2:01 pm
by seodevhead
Really? That would be good. I use a Comcast gateway router... all our computers are wired. Do you know of a way to check and make sure all incoming connections are blocked? Thanks.
Re: Securing Apache 2.2 on Windows XP
Posted: Wed Mar 26, 2008 10:09 pm
by Doug G
all our computers are wired. Do you know of a way to check and make sure all incoming connections are blocked?
www.grc.com has an online checker for open ports.
Re: Securing Apache 2.2 on Windows XP
Posted: Thu Mar 27, 2008 7:32 am
by seodevhead
Hey Doug... man that is a really cool website.. thanks for the link.
I only failed one thing:
Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.
Icouldn't find anything on that website explaining what one should do if you fail this particular test. Since I am on a Comcast High-Speed Router... I'm not even sure if this is something I can do. Any idea how I would go abotu turning off ping reply? Thanks for your help.
Re: Securing Apache 2.2 on Windows XP
Posted: Fri Mar 28, 2008 4:33 pm
by Doug G
ping is a tool to test connectivity from end to end using ICMP echo. I enable ping replies in remote sites I manage, but some prefer to disable ping replies to keep scanners from determining that there is some live server at the IP. For myself, I need to be able to tell if a remote site has died, so I need ping to function. If the rest of your security is under control, imho there is no risk in allowing ping replies from your site.
Re: Securing Apache 2.2 on Windows XP
Posted: Fri Mar 28, 2008 7:08 pm
by seodevhead
Hey Doug...
Well this is just a development server that isn't meant to be seen from the outside world. That's why I'm trying to take all the measures I can to make sure I'm not "putting myself out there" for mal-intents.