Bobcares

Secure Wamp Server with ease

by | Sep 21, 2020

Are you trying to secure a wamp server? Take a peek at this blog.

Here at Bobcares, we have seen several such queries related to Wamp Server as part of our Server Management Services for web hosts and online service providers.

Today we’ll take a look at how to secure a wamp server.

 

How to secure a wamp server

Here is the procedure of securing the wamp server. Before we proceed, restart the wamp server after configuration.

 

1. Hide server signature

In order to prevent bad guys from mining the server signature, hide it.

For doing that, open httpd-default.conf file and change the parameters as given below:

ServerSignature Off
ServerTokens Prod

Here, we are setting ServerTokens to Prod so that Apache will set the response headers as simply:

Server: Apache

 

2. Directories/files outside the document root must not be served

Ensure that the directories/files outside the document root (website) are not served. For that, open the httpd.conf file and verify the content of the directory tag is as below:

<Directory/>
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
or
<Directory />
AllowOverride none
Require all denied
</Directory>

<Directory C:/apache2/htdocs>
Order Allow,Deny
Allow from all
</Directory>

The above code assumes the correct document root for your WAMP server is C:/apache2/htdocs/. However, if your document root is different, modify the same in the above code.

 

3. To prevent DoS attacks, reduce time out

To fix Denial of service (DoS) attacks, you need to change the timeout directive within the httpd-default.conf file from the default of 300 to 60. Access the httpd-default.conf file and search the below code:

TimeOut 300

and change it to:

TimeOut 60

Now, restart the Apache services.

 

4. Set MySQL password

By default, the MySQL set in the Wamp Servers come with no password. Here are the steps to set the password:

  • First, left-click the WAMP icon in the system tray.
  • Now select MySQL followed by accessing MySQL console.
  • After the console window opens and asks for a password, hit enter.
  • Now from the command line, enter SET PASSWORD FOR root@localhost=PASSWORD(‘password’); (password is the new password to be set).
  • Finally, hit enter.

If the password change is successfully done, then you will see a query OK. Close the MySQL console window and access it again.

Now when you are prompted for a password, enter the password and you must land at the MySQL prompt.

 

5. Change folder permissions in your website

The folders must have Read and Execute permissions excluding only some folders must have Write permissions.

In order to check what user runs Apache, open Windows Task Manager, and click the Details tab. In the User name column, you can see the user. Usually, it will be the SYSTEM user.

 

6. Set phpMyAdmin password

In order to set the password, edit the phpMyAdmin config file.

Open the file C:\wamp\apps\phpmyadmin3.2.0.1\config.inc.php.

Replace these four lines:

$cfg[‘Servers’][$i][‘auth_type’] = ‘config’;
$cfg[‘Servers’][$i][‘user’] = ‘root’;
$cfg[‘Servers’][$i][‘password’] = ”;
$cfg[‘Servers’][$i][‘AllowNoPassword’] = true;

with these lines given below:

$cfg[‘Servers’][$i][‘auth_type’] = ‘http’;
$cfg[‘Servers’][$i][‘user’] = ”;
$cfg[‘Servers’][$i][‘password’] = ”;
$cfg[‘Servers’][$i][‘AllowNoPassword’] = false;
$cfg[‘Servers’][$i][‘LogoutURL’] = ‘http://localhost/’;

Here we’ve changed ‘auth type’ from ‘config’ to ‘http’ which is more secure. Also, we changed ‘AllowNoPasswordRoot’ from true to false. The result will be a login dialog box when you go to phpmyadmin.

Finally, we added a line to set a LogOutURL so that you land on a new page i.e a exit page after clicking on the ‘Exit’.

 

7. MySQL configuration in C:\wamp\bin\mysql\mysql5.1.36\my.ini

Add a bind-address to limit who MySQL listens to, and we can change the port it listens at.

[mysqld]
port=3306 (can change to any other port)
bind-address=127.0.0.1

Finally, this way we have secured the Wamp Server.

[Need any further assistance with Wamp queries? – We are here to help you.]

 

Conclusion

In today’s writeup, we saw how to secure a wamp server

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

1 Comment

  1. Tim

    Thank you.

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF