Are you trying to secure a wamp server? Take a peek at this blog.
Here at Bobcares, we have seen several such queries related to Wamp Server as part of our Server Management Services for web hosts and online service providers.
Today we’ll take a look at how to secure a wamp server.
How to secure a wamp server
Here is the procedure of securing the wamp server. Before we proceed, restart the wamp server after configuration.
1. Hide server signature
In order to prevent bad guys from mining the server signature, hide it.
For doing that, open httpd-default.conf file and change the parameters as given below:
ServerSignature Off
ServerTokens Prod
Here, we are setting ServerTokens to Prod so that Apache will set the response headers as simply:
Server: Apache
2. Directories/files outside the document root must not be served
Ensure that the directories/files outside the document root (website) are not served. For that, open the httpd.conf file and verify the content of the directory tag is as below:
<Directory/>
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
or
<Directory />
AllowOverride none
Require all denied
</Directory>
<Directory C:/apache2/htdocs>
Order Allow,Deny
Allow from all
</Directory>
The above code assumes the correct document root for your WAMP server is C:/apache2/htdocs/. However, if your document root is different, modify the same in the above code.
3. To prevent DoS attacks, reduce time out
To fix Denial of service (DoS) attacks, you need to change the timeout directive within the httpd-default.conf file from the default of 300 to 60. Access the httpd-default.conf file and search the below code:
TimeOut 300
and change it to:
TimeOut 60
Now, restart the Apache services.
4. Set MySQL password
By default, the MySQL set in the Wamp Servers come with no password. Here are the steps to set the password:
- First, left-click the WAMP icon in the system tray.
- Now select MySQL followed by accessing MySQL console.
- After the console window opens and asks for a password, hit enter.
- Now from the command line, enter SET PASSWORD FOR root@localhost=PASSWORD(‘password’); (password is the new password to be set).
- Finally, hit enter.
If the password change is successfully done, then you will see a query OK. Close the MySQL console window and access it again.
Now when you are prompted for a password, enter the password and you must land at the MySQL prompt.
5. Change folder permissions in your website
The folders must have Read and Execute permissions excluding only some folders must have Write permissions.
In order to check what user runs Apache, open Windows Task Manager, and click the Details tab. In the User name column, you can see the user. Usually, it will be the SYSTEM user.
6. Set phpMyAdmin password
In order to set the password, edit the phpMyAdmin config file.
Open the file C:\wamp\apps\phpmyadmin3.2.0.1\config.inc.php.
Replace these four lines:
$cfg[‘Servers’][$i][‘auth_type’] = ‘config’;
$cfg[‘Servers’][$i][‘user’] = ‘root’;
$cfg[‘Servers’][$i][‘password’] = ”;
$cfg[‘Servers’][$i][‘AllowNoPassword’] = true;
with these lines given below:
$cfg[‘Servers’][$i][‘auth_type’] = ‘http’;
$cfg[‘Servers’][$i][‘user’] = ”;
$cfg[‘Servers’][$i][‘password’] = ”;
$cfg[‘Servers’][$i][‘AllowNoPassword’] = false;
$cfg[‘Servers’][$i][‘LogoutURL’] = ‘http://localhost/’;
Here we’ve changed ‘auth type’ from ‘config’ to ‘http’ which is more secure. Also, we changed ‘AllowNoPasswordRoot’ from true to false. The result will be a login dialog box when you go to phpmyadmin.
Finally, we added a line to set a LogOutURL so that you land on a new page i.e a exit page after clicking on the ‘Exit’.
7. MySQL configuration in C:\wamp\bin\mysql\mysql5.1.36\my.ini
Add a bind-address to limit who MySQL listens to, and we can change the port it listens at.
[mysqld]
port=3306 (can change to any other port)
bind-address=127.0.0.1
Finally, this way we have secured the Wamp Server.
[Need any further assistance with Wamp queries? – We are here to help you.]
Conclusion
In today’s writeup, we saw how to secure a wamp server
Thank you.