[How To] Website Security/Optimize Peformance [Important]
 

-------
Exploit #1 (WebDav)
-------

How do I know if this could apply to me?
Your website and/or website is hosted on your computer, vps, or dedicated server.
To host your server you're using any of the following web servers; XAMPP, WAMPP.
You have apache running on your computer, vps, or dedicated server.

How do I check if this applies to me?

Go to the start menu on your computer, find "Computer". Right click and press "Map Network Drive". For the folder location, enter "http://yourwebsiteorip.com/webdav/". If it connects, and shows a login screen, you're vulnerable to this.

Go to "http://yourwebsiteorip.com/webdav/" in your web browser. If a webdav test page pops up, you're vulnerable to this unless you already did the guide to fix it (suggested you do the top test to be sure).

How do I fix this?

Go into the XAMPP folder located in C:\XAMPP\. Go into apache > conf > extra > httpd-dav.conf (open that file).

Find the following line:

Code:
<Directory "C:/xampp/webdav">
Dav On

Order Allow,Deny
Allow from all
Replace it with the following line:

Code:
<Directory "C:/xampp/webdav">
Dav Off

Order Deny,Allow
Deny from all
Once you've saved the changes, restart your web server and you're set to go.