[How To] Website Security/Optimize Peformance [Important]
-------
Exploit #1 (WebDav)
-------
How do I know if this could apply to me?
Your website and/or website is hosted on your computer, vps, or dedicated server.
To host your server you're using any of the following web servers; XAMPP, WAMPP.
You have apache running on your computer, vps, or dedicated server.
How do I check if this applies to me?
Go to the start menu on your computer, find "Computer". Right click and press "Map Network Drive". For the folder location, enter "http://yourwebsiteorip.com/webdav/". If it connects, and shows a login screen, you're vulnerable to this.
Go to "http://yourwebsiteorip.com/webdav/" in your web browser. If a webdav test page pops up, you're vulnerable to this unless you already did the guide to fix it (suggested you do the top test to be sure).
How do I fix this?
Go into the XAMPP folder located in C:\XAMPP\. Go into apache > conf > extra > httpd-dav.conf (open that file).
Find the following line:
Code:
<Directory "C:/xampp/webdav">
Dav On
Order Allow,Deny
Allow from all
Replace it with the following line:
Code:
<Directory "C:/xampp/webdav">
Dav Off
Order Deny,Allow
Deny from all
Once you've saved the changes, restart your web server and you're set to go.
|