Security for WAMP installations?

There’s been a lot of discussion about how to set up WPMU on LAMP servers, but I haven’t found any tips for making sure security is set up correctly on a Windows box. I’m running XAMPP and I’d appreciate any suggestions.

  • drmike
    • DEV MAN’s Mascot

    Ditto.

    Google’ing pulls up tutorials on the subject though.

    Reference: http://www.example.com/search?q=xampp+security

    Example: http://robsnotebook.com/xampp-security-hardening

    If you’re in one of the larger datacenters, many of them have their own support forums where folks share tutorials. That may be one place to look.

    For example, ev1/theplanet: http://forum.ev1servers.net/

    http://forums.theplanet.com/index.php?s=cc72df6dda338dd3943d8fc090ece64c&showtopic=89123

  • David
    • The Crimson Coder

    Sorry, perhaps I wasn’t clear. I’ve seen Google before and it’s quite helpful.

    I also understand basic XAMPP security. That said, on this site there’s a tutorial for various appropriate settings for things like the wp-content directory that uses *nix-like permissions, and I didn’t know if there was a best-practices for doing something similar with Windows.

    I can certainly guess the Windows equivalent of the *nix permissions, but guessing isn’t why I’m here.

  • drmike
    • DEV MAN’s Mascot

    Ditto I’m afraid. I hate to sound egotistical and if you know me, I do my best to see all sides of an issue, but we’re a completely FreeBSD setup. I’ve had a single Windows box online and that was back in 96-ish.

    At the very least, firewalls and backups. The firewall to keep out the kiddie scripters and backups just in case something does go wrong. I’m sure you realize that already though.

  • airfoil
    • Site Builder, Child of Zeus

    Never used it. Can’t vouch for it. But you might want to check out a piece of freeware called CHMOD-Win 3.0:

    http://neosmart.net/dl.php?id=4

    From the description:

    Windows and Linux have many things in common, but the one thing they don’t can be a catastrophe: ACL security, the ability to lock certain users/groups out of a file or folder and grant permissions at whim. Windows uses ACL, Linux uses CHMOD, and many users are stuck with directions for one or the other, and have no idea what to do. That’s where CHMOD-Win comes in. With CHMOD-Win, users have but to click a button, and CHMOD is suddenly available on Windows, and ACL on Linux. It just works!

    CHMOD-Win offers an ingenious way to keep your servers safe, and best of all, it’s free too. With CHMOD-Win, your data is safe, and it takes nothing at all to keep it that way!

    FWIW…

  • David
    • The Crimson Coder

    Well, ok. I’m not going to get into Win vs. Linux either, otherwise we’d eventually all have to put up with the Mac people, and you know how they can get!

    The CHMOD-Win tool looks potentially fun, especially if it matches the Linux settings. I use cygwin with xampp, and we get pretty close. But I’m also moving a set of sites that started on Mac back in the 90s, moved to Linux, and then to Windows when Linux died hard and very, very messily.

    The good thing about Windows is that it’s never, in 9 years and probably a billion page feeds, catastrophically lost data. Of course, we have excellent backup and firewall solutions (using big, expensive boxes provided by our co-lo provider).

    Thanks, anyway.

  • Andrew
    • Champion of Loops

    Definitely not trying to get into a Windows vs. Linux debate :wink:

    I’m just saying that none of us here at Incsub run live WPMU or even WP sites on Windows. So I’m afraid we can’t offer advice on security. It would be like a Mac person providing Windows advice :wink:

    Thanks,

    Andrew

  • David
    • The Crimson Coder

    No prob. For what it’s worth, I’ve got a long time running affection for FreeBSD, ever since I was at Berkeley back in the days the original 4.1 BSD was being developed. I’d never get in the middle of one of those debates. Besides the Mac guys always win the debates after they lay on the floor, start flailing their legs, and screaming and crying until the rest of us give in!