Hello,
I am pretty happy how my wamp is running now, but still feeling I need to set something better - secure better if possible.
I started to get messages from Defender that there were multiple attempts to attack with trojans and backdoors and that the threat was removed.
All the time same scenario - somehow the bad guys are trying to upload files into wamp tmp dir but I did not figure out how from all the logs I am collecting.
As an example:
wamp\tmp\phpE865.tmp
wamp\tmp\php96AA.tmp
wamp\tmp\phpF0EC.tmp->[EmbeddedEnc]
wamp\tmp\php9EA3.tmp
and many others...
First what came into my mind that these files are successfully uploaded into wamp tmp through some virtual host running on server.
But although I am logging many things I was unable to find how the file was uploaded.
And I believe make wamp tmp read-only is not an option as wamp need rw access there.
Please any suggestion how wamp can tell me how these bad files were uploaded to tmp and possible to find a way how to properly restrict this but not affect running virtual hosts from their proper run?
Thank you.
I am pretty happy how my wamp is running now, but still feeling I need to set something better - secure better if possible.
I started to get messages from Defender that there were multiple attempts to attack with trojans and backdoors and that the threat was removed.
All the time same scenario - somehow the bad guys are trying to upload files into wamp tmp dir but I did not figure out how from all the logs I am collecting.
As an example:
wamp\tmp\phpE865.tmp
wamp\tmp\php96AA.tmp
wamp\tmp\phpF0EC.tmp->[EmbeddedEnc]
wamp\tmp\php9EA3.tmp
and many others...
First what came into my mind that these files are successfully uploaded into wamp tmp through some virtual host running on server.
But although I am logging many things I was unable to find how the file was uploaded.
And I believe make wamp tmp read-only is not an option as wamp need rw access there.
Please any suggestion how wamp can tell me how these bad files were uploaded to tmp and possible to find a way how to properly restrict this but not affect running virtual hosts from their proper run?
Thank you.