Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Stop using XAMPP

Junior Spellweaver
Joined
Jul 29, 2007
Messages
134
Reaction score
301
Over the many years of developing WebEngine CMS for MuOnline servers one of my primary goals when dealing with clients was to make sure they stopped using XAMPP for their production websites and moved to Linux.

WebEngine CMS is a hobby for me, coding a couple of hours a day on a project I started many years ago helps me strengthen my programming skills and clears my mind. Slowly but steadily every day I am getting closer to achieving my goal with my project, which is to create a CMS and micro-framework that is easy to install, rich in features for experienced and non-experienced coders, reliable and fast website for Mu servers.

Through the years, many people have asked me why I don’t give full support to those running the CMS in Windows, specifically XAMPP. The reason is very simple, quoting directly from XAMPP’s Wikipedia page and their website:



Officially, XAMPP's designers intended it for use only as a development tool, to allow website designers and programmers to test their work on their own computers without any access to the Internet. To make this as easy as possible, many important security features are disabled by default. XAMPP has the ability to serve web pages on the World Wide Web. A special tool is provided to password-protect the most important parts of the package. –Wikipedia



XAMPP is not meant for production use but only for development environments. XAMPP is configured to be open as possible to allow the developer anything he/she wants. For development environments, this is great but in a production environment, it could be fatal. –Apachefriends



XAMPP is meant to be used as a development tool, not intended to be used for production websites! This statement comes directly from XAMPP’s website, Wikipedia’s page and from many other programming/development websites where people have asked about it.

Fact is, it is completely possible to make XAMPP a fully secured platform for production websites, but it’s a complete loss of time as you would have to do it every time you needed to upgrade your web services. While I understand that using it in the same server where you have your MuOnline server helps you save a few bucks by not having to pay for a web hosting account or VPS, in the long-term you are putting your server at risk.


Having your website in the same server as your MuOnline server is probably the worst idea ever. No matter how good and secure any website is, you should always consider it to be an open door for hackers to come in and mess up with your server and database, so always keep an eye on it and monitor as much as you can. By hosting your website in an external server you can easily block all its access to your database in case of emergency, plus if some kid decides to DDoS your site, it’s only your site that will go down and not your entire server. While it is possible to target the attack to your servers directly, most of the times these attacks are targeted at your website.



So, what alternative do I recommend?

My primary recommendation is to get a VPS and install the web services you need individually. Some of you might think this is way too difficult, but with little practice you can master it in no time. Cost wise, you can find VPS providers for insanely cheap and with excellent infrastructure, such an example would be RamNode with VPS servers starting from $5 dollars a month. By using a VPS you are in full control over all the services installed in your webserver, this translates to better security and performance.

Now, you might think that having to manage every aspect of the VPS through SSH with commands is just something you don’t want to deal with, well, there are plenty of system administration interfaces for Unix out there, the one I always use and recommend is Webmin. With Webmin you can fully manage your server through a super clean and simple interface, do all the necessary monitoring to keep your websites safe at all times.

If you just don’t want to deal with commands and stuff you can always go for a web hosting (shared) account that will allow you to connect to your database through port 1433 remotely, which most if not all of the hosts out there allow it if you just nicely ask them to whitelist your server IP.



Lastly, if you are not familiarized with how all this web stuff works then create a virtual machine using software like VirtualBox and get yourself a copy of CentOS 7 and try installing a production server. This is great for practicing and making sure everything works the way you want it to. Heck, even installing Apache and PHP individually in windows will be better than going with XAMPP in case you totally don’t want to go with Linux.

The point of this little essay of mine is to enlighten you to go for the better options out there. In my opinion, what makes a server fail is the lack of dedication. And if you’re just in no way capable of properly managing your web services then get someone who can, someone you can trust will do a quality work for you and not just do it for a quick buck.



I hope this helps you with your future projects!



Resources:

VirtualBox


CentOS (VirtualBox ready)


Webmin Installation:


Installing Apache & PHP:


ConfigServer Security & Firewall Installation:


SELinux Rewrite Permissions:


SELinux Allow HTTPD Network Connect:


CentOS 7 Opening a Firewall Port:


Webmin Virtual Hosts Tutorial:




Services:

RamNode:


IntoVPS:


NFO Servers:


CrocWeb (shared-hosting):


SoftSysHosting (shared, vps):




References:

 
Last edited:
Junior Spellweaver
Joined
Jul 29, 2007
Messages
134
Reaction score
301
Honestly, I wouldn't advise people to use apache as a HTTP server. I recommend everyone to use NGINX, since it's a lot more light weighted and easy to manage.

See
Both are great, each have their pro's and con's.
 
Junior Spellweaver
Joined
Jul 29, 2007
Messages
134
Reaction score
301
i asked it and they "did" it, but connection never worked. they said me that the problem was my server's end. and it wasn't the problem because when ticket was opened, my website was working fine with another host. so...

I have one of my demos hosted on Crocweb and it working perfectly, so if they did whitelist your IP then the issue is definitely on your end.
 
Newbie Spellweaver
Joined
Aug 18, 2016
Messages
28
Reaction score
4
Installing CentOS is also a concern, not a description of the strong sources. For example, I installed a php and apache installation. I do not know why it would not be possible to solve cron jobs. It is difficult for a simple field user to solve this. It's all right for you.
 
Junior Spellweaver
Joined
Jul 29, 2007
Messages
134
Reaction score
301
@mumeister It's very easy to setup a basic CentOS webserver, you just have to read some tutorials and play with some VM's and you'll learn in no time.
 
The Supreme King
Loyal Member
Joined
Jun 11, 2012
Messages
1,199
Reaction score
255
If you hate xmapp so much is your problems but it does not mean you have to force the world not to use xampp because that's what you want

Each user has the right to use what he wants if he wants to use an older xampp or the latest version is his problem,if I want to use sql server 2000 or the latest version it's my problem does not concern anyone

So spare me with this information
 
Last edited:
Junior Spellweaver
Joined
Jul 29, 2007
Messages
134
Reaction score
301
@Masteru You clearly didn't read the whole post; or if you did, you definitely missed the main point of it. I do not force anyone to not use XAMPP, what I'm saying here is that it is not meant to be used for production websites, the developers of XAMPP themselves say so. I am here recommending a better, more secure solution to use as webserver.

I don't hate XAMPP, I've used it many times when I need a quick development/testing environment.
 
"(still lacks brains)"
Loyal Member
Joined
Sep 2, 2011
Messages
2,371
Reaction score
1,361
@Masteru You clearly didn't read the whole post; or if you did, you definitely missed the main point of it. I do not force anyone to not use XAMPP, what I'm saying here is that it is not meant to be used for production websites, the developers of XAMPP themselves say so. I am here recommending a better, more secure solution to use as webserver.

I don't hate XAMPP, I've used it many times when I need a quick development/testing environment.

People who fail to realise that XAMPP is a pile of poop or don't do the research into what's best for their server security and performance are just setting themselves up for a world of pain in the future.

Besides, you shouldn't be supporting the configuration of their server at all. You should be supporting the CMS itself and bug fixing for it. It's your choice though, you can only recommend things. Personally, I'd just focus on CMS development and bug fixing rather than providing support for their broken or poorly configured environments.
 
The Supreme King
Loyal Member
Joined
Jun 11, 2012
Messages
1,199
Reaction score
255
People who fail to realise that XAMPP is a pile of poop or don't do the research into what's best for their server security and performance are just setting themselves up for a world of pain in the future.

Besides, you shouldn't be supporting the configuration of their server at all. You should be supporting the CMS itself and bug fixing for it. It's your choice though, you can only recommend things. Personally, I'd just focus on CMS development and bug fixing rather than providing support for their broken or poorly configured environments.

Let me understand what you said [XAMPP is a pile of poop] seriously and how did you figure it out ? or is because many do not like it CMS each user has the right to use what he wants correct

I use two versions for many years and I had no problems with hackers at all xampp-win32-1.7.1-installer and xampp-win32-1.7.7-VC9-installer etc

Now it's up to you how you make your security: secure your xampp/secure your muweb/secure your Exdb from muserver/secure your sql server and you can attack as many times as you want, you will not do nothing It does not matter how advanced you are

But if you have security but very weak then the attack will work 100% then your fault belongs to you
 

cMu

Elite Diviner
Joined
Jan 8, 2017
Messages
427
Reaction score
133
People who fail to realise that XAMPP is a pile of poop or don't do the research into what's best for their server security and performance are just setting themselves up for a world of pain in the future.

Besides, you shouldn't be supporting the configuration of their server at all. You should be supporting the CMS itself and bug fixing for it. It's your choice though, you can only recommend things. Personally, I'd just focus on CMS development and bug fixing rather than providing support for their broken or poorly configured environments.

I don't know who mess up with your head but xampp is good for running active websites, it's really easy also to config php version and do WHAT EVER I WANT because it's NOT web hosting or something else, and I'm saying it with experience of xampp and web hosting. I didn't have problems with hackers or something else, if your website secure its all good.
 
"(still lacks brains)"
Loyal Member
Joined
Sep 2, 2011
Messages
2,371
Reaction score
1,361
I don't know who mess up with your head but xampp is good for running active websites, it's really easy also to config php version and do WHAT EVER I WANT because it's NOT web hosting or something else, and I'm saying it with experience of xampp and web hosting. I didn't have problems with hackers or something else, if your website secure its all good.

And I'm saying "XAMPP is a pile of poop" with almost a decade of server administration and software development experience. Apache is terrible for modern websites. XAMPP uses Apache. To quote the XAMPP homepage itself: "XAMPP is the most popular PHP development environment". You can also do whatever you want, more so than what XAMPP can provide, by building the stack yourself rather than relying on pre-build packages like XAMPP or WAMP.
 
Last edited:
Retired
Loyal Member
Joined
May 5, 2007
Messages
497
Reaction score
665
And I'm saying "XAMPP is a pile of poop" with almost a decade of server administration and software development experience. Apache is terrible for modern websites. XAMPP uses Apache. To quote the XAMPP homepage itself: "XAMPP is the most popular PHP development environment". You can also do whatever you want, more so than what XAMPP can provide, by building the stack yourself rather than relying on pre-build packages like XAMPP or WAMP.

The better argument is that XAMPP is not meant for production environment. Period. You can argue as much as you want how secure your setup is, but XAMPP is still not meant for production environment because of security reasons. Is anyone preventing you from doing this? No, it is a free world, you can do whatever you want. Should you do it? No. You are free to put up whatever stack you want. Knowing that you *knowingly* goes against pretty clear security advice from the XAMPP developers themselves gives me the impression that you 1) don't have a good understanding of computer security in general 2) lack the skills to administrate a very basic LAMP stack despite the fact there are dozen of step-by-step tutorials on how to do this. In other words, I will gladly stay away from your websites :)

To put things in perspective: Can you host your website on a Windows XP host machine? This is entirely possible, nobody is preventing you from doing this. Should you do it? No. Just because you can do something, doesn't prevent you from doing it.

Another thing is, why does nobody mention Docker in this thread? :)
 
The Supreme King
Loyal Member
Joined
Jun 11, 2012
Messages
1,199
Reaction score
255
And I'm saying "XAMPP is a pile of poop" with almost a decade of server administration and software development experience. Apache is terrible for modern websites. XAMPP uses Apache. To quote the XAMPP homepage itself: "XAMPP is the most popular PHP development environment". You can also do whatever you want, more so than what XAMPP can provide, by building the stack yourself rather than relying on pre-build packages like XAMPP or WAMP.

How much experience did you say you had ? do not make me laugh xampp is very good and you have no problem with hackers [Stop lying] I know from experience because I used for years

Modern website from 2017 is terrible for hard install to hard to use and many do not want that

They want something easy to install and easy to use you do not have to be next Albert Einstein just to use a advanced website
 
Last edited:
"(still lacks brains)"
Loyal Member
Joined
Sep 2, 2011
Messages
2,371
Reaction score
1,361
How much experience did you say you had ? do not make me laugh xampp is very good
Well since you honestly think that, you and anyone who agrees with you are a lost cause.
Modern website from 2017 is terrible for hard install to hard to use and many do not want that

Difficult for some? Yes. It is entirely worth it though.
They want something easy to install and easy to use you do not have to be next Albert Einstein just to use a advanced website

Then like I have said before, they are setting themselves up for a world of pain in the future.
 
"(still lacks brains)"
Loyal Member
Joined
Sep 2, 2011
Messages
2,371
Reaction score
1,361
My Friend you are a lost cause If you do not want to understand what I have said now is true 100%

You quite literally have to be a moron to use a development environment focused product, XAMPP, in a production environment. On top of that Apache, of all things, Apache. I may as well be talking to a brick wall...
 
The Supreme King
Loyal Member
Joined
Jun 11, 2012
Messages
1,199
Reaction score
255
You quite literally have to be a moron to use a development environment focused product, XAMPP, in a production environment. On top of that Apache, of all things, Apache. I may as well be talking to a brick wall...

That's your opinion about xampp I know what I'm talking about as I said, I used it for years and I had no problems with hackers

It matters to have secure xampp and good security for website and you have no problems :rolleyes:
 
Back
Top