Stop using XAMPP

Page 1 of 2 12 LastLast
Results 1 to 15 of 30
  1. #1
    Hardcore Member Lautaro is offline
    MemberRank
    Jul 2007 Join Date
    CaliforniaLocation
    107Posts

    talk Stop using XAMPP


    RaGEZONE Recommends

    RaGEZONE Recommends

    Over the many years of developing WebEngine CMS for MuOnline servers one of my primary goals when dealing with clients was to make sure they stopped using XAMPP for their production websites and moved to Linux.

    WebEngine CMS is a hobby for me, coding a couple of hours a day on a project I started many years ago helps me strengthen my programming skills and clears my mind. Slowly but steadily every day I am getting closer to achieving my goal with my project, which is to create a CMS and micro-framework that is easy to install, rich in features for experienced and non-experienced coders, reliable and fast website for Mu servers.

    Through the years, many people have asked me why I don’t give full support to those running the CMS in Windows, specifically XAMPP. The reason is very simple, quoting directly from XAMPP’s Wikipedia page and their website:



    Officially, XAMPP's designers intended it for use only as a development tool, to allow website designers and programmers to test their work on their own computers without any access to the Internet. To make this as easy as possible, many important security features are disabled by default. XAMPP has the ability to serve web pages on the World Wide Web. A special tool is provided to password-protect the most important parts of the package. –Wikipedia


    XAMPP is not meant for production use but only for development environments. XAMPP is configured to be open as possible to allow the developer anything he/she wants. For development environments, this is great but in a production environment, it could be fatal. –Apachefriends


    XAMPP is meant to be used as a development tool, not intended to be used for production websites! This statement comes directly from XAMPP’s website, Wikipedia’s page and from many other programming/development websites where people have asked about it.

    Fact is, it is completely possible to make XAMPP a fully secured platform for production websites, but it’s a complete loss of time as you would have to do it every time you needed to upgrade your web services. While I understand that using it in the same server where you have your MuOnline server helps you save a few bucks by not having to pay for a web hosting account or VPS, in the long-term you are putting your server at risk.


    Having your website in the same server as your MuOnline server is probably the worst idea ever. No matter how good and secure any website is, you should always consider it to be an open door for hackers to come in and mess up with your server and database, so always keep an eye on it and monitor as much as you can. By hosting your website in an external server you can easily block all its access to your database in case of emergency, plus if some kid decides to DDoS your site, it’s only your site that will go down and not your entire server. While it is possible to target the attack to your servers directly, most of the times these attacks are targeted at your website.



    So, what alternative do I recommend?

    My primary recommendation is to get a VPS and install the web services you need individually. Some of you might think this is way too difficult, but with little practice you can master it in no time. Cost wise, you can find VPS providers for insanely cheap and with excellent infrastructure, such an example would be RamNode with VPS servers starting from $5 dollars a month. By using a VPS you are in full control over all the services installed in your webserver, this translates to better security and performance.

    Now, you might think that having to manage every aspect of the VPS through SSH with commands is just something you don’t want to deal with, well, there are plenty of system administration interfaces for Unix out there, the one I always use and recommend is Webmin. With Webmin you can fully manage your server through a super clean and simple interface, do all the necessary monitoring to keep your websites safe at all times.

    If you just don’t want to deal with commands and stuff you can always go for a web hosting (shared) account that will allow you to connect to your database through port 1433 remotely, which most if not all of the hosts out there allow it if you just nicely ask them to whitelist your server IP.



    Lastly, if you are not familiarized with how all this web stuff works then create a virtual machine using software like VirtualBox and get yourself a copy of CentOS 7 and try installing a production server. This is great for practicing and making sure everything works the way you want it to. Heck, even installing Apache and PHP individually in windows will be better than going with XAMPP in case you totally don’t want to go with Linux.

    The point of this little essay of mine is to enlighten you to go for the better options out there. In my opinion, what makes a server fail is the lack of dedication. And if you’re just in no way capable of properly managing your web services then get someone who can, someone you can trust will do a quality work for you and not just do it for a quick buck.



    I hope this helps you with your future projects!



    Resources:

    VirtualBox
    https://www.virtualbox.org/

    CentOS (VirtualBox ready)
    CentOS VM Images for VMware & VirtualBox

    Webmin Installation:
    Webmin

    Installing Apache & PHP:
    https://www.if-not-true-then-false.c...-red-hat-rhel/

    ConfigServer Security & Firewall Installation:
    https://download.configserver.com/csf/install.txt

    SELinux Rewrite Permissions:
    https://stackoverflow.com/questions/...mission-denied

    SELinux Allow HTTPD Network Connect:
    https://wiki.centos.org/TipsAndTricks/SelinuxBooleans

    CentOS 7 Opening a Firewall Port:
    https://stackoverflow.com/questions/...-firewall-port

    Webmin Virtual Hosts Tutorial:
    http://tutorials.securesignup.net/vp...th-webmin.html



    Services:

    RamNode:
    https://ramnode.com/

    IntoVPS:
    https://intovps.com/

    NFO Servers:
    http://www.nfoservers.com/

    CrocWeb (shared-hosting):
    https://www.crocweb.com

    SoftSysHosting (shared, vps):
    https://www.softsyshosting.com/



    References:

    Last edited by Lautaro; 20-07-17 at 08:45 AM. Reason: spelling
    WebEngine GitHub
    WebEngine Official Support Forum
    WebEngine Issue Report

    [Gamez Network]
    (founder)

    If you're reading this you've wasted 7 seconds of
    your life that you'll never get back.


  2. #2
    MMO Supervisor Biesmen is offline
    SupervisorRank
    Apr 2007 Join Date
    2,098Posts

    Re: Stop using XAMPP

    Honestly, I wouldn't advise people to use apache as a HTTP server. I recommend everyone to use NGINX, since it's a lot more light weighted and easy to manage.

    See https://www.nginx.com/resources/wiki...ty/why_use_it/
    Forum Rules | Account Support | Subscribe
    RaGEZONE Facebook

    "The reason why people give up so fast is because they tend to look at how far they still have to go, instead of how far they have gotten."

  3. #3
    Hardcore Member Lautaro is offline
    MemberRank
    Jul 2007 Join Date
    CaliforniaLocation
    107Posts

    Re: Stop using XAMPP

    Quote Originally Posted by Biesmen View Post
    Honestly, I wouldn't advise people to use apache as a HTTP server. I recommend everyone to use NGINX, since it's a lot more light weighted and easy to manage.

    See https://www.nginx.com/resources/wiki...ty/why_use_it/
    Both are great, each have their pro's and con's.
    WebEngine GitHub
    WebEngine Official Support Forum
    WebEngine Issue Report

    [Gamez Network]
    (founder)

    If you're reading this you've wasted 7 seconds of
    your life that you'll never get back.

  4. #4
    Hardcore Member zacHa' is offline
    MemberRank
    Jun 2009 Join Date
    105Posts

    Re: Stop using XAMPP

    crocweb doesnt accept mssql remote connections
    The kids, drunks and logs always tell the truth.

  5. #5
    Hardcore Member Lautaro is offline
    MemberRank
    Jul 2007 Join Date
    CaliforniaLocation
    107Posts

    Re: Stop using XAMPP

    Quote Originally Posted by zacHa' View Post
    crocweb doesnt accept mssql remote connections
    They do, you just have to ask them to whitelist your server ip.
    WebEngine GitHub
    WebEngine Official Support Forum
    WebEngine Issue Report

    [Gamez Network]
    (founder)

    If you're reading this you've wasted 7 seconds of
    your life that you'll never get back.

  6. #6
    Hardcore Member zacHa' is offline
    MemberRank
    Jun 2009 Join Date
    105Posts

    Re: Stop using XAMPP

    Quote Originally Posted by Lautaro View Post
    They do, you just have to ask them to whitelist your server ip.
    i asked it and they "did" it, but connection never worked. they said me that the problem was my server's end. and it wasn't the problem because when ticket was opened, my website was working fine with another host. so...
    The kids, drunks and logs always tell the truth.

  7. #7
    Hardcore Member Lautaro is offline
    MemberRank
    Jul 2007 Join Date
    CaliforniaLocation
    107Posts

    Re: Stop using XAMPP

    Quote Originally Posted by zacHa' View Post
    i asked it and they "did" it, but connection never worked. they said me that the problem was my server's end. and it wasn't the problem because when ticket was opened, my website was working fine with another host. so...
    I have one of my demos hosted on Crocweb and it working perfectly, so if they did whitelist your IP then the issue is definitely on your end.
    WebEngine GitHub
    WebEngine Official Support Forum
    WebEngine Issue Report

    [Gamez Network]
    (founder)

    If you're reading this you've wasted 7 seconds of
    your life that you'll never get back.

  8. #8
    Member mumeister is offline
    MemberRank
    Aug 2016 Join Date
    HungaryLocation
    28Posts

    Re: Stop using XAMPP

    Installing CentOS is also a concern, not a description of the strong sources. For example, I installed a php and apache installation. I do not know why it would not be possible to solve cron jobs. It is difficult for a simple field user to solve this. It's all right for you.

  9. #9
    Hardcore Member Lautaro is offline
    MemberRank
    Jul 2007 Join Date
    CaliforniaLocation
    107Posts

    Re: Stop using XAMPP

    @mumeister It's very easy to setup a basic CentOS webserver, you just have to read some tutorials and play with some VM's and you'll learn in no time.
    WebEngine GitHub
    WebEngine Official Support Forum
    WebEngine Issue Report

    [Gamez Network]
    (founder)

    If you're reading this you've wasted 7 seconds of
    your life that you'll never get back.

  10. #10
    Alpha Member bramdebouvere is offline
    Alpha MaleRank
    Aug 2006 Join Date
    BelgiumLocation
    2,447Posts

    Re: Stop using XAMPP

    If you're on windows, you could just use IIS for hosting PHP websites too.
    You can easily add PHP to IIS with the Web Platform Installer.

  11. #11
    The Supreme King Masteru is online now
    True MemberRank
    Jun 2012 Join Date
    963Posts

    wink Re: Stop using XAMPP

    If you hate xmapp so much is your problems but it does not mean you have to force the world not to use xampp because that's what you want

    Each user has the right to use what he wants if he wants to use an older xampp or the latest version is his problem,if I want to use sql server 2000 or the latest version it's my problem does not concern anyone

    So spare me with this information
    Last edited by Masteru; 05-08-17 at 01:15 PM.

  12. #12
    Hardcore Member Lautaro is offline
    MemberRank
    Jul 2007 Join Date
    CaliforniaLocation
    107Posts

    Re: Stop using XAMPP

    @Masteru You clearly didn't read the whole post; or if you did, you definitely missed the main point of it. I do not force anyone to not use XAMPP, what I'm saying here is that it is not meant to be used for production websites, the developers of XAMPP themselves say so. I am here recommending a better, more secure solution to use as webserver.

    I don't hate XAMPP, I've used it many times when I need a quick development/testing environment.
    WebEngine GitHub
    WebEngine Official Support Forum
    WebEngine Issue Report

    [Gamez Network]
    (founder)

    If you're reading this you've wasted 7 seconds of
    your life that you'll never get back.

  13. #13
    "(still lacks brains)" NoBrain is online now
    ModeratorRank
    Sep 2011 Join Date
    United KingdomLocation
    2,684Posts

    Re: Stop using XAMPP

    Quote Originally Posted by Lautaro View Post
    @Masteru You clearly didn't read the whole post; or if you did, you definitely missed the main point of it. I do not force anyone to not use XAMPP, what I'm saying here is that it is not meant to be used for production websites, the developers of XAMPP themselves say so. I am here recommending a better, more secure solution to use as webserver.

    I don't hate XAMPP, I've used it many times when I need a quick development/testing environment.
    People who fail to realise that XAMPP is a pile of shit or don't do the research into what's best for their server security and performance are just setting themselves up for a world of pain in the future.

    Besides, you shouldn't be supporting the configuration of their server at all. You should be supporting the CMS itself and bug fixing for it. It's your choice though, you can only recommend things. Personally, I'd just focus on CMS development and bug fixing rather than providing support for their broken or poorly configured environments.

  14. #14
    The Supreme King Masteru is online now
    True MemberRank
    Jun 2012 Join Date
    963Posts

    Re: Stop using XAMPP

    Quote Originally Posted by NoBrain View Post
    People who fail to realise that XAMPP is a pile of shit or don't do the research into what's best for their server security and performance are just setting themselves up for a world of pain in the future.

    Besides, you shouldn't be supporting the configuration of their server at all. You should be supporting the CMS itself and bug fixing for it. It's your choice though, you can only recommend things. Personally, I'd just focus on CMS development and bug fixing rather than providing support for their broken or poorly configured environments.
    Let me understand what you said [XAMPP is a pile of shit] seriously and how did you figure it out ? or is because many do not like it CMS each user has the right to use what he wants correct

    I use two versions for many years and I had no problems with hackers at all xampp-win32-1.7.1-installer and xampp-win32-1.7.7-VC9-installer etc

    Now it's up to you how you make your security: secure your xampp/secure your muweb/secure your Exdb from muserver/secure your sql server and you can attack as many times as you want, you will not do nothing It does not matter how advanced you are

    But if you have security but very weak then the attack will work 100% then your fault belongs to you

  15. #15
    Hardcore Member cMu is offline
    MemberRank
    Jan 2017 Join Date
    124Posts

    Re: Stop using XAMPP

    Quote Originally Posted by NoBrain View Post
    People who fail to realise that XAMPP is a pile of shit or don't do the research into what's best for their server security and performance are just setting themselves up for a world of pain in the future.

    Besides, you shouldn't be supporting the configuration of their server at all. You should be supporting the CMS itself and bug fixing for it. It's your choice though, you can only recommend things. Personally, I'd just focus on CMS development and bug fixing rather than providing support for their broken or poorly configured environments.
    I don't know who mess up with your head but xampp is good for running active websites, it's really easy also to config php version and do WHAT EVER I WANT because it's NOT web hosting or something else, and I'm saying it with experience of xampp and web hosting. I didn't have problems with hackers or something else, if your website secure its all good.




Page 1 of 2 12 LastLast

Advertisement