The Underscore Archives

On Jan 6, 2008 7:47 PM, Richard Davey <rich at corephp.co.uk> wrote:

> It's not a guide to building a live production web server (because
> no-one in their right mind would do that on Windows XP)

oh yeah, sorry I just googled Richard Davey and WAMP, didn't read it
properly, I just had vague recollections of you mentioning it on _. oh
well, I have to get my underscore misinformation count up for 2008 :)

FWIW I don't have any WAMP servers, I would generally install vmware
and run a virtual debian/ubuntu machine for local AMP dev, if I had to
use windows.

I do however "maintain" (well actually I don't, as i'm not paid to) a
php4 /mysql site which has been running on IIS on a w2k server (not
mine/ not my choice/ I didn't do it guv) "faultlessly"* for years,
although I did laugh when I took a backup of it recently in
preparation for some changes and found a load of extra HTML files in
the root of the site from a hacker claiming to have "owned" it .
No-one noticed, but still a bit crap - from examining the logs it
looks like they used an old known IIS webdav exploit.  Arguably If
that had been running Apache it wouldn't have happened, but also
arguably if the client had applied any security patches at all in the
seven years since they got the server, it might not have happened
either.

* i.e. the site is such low traffic and insignificant no-one has
noticed or at least reported anything breaking.



-- 
Rick Hurst, Web developer, Bristol, England
http://www.rickhurst.co.uk