logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Security - Apache opening entire PC to www via localhost
Author
hugeness



Joined: 05 Mar 2015
Posts: 3
PostPosted: Sun 31 Jul '16 23:06    Post subject: Security - Apache opening entire PC to www via localhost Reply with quote
Hi

I've just been trying to test a site on on a localhost. When I setup my site via Filezilla, I see I can access all my files on my entire PC with username/password combination via localhost.

Isn't this a huge security risk? Is there a standard way to lock this down?

I was under the impression localhost restricted access to the www folder so pretty concerned.

Thanks
Back to top
covener



Joined: 23 Nov 2008
Posts: 59
PostPosted: Mon 01 Aug '16 3:34    Post subject: Re: Security - Apache opening entire PC to www via localhost Reply with quote
What makes you think filezilla is talking to Apache?
Back to top
hugeness



Joined: 05 Mar 2015
Posts: 3
PostPosted: Mon 01 Aug '16 9:28    Post subject: Reply with quote
I thought that Apache opened up ftp/sftp ports so that localhost could be reached.
Back to top
covener



Joined: 23 Nov 2008
Posts: 59
PostPosted: Tue 02 Aug '16 2:33    Post subject: Reply with quote
hugeness wrote:
I thought that Apache opened up ftp/sftp ports so that localhost could be reached.


just http/https.
Back to top
Anaksunaman



Joined: 19 Dec 2013
Posts: 54
PostPosted: Wed 03 Aug '16 7:13    Post subject: Security - Apache opening entire PC to www via localhost Reply with quote
While it is possible to have Apache handle FTP with something like mod_ftp - https://httpd.apache.org/mod_ftp/en/ftp/ - this is a non-standard module and is not distributed with the base-version of Apache.

At a guess, you likely have an FTP service on your system that is configured with less-than-desirable settings.

Things to investigate could be FileZilla itself (there is the client and a server, though they are separately installed programs) or it might have been as part of another package (WAMP or XAMPP perhaps?).
Back to top
Jan-E



Joined: 09 Mar 2012
Posts: 1266
Location: Amsterdam, NL, EU
PostPosted: Fri 05 Aug '16 18:14    Post subject: Reply with quote
Try 'netstat -anb' in a command prompt (run as administator) to see which program is listening to port 21 and/or 22.
Back to top


Reply to topic   Topic: Security - Apache opening entire PC to www via localhost View previous topic :: View next topic
Post new topic   Forum Index -> Apache