WAMP Server
This article is about the web-server package. For a comparison of different WAMP packages, see comparison of WAMP.
WAMPs are packages of independently-created programs installed on computers that use a Microsoft Windows operating system. The interaction of these programs enables dynamic web pages to be served over a computer network, such as the internet or a private network.
“WAMP” is an acronym formed from the initials of the operating system (Windows) and the package’s principal components: Apache, MySQL and PHP (or Perl or Python). Apache is a web server, which allows people with web browsers like Internet Explorer or Firefox to connect to a computer and see information there as web pages. MySQL is a database manager (that is, it keeps track of data in a highly organized way). PHP is a scripting language which can manipulate information held in a database and generate web pages afresh each time an element of content is requested from a browser. Other programs may also be included in a package, such as phpMyAdmin which provides a graphical interface for the MySQL database manager, or the alternative scripting languages Python or Perl.
Licensing and costs of WAMP
Apart from the Windows operating system itself, the components of WAMP/LAMP are available as open source. This means that a dynamically-generated web site can be set up without major software purchase or update subscription costs. Many web hosting services take advantage of this by offering pre-installed WAMP/LAMP components among their options.
Licenses for the various WAMP packages range from freeware to donationware as well as commercial.
Setup and Usage Guide
Introduction to WAMP
WAMP is a Windows OS based program that installs and configures Apache web server, MySQL database server, PHP scripting language, phpMyAdmin (to manage MySQL database’s), and SQLiteManager (to manage SQLite database’s). WAMP is designed to offer an easy way to install Apache, PHP and MySQL package with an easy to use installation program instead of having to install and configure everything yourself. WAMP is so easy because once it is installed it is ready to go. You don’t have to do any additional configuring or tweaking of any configuration files to get it running.
There are usually two reasons why someone chooses to install WAMP. They are looking to install WAMP for development purposes or to run their own server.
Using WAMP as a Development Server
You can use WAMP to develop and test websites locally on their own computer instead of having to get a web hosting account to develop with. Most people will be using WAMP for development purposes such as learning how to create websites with HTML, PHP, and MySQL.
Using WAMP as a Production Server
WARNING: WAMP was designed to be a testing and development server, not an actual production server. WAMP does not come with any real security in place so it offers no protection from any kind of attack. Any 10 year old with access to the internet can easily hack your WAMP server. If your website(s) have highly sensitive data (such as credit card numbers, social security numbers, user ids, passwords, etc.), you need to take this in consideration before your put this information online. Unless you are an experienced system administrator and can configure WAMP to be more secure, you should never user WAMP for a production server.
Note: I have added a tutorial that will allow you to use WAMP as a production server, but only allow your friends to have access to it. Check out the Tips and Tricks section below titled, “Using WAMP as a production server and only allowing your certain people to have access your server.”
Also note if you use WAMP as a production server, your servers speed will be limited by your internet connection speed. If you are on dialup, just one user using your server will be enough to use all your available outbound bandwidth, and your website will take a while to load. Also, even if you have DSL or cable, your outbound speed is still limited, and just a few users would be enough to bring your server down to a crawl. To find out just how fast your connection speed is, check out dslreports.com.
WAMP Security Issues
The best tip I have is not to use WAMP as a production server, ever. Windows and apache are a terrible combination for security. Since Windows was not really setup to run apache, there are absolutely no security settings or file permission settings you can use to help protect your server and files on your server. If you need to use Windows as your server OS, then use IIS for the server, since it was made to work with IIS, not Apache. Windows/IIS has great security, where Windows/Apache has pretty much none. If you want to use Apache as your web server, then find any Linux distro and use that, as Linux and apache are an excellent combination.
However, even when using windows/IIS, or Linux/Apache there are still many things you need know to protect your server. My number one tip is to not use your personal computer as a server. If a hacker gets in he could get access to your whole computer.
I suggest you use Linux and Apache. Since they are freeware, you don’t have to pay outrageous prices to use them compared to Windows and IIS (and fatten Bill Gates wallet in the process). If you are not an experienced Linux administrator, then you should hire a third party to administer your server for you. They can keep your server up to date, install patches and security updates, kernel upgrades, and more. Some will even install scripts for you.
I suggest you install FreeBSD or CentOS as your server OS, as they are the most secure Linux distro’s. FreeBSD is based off of BSD, and CentOS is based off of RedHat Linux. They are also all open-source (free).
If you want to host with Windows/Apache that is your own prerogative. Just beware especially if you will be storing personal data like social security numbers, credit card numbers, etc in your MySQL databases. If you fail to protect your customer’s private data, you could be liable for damages incurred by your customers from getting their personal info stolen. You could also be sued by one or all of you customers whose personal data was used for fraudulent uses. I just don’t think people understand just how easy it is for someone to hack your server if you do not know what you are doing. You need to learn how to program your scripts to keep out SQL injections, cross site scripting, session and cookie hijacking, spam-bots, etc.
About 4-5 years ago I learned my lesson about security the hard way. Some wackjob found a config file on my web server for the program phpAdsNew (config.ini.php). I was using a RedHat Linux server with apache 1.x. Stupid me, I had used the same user id and password for my database as I used when any site asks for a user id and password. Since I did not have the proper chmod file permissions for this file, he was able to access it and read the contents of the file, which contained my user id and password. He was then able to hack in to my GoDaddy account and transferred all 12 of my domain names to his account. He also logged in to many of the sponsors I used to promote to make some money on my website. He changed all the accounts to send all the money I had made to him, and then he changed the user id and passwords for the accounts so I could not access them to get my money back. He then used a website copying program and copied all the files on my web server. He then uploaded all my website files to his server, and he set the NameServer’ s for all my domain names his NameServer’s. So, now when you accessed my webpage nothing changed, but the site was no longer owned by me.
Fortunately for me, I did not have any personal data in my database. If I had, my lackadaisical attitude toward security would have cost my precious customers their personal info. I lost 12 domains, 5 websites, and my entire business. You do not know what it feels like to have 5+ years of work taken away in a manner of a few hours. I lost everything and had to start over again.
I then tried to get my domain names back, but when I tried to contact GoDaddy support they said it looked like a legitimate transaction to them. i then thought about using WIPO to get my domain names back, but it would have cost $50,000-60,000 USD in court costs and lawyer fees to get the domain names back (WIPO charges $1000-3000 USD per domain to have each domain name presented to a judge).
For god’s sake don’t use Windows/Apache to host a website. I was running Linux/apache and still got hacked.
Identity theft is multi-billion dollar business these days, and hackers a coming up with brighter and more brazen hacking tools every day. It is not an easy job to keep a server secure. and there is no way to secure you server 100% of the time. but you have to do something.
