Tag Archive for 'PHP'

PHP Security

Published on November 28, 2010 19:05 Tags: , , .

PHP

PHP reveals its presence on the server in a variety of ways: It may send an HTTP header (X-Powered-By: PHP), or append its name and version to Apache’s signature. In addition, there are easter egg URLs that return the PHP logo or some PHP authors, one of them is:

http://www.host.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

Obviously there is no reason to let end users know about the server’s PHP version. Luckily, there is a switch in php.ini that will disable all of the above:

1

expose_php = Off

Hide PHP version

Published on August 15, 2010 06:12 Tags: , .

In order to do this, you need to do some sysdmin job:). I am going to specifically focus on Apache and PHP because I’m more of a LAMP user. If you use ASP on Microsofts IIS, I can’t help you (but hey!, Google is there to save your sunny day! :P)

Find your php.ini file in my case,

1

vim /etc/php5/apache2/php.ini

Look for the line that says: “expose_php On“
Change it to:

1

expose_php Off

Now our PHP is very silent

Note by PHP developer:
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.