zeldor.biz

Linux, programming and more

Copyright © 2025
Log in

PHP Security

November 28, 2010 by Igor Drobot Leave a Comment

PHP

PHP reveals its presence on the server in a variety of ways: It may send an HTTP header (X-Powered-By: PHP), or append its name and version to Apache’s signature. In addition, there are easter egg URLs that return the PHP logo or some PHP authors, one of them is:
http://www.host.com/index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000

Obviously there is no reason to let end users know about the server’s PHP version. Luckily, there is a switch in php.ini that will disable all of the above:

1
expose_php = Off

expose_php = Off

Filed Under: Linux Tagged With: PHP, PHP Security, Webserver Security

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *

Yeaaah Cookie! We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok