Author Topic: Need some help. (Website & PHP)  (Read 2703 times)

0 Members and 1 Guest are viewing this topic.

Offline LuaTenshi

  • Hero Member
  • *****
  • Posts: 545
  • Karma: 47
  • Just your ordinary moon angel!
    • Mirai.Red
Need some help. (Website & PHP)
« on: October 18, 2013, 10:44:04 PM »
I was wondering how would I stop things like...

Code: [Select]
?=PHPE9568F36-D428-11d2-A769-00AA001ACF42A PHP Easter egg.

and...

Code: [Select]
?=;"A strange blank page that has the forums theme.

from bringing up pages that I do not want my users to see.



I have recently installed this... http://www.php-firewall.info/ ( not even sure if its working... ). But it has not fixed what I wanted it to fix.



...and yes I am very new to this whole thing.
« Last Edit: October 19, 2013, 09:05:29 AM by HeLLFox_15 »
I cry every time I see that I am not a respected member of this community.

Offline Megiddo

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 6214
  • Karma: 394
  • Project Lead
Re: Need some help. (Website & PHP)
« Reply #1 on: October 19, 2013, 07:32:39 AM »
Take a step back: why does it matter? If users are hand-crafting URLs, of course they'll get odd results.
Experiencing God's grace one day at a time.

Offline JamminR

  • Ulysses Team Member
  • Hero Member
  • *****
  • Posts: 8096
  • Karma: 390
  • Sertafide Ulysses Jenius
    • Team Ulysses [ULib/ULX, other fine releases]
Re: Need some help. (Website & PHP)
« Reply #2 on: October 19, 2013, 08:35:42 AM »
Megiddo, because each version of PHP has it's own egg, and, each version has it's own set of potential vulnerabilities.
It's a limited method of determining PHP version, which then could lead to more specific attack vectors.

Using google, 'disable PHP easter egg', I found this nice article explaining some of it, including some solutions.
http://blog.detectify.com/post/34559130700/do-you-dare-to-show-your-php-easter-egg
"Though a program be but three lines long, someday it will have to be maintained." -- The Tao of Programming