A few simple techniques can help to hide PHP, possibly slowing down an attacker who is attempting to discover weaknesses in your system. By setting expose_php to off in your php.ini file, you reduce the amount of information available to them. Another techniques is to configure web servers such as apache to parse different filetypes through PHP, either with an .htaccess directive, or in the apache configuration file itself. You can then use misleading file extensions:
Example (1): Hiding PHP as another language
#write below code in .htaccess
# Make PHP code look like other code types
AddType application/x-httpd-php .asp
# Make PHP code look like other code types
AddType application/x-httpd-php .asp
From Above Technique you must have to use yourfilename.asp for run your
php File.
In above Example you can use any unknown type by replacing .asp with
In above Example you can use any unknown type by replacing .asp with
another like wise .amp , .html , .htm or etc.
Example (2): By setting expose_php to off in your php.ini file
modify below Files :
httpd.conf
————-
# …
# Minimize ‘Server’ header information
ServerTokens Prod
# Disable server signature on server generated pages
ServerSignature Off
# …
# Set default file type to PHP
DefaultType application/x-httpd-php
# …
————-
# …
# Minimize ‘Server’ header information
ServerTokens Prod
# Disable server signature on server generated pages
ServerSignature Off
# …
# Set default file type to PHP
DefaultType application/x-httpd-php
# …
php.ini
————
; …
expose_php = Off
; …
————
; …
expose_php = Off
; …
Now the URLs will look like this:
http://websitename/forums/post?id=15
Check Above URL .php missing
Now hacker knows only that you are using Apache.
Now hacker knows only that you are using Apache.
No comments:
Post a Comment