Oct 27, 2006

php version tracker

php version tracker (http://www.nexen.net/phpversion/bot.php)
tabarnak.nexen.net 217.174.203.41

PHP version tracker runs continuously. It doesn't request anything more than HEAD from the web site (i.e., http://www.nexen.net/, GET /), and do not recurse into folders. It runs from differents IP, which are not stable.



Everyone knows the famous PHP phpinfo(), which provide the programmer with invaluable information about his server configuration and set up. This is a useful tool as soon as one get a new server, and it is also a tool to talk with any administrator.

Yet, after usage, it is usually recommended to remove it, or to restrict its access to few people. Indeed, phpinfo may be dangerous by itself : in other times, it was even flawed with XSS injections. Even when secured, phpinfo() publish information about your architecture, and it is always recommended to keep it from privy eyes.

Sadly enough, the common habit to set up a phpinfo page on every web site is now so widely spread that even search engines are starting to pick them up : there are literally thousands of phpinfo indexed on Yahoo and Google. Just hit a search with the words 'phpinfo()' 'GoogleBot' and



SO this bot reads the phpinfo script that you forgot to remove and compiles all your servers info.

6 comments:

Anonymous said...

Here is a little explanation what the crawler does
http://blog.thinkphp.de/archives/163-Use-information-disclosure-to-gather-PHP-configuration-statistics.html
http://www.nexen.net/articles/dossier/php_configuration_statitstics.php

damien said...

Hi

I just wanted to state that there is no relationship between the bot (and its monthly stats) and the phpinfo article, except, obviously, me. :)

My name is Damien Seguy. I run the PHP version tracker, and I'm also author of the PHPinfo() stats articles.

PHP Version tracker does indeed an HEAD, and is not looking for phpinfo : that would be way too much information, even just getting 404 error pages would be a killer. Bot is running over 20 millions domains each month.

phpinfo() article was a one time test, and relied on search engine archiving phpinfo().

If you have any question, you can mail me : damien dot seguy at nexen dot net.

tm said...

Stop scanning our sites with your bot!

Anonymous said...

You guys are idiots, hes just reading the information that your website gives out to EVERY USER for EVERY PAGE. This gives him the servers basic information, like what PHP version it is running.

Like I said, this is given out to EVERYONE, EVERY TIME they load a page.

This has nothing to do with phpinfo scripts. His bot is harmless.

Learn a little more about web servers and how they work before you throw around ridiculous allegations. Morons.

tmaster said...
This comment has been removed by the author.
tmaster said...

I am really sorry but it was his own website site that said he was reading the phpinfo scripts.

Info from that script is clearly not the normal data a users browser sees when he visits your site. I am confused as to why you think it is the same.